Designs, Codes and Cryptography

, Volume 80, Issue 2, pp 333–358 | Cite as

Homomorphic AES evaluation using the modified LTV scheme

Article

Abstract

Since its introduction more than a decade ago the homomorphic properties of the NTRU encryption scheme have gone largely ignored. A variant of NTRU proposed by Stehlé and Steinfeld was recently extended into a full fledged multi-key fully homomorphic encryption scheme by López-Alt, Tromer and Vaikuntanathan (LTV). This NTRU based FHE presents a viable alternative to the currently dominant BGV style FHE schemes. While the scheme appears to be more efficient, a full implementation and comparison to BGV style implementations has been missing in the literature. In this work, we develop a customized implementation of the LTV. First parameters are selected to yield an efficient and yet secure LTV instantiation. We present an analysis of the noise growth that allows us to formulate a modulus cutting strategy for arbitrary circuits. Furthermore, we introduce a specialization of the ring structure that allows us to drastically reduce the public key size making evaluation of deep circuits such as the AES block cipher viable on a standard computer with a reasonable amount of memory. Moreover, with the modulus specialization the need for key switching is eliminated. Finally, we present a generic bit-sliced implementation of the LTV scheme that embodies a number of optimizations. To assess the performance of the scheme we homomorphically evaluate the full 10 round AES circuit in 29 h with 2048 message slots resulting in 51 s per AES block evaluation time.

