Advances in Cryptology – CRYPTO 2010

Volume 6223 of the series Lecture Notes in Computer Science pp 138-154

Additively Homomorphic Encryption with d-Operand Multiplications

  • Carlos Aguilar MelchorAffiliated withXLIM-DMI, Université de Limoges
  • , Philippe GaboritAffiliated withXLIM-DMI, Université de Limoges
  • , Javier HerranzAffiliated withDept. Matemàtica Aplicada IV, Universitat Politècnica de Catalunya


The search for encryption schemes that allow to evaluate functions (or circuits) over encrypted data has attracted a lot of attention since the seminal work on this subject by Rivest, Adleman and Dertouzos in 1978.

In this work we define a theoretical object, chained encryption schemes, which allow an efficient evaluation of polynomials of degree d over encrypted data. Chained encryption schemes are generically constructed by concatenating cryptosystems with the appropriate homomorphic properties; such schemes are common in lattice-based cryptography. As a particular instantiation we propose a chained encryption scheme whose IND-CPA security is based on a worst-case/average-case reduction from uSVP.


homomorphic encryption secure function evaluation lattices