Abstract

A fully homomorphic encryption (FHE) scheme allows anyone to transform an encryption of a message, $m$, into an encryption of any (efficient) function of that message, $f(m)$, without knowing the secret key. We present a leveled FHE scheme that is based solely on the (standard) learning with errors ($\mathsf{LWE}$) assumption. (Leveled FHE schemes are initialized with a bound on the maximal evaluation depth. However, this restriction can be removed by assuming “weak circular security.'') Applying known results on $\mathsf{LWE}$, the security of our scheme is based on the worst-case hardness of “short vector problems” on arbitrary lattices. Our construction improves on previous works in two aspects: 1. We show that “somewhat homomorphic” encryption can be based on $\mathsf{LWE}$, using a new relinearization technique. In contrast, all previous schemes relied on complexity assumptions related to ideals in various rings. 2. We deviate from the “squashing paradigm” used in all previous works. We introduce a new dimension-modulus reduction technique, which shortens the ciphertexts and reduces the decryption complexity of our scheme, without introducing additional assumptions. Our scheme has very short ciphertexts, and we therefore use it to construct an asymptotically efficient $\mathsf{LWE}$-based single-server private information retrieval (PIR) protocol. The communication complexity of our protocol (in the public-key model) is $k\cdot\mathrm{polylog}(k)+\log|\mathtt{DB}|$ bits per single-bit query, in order to achieve security against $2^k$-time adversaries (based on the best known attacks against our underlying assumptions).

Keywords

  1. cryptology
  2. public-key encryption
  3. fully homomorphic encryption
  4. learning with errors
  5. private information retrieval

MSC codes

  1. 94A60
  2. 68P25

Get full access to this article

View all available purchase options and get full access to this article.