Keywords

Fully homomorphic encryption NTRU AES Ring-LWE 

Mathematics Subject Classification

94A60 

References

  1. 1.
    Gentry C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing, Ser. STOC ’09, pp. 169–178. ACM, New York (2009).Google Scholar
  2. 2.
    Rivest R., Adleman L., Dertouzos M.: On Data Banks and Privacy Homomorphisms, pp. 169–177. Academic Press, New York (1978).Google Scholar
  3. 3.
    Gentry C., Halevi S.: Implementing gentrys fully-homomorphic encryption scheme. In: Paterson K. (ed.) Advances in Cryptology (EUROCRYPT 2011). Lecture Notes in Computer Science, vol. 6632, pp. 129–148. Springer, Berlin (2011).Google Scholar
  4. 4.
    Wang W., Hu Y., Chen L., Huang X., Sunar B.: Accelerating fully homomorphic encryption using GPU. In: High Performance Extreme Computing (HPEC), Sept 2012, pp. 1–5 (2012).Google Scholar
  5. 5.
    Brakerski Z., Gentry C., Vaikuntanathan V.: (leveled) fully homomorphic encryption without bootstrapping. In: Proceedings of the 3rd Innovations in Theoretical Computer Science Conference (ITCS ’12), pp. 309–325. ACM, New York (2012).Google Scholar
  6. 6.
    Gentry C., Halevi S., Smart N.: Homomorphic evaluation of the AES circuit. In: Safavi-Naini R., Canetti R. (eds.) Advances in Cryptology (CRYPTO 2012). Lecture Notes in Computer Science, vol. 7417, pp. 850–867. Springer, Berlin (2012). doi:10.1007/978-3-642-32009-5_49.
  7. 7.
    Gentry C., Halevi S., Smart N.: Fully homomorphic encryption with polylog overhead. In: Pointcheval D., Johansson T. (eds.) Advances in Cryptology (EUROCRYPT 2012). Lecture Notes in Computer Science, vol. 7237, pp. 465–482. Springer, Berlin (2012). doi:10.1007/978-3-642-29011-4_28.
  8. 8.
    Smart N., Vercauteren F.: Fully homomorphic SIMD operations. Des. Codes Cryptogr. 71(1), 57–81, (2014). doi:10.1007/s10623-012-9720-4.
  9. 9.
    López-Alt A., Tromer E., Vaikuntanathan V.: On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption. In: Proceedings of the 44th Annual ACM Symposium on Theory of Computing (STOC ’12), pp. 1219–1234. ACM, New York (2012).Google Scholar
  10. 10.
    Hoffstein J., Pipher J., Silverman J.: NTRU: a ring-based public key cryptosystem. In: Buhler J. (ed.) Algorithmic Number Theory. Lecture Notes in Computer Science, vol. 1423, pp. 267–288. Springer, Berlin. doi:10.1007/BFb0054868.
  11. 11.
    Stehl D., Steinfeld R.: Making NTRU as secure as worst-case problems over ideal lattices. In: Paterson K. (ed.) Advances in Cryptology (EUROCRYPT 2011). Lecture Notes in Computer Science, vol. 6632, pp. 27–47. Springer, Berlin (2011). doi:10.1007/978-3-642-20465-4_4.
  12. 12.
    Bos J., Lauter K., Loftus J., Naehrig M.: Improved security for a ring-based fully homomorphic encryption scheme. In: Stam M. (ed.) Cryptography and Coding. Lecture Notes in Computer Science, vol. 8308, pp. 45–64. Springer, Berlin (2013). doi:10.1007/978-3-642-45239-0_4.
  13. 13.
    Brakerski Z.: Fully homomorphic encryption without modulus switching from classical gapSVP. In: Safavi-Naini R., Canetti R. (eds.) Advances in Cryptology (CRYPTO 2012). Lecture Notes in Computer Science, vol. 7417, pp. 868–886. Springer, Berlin (2012). doi:10.1007/978-3-642-32009-5_50.
  14. 14.
    Micciancio D., Regev O.: Worst-case to average-case reductions based on gaussian measures. SIAM J. Comput. 37(1), 267–302 (2007). doi:10.1137/S0097539705447360.
  15. 15.
    Lyubashevsky V., Peikert C., Regev O.: On ideal lattices and learning with errors over rings. In: Gilbert H. (ed.) Advances in Cryptology (EUROCRYPT 2010). Lecture Notes in Computer Science, vol. 6110, pp. 1–23. Springer, Berlin (2010). doi:10.1007/978-3-642-13190-5_1.
  16. 16.
    Micciancio D., Regev O.: Lattice-based cryptography. In: Bernstein D., Buchmann J., Dahmen E. (eds.) Post-quantum Cryptography, pp. 147–191. Springer, Berlin (2009). doi:10.1007/978-3-540-88702-7_5.
  17. 17.
    Lindner R., Peikert C.: Better key sizes (and attacks) for LWE-based encryption. In: Kiayias A. (ed.) Topics in Cryptology (CT-RSA 2011). Lecture Notes in Computer Science, vol. 6558, pp. 319–339. Springer, Berlin (2011). doi:10.1007/978-3-642-19074-2_21.
  18. 18.
    Hoffstein J., Silverman J.H., Whyte W.: Estimated breaking times for NTRU lattices. version 2, NTRU Cryptosystems, Technical Report (2003).Google Scholar
  19. 19.
    Gama N., Nguyen P.: Predicting lattice reduction. In: Smart N. (ed.) Advances in Cryptology (EUROCRYPT 2008). Lecture Notes in Computer Science, vol. 4965, pp. 31–51. Springer, Berlin (2008). doi:10.1007/978-3-540-78967-3_3.
  20. 20.
    Coppersmith D., Shamir A.: Lattice attacks on NTRU. In: Fumy W. (ed.) Advances in Cryptology (EUROCRYPT 97). Lecture Notes in Computer Science, vol. 1233, pp. 52–61. Springer, Berlin (1997). doi:10.1007/3-540-69053-0_5.
  21. 21.
    Schnorr C., Euchner M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program., 66(1–3), 181–199 (1994). doi:10.1007/BF01581144.
  22. 22.
    Shoup V.: NTL: A Library for Doing Number Theory. http://www.shoup.net/ntl
  23. 23.
    van de Pol J., Smart N.: Estimating key sizes for high dimensional lattice-based systems. In: Stam M. (ed.) Cryptography and Coding. Lecture Notes in Computer Science, vol. 8308, pp. 290–303. Springer, Berlin (2013). doi:10.1007/978-3-642-45239-0_17.
  24. 24.
    Chen Y., Nguyen P.: BKZ 2.0: better lattice security estimates. In: Lee D., Wang X. (eds.) Advances in Cryptology (ASIACRYPT 2011). Lecture Notes in Computer Science, vol. 7073, pp. 1–20. Springer, Berlin (2011). doi:10.1007/978-3-642-25385-0_1.
  25. 25.
    Lepoint T., Naehrig M.: A comparison of the homomorphic encryption schemes FV and YASHE. In: Pointcheval D., Vergnaud D. (eds.) Progress in Cryptology (AFRICACRYPT 2014). Lecture Notes in Computer Science, vol. 8469, pp. 318–335. Springer, Berlin (2014). doi:10.1007/978-3-319-06734-6_20.
  26. 26.
    Chen Y., Nguyen P.: BKZ 2.0: Better Lattice Security Estimates. (2013). http://www.di.ens.fr/ychen/research/Full_BKZ.pdf.
  27. 27.
    Silverman J.H.: Invertibility in Truncated Polynomial Rings. Technical report, NTRU Cryptosystems (1998).Google Scholar
  28. 28.
    Schnhage A., Strassen V.: Schnelle multiplikation großer zahlen. Computing 7(3–4), 281–292 (1971).Google Scholar
  29. 29.
    Canright D.: A very compact S-Box for AES. In: Rao J., Sunar B. (eds.) Cryptographic Hardware and Embedded Systems (CHES 2005). Lecture Notes in Computer Science, vol. 3659, pp. 441–455. Springer, Berlin (2005). doi:10.1007/11545262_32.
  30. 30.
    Gentry C., Halevi S., Smart N.: Homomorphic evaluation of the AES circuit (updated implementation). (2015). https://eprint.iacr.org/2012/099.pdf.
  31. 31.
    Mella S., Susella R.: On the homomorphic computation of symmetric cryptographic primitives. In: Stam M. (ed.) Cryptography and Coding. Lecture Notes in Computer Science, vol. 8308, pp. 28–44. Springer, Berlin (2013). doi:10.1007/978-3-642-45239-0_3.
  32. 32.
    Helib: A Software Library that Implements Homomorphic Encryption (HE). https://github.com/shaih/HElib.
  33. 33.
    Dai W., Doröz Y., Sunar B.: Accelerating NTRU based homomorphic encryption using GPUs. IACR Cryptology ePrint Archive, vol. 389 (2014). http://eprint.iacr.org/2014/389.
  34. 34.
    Öztürk E., Doröz Y., Sunar B., Savaş E.: Accelerating somewhat homomorphic evaluation using FPGAs. Cryptology ePrint Archive, Report 2015/294 (2015). http://eprint.iacr.org/.

Copyright information

© Springer Science+Business Media New York 2015

Authors and Affiliations

  1. 1.Worcester Polytechnic InstituteWorcesterUSA

Personalised recommendations