Chapter

Security and Cryptography for Networks

Volume 7485 of the series Lecture Notes in Computer Science pp 19-37

Ring Switching in BGV-Style Homomorphic Encryption

  • Craig GentryAffiliated withIBM Research
  • , Shai HaleviAffiliated withIBM Research
  • , Chris PeikertAffiliated withGeorgia Institute of Technology
  • , Nigel P. SmartAffiliated withUniversity of Bristol

* Final gross prices may vary according to local VAT.

Get Access

Abstract

The security of BGV-style homomorphic encryption schemes over polynomial rings relies on rings of very large dimension. This large dimension is needed because of the large modulus-to-noise ratio in the key-switching matrices that are used for the top few levels of the evaluated circuit. However, larger noise (and hence smaller modulus-to-noise ratio) is used in lower levels of the circuit, so from a security standpoint it is permissible to switch to lower-dimension rings, thus speeding up the homomorphic operations for the lower levels of the circuit. However, implementing such ring-switching is nontrivial, since these schemes rely on the ring algebraic structure for their homomorphic properties.

A basic ring-switching operation was used by Brakerski, Gentry and Vaikuntanathan, over polynomial rings of the form \(\mathbb{Z}[X]/(X^{2^n}+1)\), in the context of bootstrapping. In this work we generalize and extend this technique to work over any cyclotomic ring and show how it can be used not only for bootstrapping but also during the computation itself (in conjunction with the “packed ciphertext” techniques of Gentry, Halevi and Smart).