References

1.
S. Agrawal, D. Boneh, and X. Boyen, Efficient lattice (H)IBE in the standard model, in EUROCRYPT, Springer, Berlin, 2010, pp. 553--572.
2.
B. Applebaum, D. Cash, C. Peikert, and A. Sahai, Fast cryptographic primitives and circular-secure encryption based on hard learning problems, in CRYPTO, Lecture Notes in Comput. Sci. 5677, S. Halevi, ed., Springer, Berlin, 2009, pp. 595--618.
3.
A. Akavia, S. Goldwasser, and V. Vaikuntanathan, Simultaneous hardcore bits and cryptography against memory attacks, in TCC, Lecture Notes in Comput. Sci. 5444, O. Reingold, ed., Springer, Berlin, 2009, pp. 474--495.
4.
M. Ajtai, The shortest vector problem in $L_2$ is NP-hard for randomized reductions (extended abstract), in STOC, ACM, New York, 1998, pp. 10--19.
5.
M. Ajtai, R. Kumar, and D. Sivakumar, A sieve algorithm for the shortest lattice vector problem, in STOC, ACM, New York, 2001, pp. 601--610.
6.
D. Boneh, E.-J. Goh, and K. Nissim, Evaluating 2-DNF formulas on ciphertexts, in TCC, Lecture Notes in Comput. Sci. 3378, Springer, Berlin, 2005, pp. 325--341.
7.
Z. Brakerski, C. Gentry, and V. Vaikuntanathan, \em(Leveled) fully homomorphic encryption without bootstrapping, in ITCS, S. Goldwasser, ed., ACM, New York, 2012, pp. 309--325.
8.
Z. Brakerski, A. Langlois, C. Peikert, O. Regev, and D. Stehlé, Classical hardness of learning with errors, in STOC, D. Boneh, T. Roughgarden, and J. Feigenbaum, eds., ACM, New York, 2013, pp. 575--584.
9.
Z. Brakerski, Fully homomorphic encryption without modulus switching from classical GapSVP, in CRYPTO, Lecture Notes in Comput. Sci. 7417, R. Safavi-Naini and R. Canetti, eds., Springer, Berlin, 2012, pp. 868--886.
10.
Z. Brakerski and V. Vaikuntanathan, Fully homomorphic encryption from ring-LWE and security for key dependent messages, in CRYPTO, Lecture Notes in Comput. Sci. 6841, P. Rogaway, ed., Springer, Berlin, 2011, pp. 501--521.
11.
Z. Brakerski and V. Vaikuntanathan, Efficient fully homomorphic encryption from (standard) LWE, in FOCS, R. Ostrovsky, ed., IEEE, Piscataway, NJ, 2011, pp. 97--106.
12.
Z. Brakerski and V. Vaikuntanathan, Lattice-based FHE as secure as PKE, in ITCS, M. Naor, ed., ACM, New York, 2014, pp. 1--12.
13.
D. Cash, D. Hofheinz, E. Kiltz, and C. Peikert, Bonsai trees, or how to delegate a lattice basis, in EUROCRYPT, Springer, Berlin, 2010, pp. 523--552.
14.
B. Chor, E. Kushilevitz, O. Goldreich, and M. Sudan, Private information retrieval, J. ACM, 45 (1998), pp. 965--981.
15.
C. Cachin, S. Micali, and M. Stadler, Computationally private information retrieval with polylogarithmic communication, in EUROCRYPT, Springer, Berlin, 1999, pp. 402--414.
16.
M. van Dijk, C. Gentry, S. Halevi, and V. Vaikuntanathan, Fully homomorphic encryption over the integers, in EUROCRYPT, Springer, Berlin, 2010, pp. 24--43; also available online from http://eprint.iacr.org/2009/616.pdf.
17.
C. Gentry, A Fully Homomorphic Encryption Scheme, Ph.D. thesis, Stanford University, Stanford, CA, 2009; available online from http://crypto.stanford.edu/craig.
18.
C. Gentry, Fully homomorphic encryption using ideal lattices, in STOC, ACM, New York, 2009, pp. 169--178.
19.
C. Gentry, Toward basing fully homomorphic encryption on worst-case hardness, in CRYPTO 2010, Springer, Berlin, pp. 116--137.
20.
O. Goldreich, S. Goldwasser, and S. Micali, How to construct random functions, J. ACM, 33 (1986), pp. 792--807.
21.
C. Gentry and S. Halevi, Fully homomorphic encryption without squashing using depth-3 arithmetic circuits, in FOCS, R. Ostrovsky, ed., IEEE, Piscataway, NJ, 2011, pp. 107--109.
22.
C. Gentry and S. Halevi, Implementing gentry's fully-homomorphic encryption scheme, in EUROCRYPT, Springer, Heidelberg, 2011, pp. 129--148.
23.
C. Gentry, S. Halevi, and N. P. Smart, Better bootstrapping in fully homomorphic encryption, in Public Key Cryptography, Lecture Notes in Comput. Sci. 7293, M. Fischlin, J. Buchmann, and M. Manulis, eds., Springer, Heidelberg, 2012, pp. 1--16.
24.
C. Gentry, S. Halevi, and N. P. Smart, Fully homomorphic encryption with polylog overhead, in EUROCRYPT, Lecture Notes in Comput. Sci. 7237, D. Pointcheval and T. Johansson, eds., Springer, Heidelberg, 2012, pp. 465--482.
25.
C. Gentry, S. Halevi, and V. Vaikuntanathan, \rm i-hop homomorphic encryption and rerandomizable Yao circuits, in CRYPTO, Springer, Berlin, 2010, pp. 155--172.
26.
C. Gentry, S. Halevi, and V. Vaikuntanathan, A simple BGN-type cryptosystem from LWE, in EUROCRYPT, Springer, Berlin, 2010, pp. 506--522.
27.
S. Goldwasser and S. Micali, Probabilistic encryption and how to play mental poker keeping secret all partial information, in STOC, ACM, New York, 1982, pp. 365--377.
28.
C. Gentry, C. Peikert, and V. Vaikuntanathan, Trapdoors for hard lattices and new cryptographic constructions, in STOC, C. Dwork, ed., ACM, New York, 2008, pp. 197--206.
29.
C. Gentry and Z. Ramzan, Single-database private information retrieval with constant communication rate, in ICALP, Lecture Notes in Comput. Sci. 3580, L. Caires, G. F. Italiano, L. Monteiro, C. Palamidessi, and M. Yung, eds., Springer, Berlin, 2005, pp. 803--815.
30.
C. Gentry, A. Sahai, and B. Waters, Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attribute-based, in CRYPTO, Lecture Notes in Comput. Sci. 8042, R. Canetti and J. A. Garay, eds., Springer, Berlin, 2013, pp. 75--92.
31.
