Submitted by : Vipin Tejwani6CSE-5 (CU)

12BCS1324

Introduction Homomorphic Encryption[1] is a form

of encryption which allows specific types of computations to be carried out on ciphertext and obtain an encrypted result which decrypted, matches the result of operations performed on the plaintext.

For instance, one person could add two encrypted numbers and then another person could decrypt the result, without either of them being able to find the value of the individual numbers.

Earlier there was Somewhat Homomorphic Encryption technique. This encryption used low polynomial degree, which was its big drawback.

In June 2009, “Gentry” proposed the first efficient Fully Homomorphic Encryption technique. It is efficient in the sense that all algorithms run in polynomial time.

Timeline

Nowadays:

Craig Gentry presented a working implementation ofthe fully homomorphic system, including thebootstrapping function.

Exists a practical application of homomorphicencryption to a hybrid wireless network.

Perform statistical tests over encrypted data such astemperature, humidity, etc.

There are also some practical implementations ofsimplifications of this scheme over databases.

An Analogy: Alice’s Jewellery Store Alice’s workers need to assemble raw materials into

jewellery.

But Alice is worried about theft

How can the workers process the raw materials without having access to

them?

Alice puts materials in locked glove box

For which only she has the key

Workers assemble jewellery in the box.

Alice unlocks box to get “results”.

Terminologies of Analogy Encrypt: putting things inside the box.

Anyone can do this (imagine a mail-drop).

Decrypt: Taking things out of the box. Only Alice can do it, requires the key.

Evaluate: Assembling the jewelry,i.e., performing operations.

Why Homomorphic Encryption Confidentiality problems

Ability to compute over ciphertext instead of plaintext

One could use information without knowing the content of that information

Privacy guaranteed

Homomorphic Encryption Crypto Magic

5 * 6 = CT(5) * CT(6) -> D ( k, E(k,5) * E(k,6) ) = 5 * 6

Homomorphic Assumption

• Partially homomorphic/fully homomorphic

Homomorphic Encryption Partially homomorphic schemes

RSA: CT(x)*CT(y) = (xe mod M) * (ye mod M) = xeye

mod M = (xy)e mod M = CT(x*y), where e is theexponent key and M the modulus.

M=3233;

e=17;

Partially homomorphic schemes

RSA: Obtain 5*6 performing RSA(5)*RSA(6)

RSA(5) = 517 (mod 3233) = 3086;

RSA(6) = 617 (mod 3233) = 824;

3068*824 = 2542864;

RSA-1(2542864) = 25428642753 (mod 3233) = 30;

5*6 = 30;

Homomorphic Encryption

Homomorphic Encryption Fully homomorphic Encryption[2]:

A cryptosystem that supports arbitrary computation on ciphertexts is known as fully homomorphic encryption (FHE) and is far more powerful. Such a scheme enables the construction of programs for any desirable functionality, which can be run on encrypted inputs to produce an encryption of the result.

Fully homomorphic Encryption schemes:

Craig Gentry scheme

Zaryab Khan scheme

Craig Gentry scheme Suppose a scheme with a “noise parameter” attached to

each CT;

Encryption algorithm outputs a CT with a small noiseparameter (say less than n);

Decryption algorithm only works if noise is less than someparameter N >> n;

To compute E(a+b) / E(a*b), include noise;

This gives a “somewhat homomorphic” scheme.

Craig Gentry scheme (integers) Craig Gentry scheme’s homomorphic assumptions

Addition: c1 + c2 = b1+ b2 + 2(x1+x2) + (k1+k2)p = b1 xorb2 + 2x + kp

Decryption works if (b1+2x1) + (b2+2x2) is in [-N,N]

Multiplication: c1*c2 = b1*b2 + 2(b1x2 + b2x1 + 2x1x2) + kp= b1*b2 + 2x + kp

Decryption works if (b1+2x1) * (b2+2x2) is in [-N,N]

Craig Gentry scheme (integers)

Addition example: 4+4

CT(100):

CT(1) = 1 + 2*3 + 5*3 = 22

CT(0) = 0 + 2*3 + 5*3 = 21

CT(0) = 0 + 2*3 + 5*3 = 21

D(44 42 42):

D(44) = 44 mod 3 = 2

D(42) = 42 mod 3 = 0

D(42) = 42 mod 3 = 0

22 21 21+22 21 21

44 42 42

1000 = 8 = 4+4

Craig Gentry scheme (integers)

Multiplication example: 4*4

CT(100):

CT(1) = 1 + 2*3 + 5*3 = 22

CT(0) = 0 + 2*3 + 5*3 = 21

CT(0) = 0 + 2*3 + 5*3 = 21

D(484 924 1365 882 441):

D(484) = 484 mod 3 = 1

D(924) = 924 mod 3 = 0

D(1365) = 1365 mod 3 = 0

D(882) = 882 mod 3 = 0

D(441) = 441 mod 3 = 0

22 21 21×22 21 21

484 924 1365 882 441

10000 = 16 = 4*4

HELib Helib[4] is a software library that implements

homomorphic encryption (HE), specifically the Brakerski-Gentry-Vaikuntanathan (BGV) scheme, focusing on effective use of the Smart ciphertext packing techniques and the Gentry-Halevi-Smart optimizations.

HELib Developed by Shai Halevi (2013)

○ Implementation of Brakerski-Gentry-Vaikuntanathan scheme.

○ Using many optimizations in literature for speed.

Performance:

Advantages

Cloud security.

Working with information stored in databases.

Queries to search engines.

Spam Filtering.

Problems Solved

Wireless Sensor/Mesh Network.

Problems related to personal records like medical records:

○ Analyze disease / treatment without disclosing them

○ Search for DNA markers without revealing DNA.

HELib[4] from IBM.https://github.com/shaih/HElib/tree/master/src

Abstract: Homomorphic Encryption Applied to Cloud Computing Security

Current Cloud Computing(supposedly The Next Big Thing) lacks security.

Security and confidentiality needs to be protected among several enterprises.

Homomorphic Encryption solves these problems

Craig Gentry Fully Homomorphic Encryption evaulates arbitrary number of operations and thus can calculate any type of encrypted data.

We can outsource the calculations on confidential data to the Cloud server, keeping the secret key that can decrypt the result of the calculation.

References [1]. Hacker Lexicon: What Is Homomorphic Encryption?

www.wired.com/2014/11/hacker-lexicon-homomorphic-encryption/

[2]. A Fully Homomorphic Encryption Scheme

www.crypto.stanford.edu/craig/craig-thesis.pdf

[3]. Homomorphic Encryption - MIT Technology Review

www2.technologyreview.com/article/423683/homomorphic-encryption/

[4]. IBM takes a big new step in cryptography practical homomorphic encryption

nakedsecurity.sophos.com/2013/05/05/ibm-takes-big-new-step-in-cryptography/