J. Hoffstein, J. Pipher, and J. H. Silverman, NTRU: A ring-based public key cryptosystem, in ANTS, Lecture Notes in Comput. Sci. 423, J. Buhler, ed., Springer, Berlin, 1998, pp. 267--288.
32.
R. Impagliazzo, L. A. Levin, and M. Luby, Pseudo-random generation from one-way functions (extended abstract), in STOC, ACM, New York, 1989, pp. 12--24.
33.
Y. Ishai and A. Paskin, Evaluating branching programs on encrypted data, in TCC, Lecture Notes in Comput. Sci. 4392, S. P. Vadhan, ed., Springer, Berlin, 2007, pp. 575--594.
34.
E. Kushilevitz and R. Ostrovsky, Replication is not needed: Single database, computationally-private information retrieval, in FOCS, IEEE, Piscataway, NJ, 1997, pp. 364--373.
35.
R. M. Karp and V. Ramachandran, A Survey of Parallel Algorithms for Shared-Memory Machines, Technical Report UCB/CSD-88-408, EECS Department, University of California, Berkeley, CA, 1988.
36.
A. López-Alt, E. Tromer, and V. Vaikuntanathan, On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption, in STOC, H. J. Karloff and T. Pitassi, eds., ACM, New York, 2012, pp. 1219--1234.
37.
H. Lipmaa, An oblivious transfer protocol with log-squared communication, in ISC, Lecture Notes in Comput. Sci. 3650, J. Zhou, J. Lopez, R. H. Deng, and F. Bao, eds., Springer, Berlin, 2005, pp. 314--328.
38.
A. K. Lenstra, H. W. Lenstra, and L. Lova͂sz, Factoring polynomials with rational coefficients, Math. Ann., 261 (1982), pp. 515--534.
39.
R. Lindner and C. Peikert, Better key sizes (and attacks) for LWE-based encryption, in CT-RSA, Lecture Notes in Comput. Sci. 6558, A. Kiayias, ed., Springer, Berlin, 2011, pp. 319--339.
40.
V. Lyubashevsky, C. Peikert, and O. Regev, On ideal lattices and learning with errors over rings, in EUROCRYPT, Springer, Berlin, 2010, pp. 1--23.
41.
C. Aguilar Melchor, P. Gaborit, and J. Herranz, Additively homomorphic encryption with d-operand multiplications, in CRYPTO, Springer, Berlin, 2010, pp. 138--154.
42.
D. Micciancio, The shortest vector in a lattice is hard to approximate to within some constant, SIAM J. Comput., 30 (2001), pp. 2008--2035.
43.
D. Micciancio, A first glimpse of cryptography's holy grail, Comm. ACM, 53 (2010), pp. 96--96.
44.
D. Micciancio and O. Regev, Lattice-based cryptography, in Post-Quantum Cryptography, Springer, Berlin, 2009, pp. 147--191.
45.
D. Micciancio and P. Voulgaris, A deterministic single exponential time algorithm for most lattice problems based on Voronoi cell computations, in STOC, L. J. Schulman, ed., ACM, New York, 2010, pp. 351--358.
46.
R. Ostrovsky and W. E. Skeith, III, A survey of single-database private information retrieval: Techniques and applications, in Public Key Cryptography, Lecture Notes in Comput. Sci. 4450, T. Okamoto and X. Wang, eds., Springer, Berlin, 2007, pp. 393--411.
47.
P. Paillier, Public-key cryptosystems based on composite degree residuosity classes, in EUROCRYPT, Springer, Berlin, 1999, pp. 223--238.
48.
C. Peikert, Public-key cryptosystems from the worst-case shortest vector problem: Extended abstract, in STOC, M. Mitzenmacher, ed., ACM, New York, 2009, pp. 333--342.
49.
C. Peikert, V. Vaikuntanathan, and B. Waters, A framework for efficient and composable oblivious transfer, in CRYPTO, Springer, Berlin, 2008, pp. 554--571.
50.
R. Rivest, L. Adleman, and M. Dertouzos, On data banks and privacy homomorphisms, in Foundations of Secure Computation, Academic Press, New York, 1978, pp. 169--177.
51.
O. Regev, On lattices, learning with errors, random linear codes, and cryptography, in STOC, H. N. Gabow and R. Fagin, eds., ACM, New York, 2005, pp. 84--93.
52.
M. Rückert and M. Schneider, Estimating the Security of Lattice-based Cryptosystems, Cryptology ePrint Archive, Report 2010/137, 2010; available online from http://eprint.iacr.org/.
53.
C.-P. Schnorr, A hierarchy of polynomial time lattice basis reduction algorithms, Theoret. Comput. Sci., 53 (1987), pp. 201--224.
54.
D. Stehlé and R. Steinfeld, Faster fully homomorphic encryption, in ASIACRYPT, Lecture Notes in Comput. Sci. 6477, M. Abe, ed., Springer, Berlin, 2010, pp. 377--394.
55.
N. P. Smart and F. Vercauteren, Fully homomorphic encryption with relatively small key and ciphertext sizes, in Public Key Cryptography, Lecture Notes in Comput. Sci. 6056, P. Q. Nguyen and D. Pointcheval, eds., Springer, Berlin, 2010, pp. 420--443.
56.
T. Sander, A. Young, and M. Yung, Non-interactive cryptocomputing for NC$^1$, in FOCS, IEEE, Piscataway, NJ, 1999, pp. 554--567.

Information & Authors

Information

Published In

cover image SIAM Journal on Computing
SIAM Journal on Computing
Pages: 831 - 871
ISSN (online): 1095-7111

History

Submitted: 5 March 2012
Accepted: 23 December 2013
Published online: 29 April 2014

Keywords

  1. cryptology
  2. public-key encryption
  3. fully homomorphic encryption
  4. learning with errors
  5. private information retrieval

MSC codes

  1. 94A60
  2. 68P25

Authors

Affiliations

Metrics & Citations

Metrics

Citations

If you have the appropriate software installed, you can download article citation data to the citation manager of your choice. Simply select your manager software from the list below and click Download.

Cited By

View Options

View options

PDF

View PDF

Media

Figures

Other

Tables

Share

Share

Copy the content Link

Share with email

Email a colleague

Share on social media