Which Ring Based Somewhat Homomorphic Encryption Scheme is Best?
The purpose of this paper is to compare side-by-side the NTRU and BGV schemes in their non-scale invariant (messages in the lower bits), and their scale invariant (message in the upper bits) forms. The scale invariant versions are often called the YASHE and FV schemes. As an additional optimization, we also investigate the ffect of modulus reduction on the scale-invariant schemes. We compare the schemes using the “average case” noise analysis presented by Gentry et al. In addition we unify notation and techniques so as to show commonalities between the schemes. We find that the BGV scheme appears to be more efficient for large plaintext moduli, whilst YASHE seems more efficient for small plaintext moduli (although the benefit is not as great as one would have expected).
This work has been supported in part by an ERC Advanced Grant ERC-2010-AdG-267188-CRIPTO and by the European Union’s H2020 Programme under grant agreement number ICT-644209. The authors would like to thank Steven Galbraith for comments on an earlier version of this manuscript.
- 2.Z. Brakerski. Fully homomorphic encryption without modulus switching from classical gapsvp. In: Safavi-Naini and Canetti , pp. 868–886Google Scholar
- 3.Brakerski, Z., Gentry, C., Vaikuntanathan, V.: Fully homomorphic encryption without bootstrapping. In: Innovations in Theoretical Computer Science (ITCS 2012) (2012). http://eprint.iacr.org/2011/277
- 4.Damgård, I., Pastro, V., Smart, N.P., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini and Canetti , pp. 643–662Google Scholar
- 5.Doröz, Y., Hu, Y., Sunar, B.: Homomorphic AES evaluation using the modified LTV scheme. Des. Codes, Cryptography (2015, to appear). https://eprint.iacr.org/2014/039
- 6.Fan, J., Vercauteren, F.: Somewhat practical fully homomorphic encryption. IACR Cryptology ePrint Archive 2012, 144 (2012)Google Scholar
- 7.C. Gentry. A fully homomorphic encryption scheme. Ph.D thesis, Stanford University (2009). http://crypto.stanford.edu/craig
- 9.Gentry, C., Halevi, S., Smart, N.P.: Homomorphic evaluation of the AES circuit. In: Safavi-Naini and Canetti , pp. 850–867Google Scholar
- 11.Lauter, K., Naehrig, M., Vaikuntanathan, V.: Can homomorphic encryption be practical? In: CCSW, pp. 113–124. ACM (2011)Google Scholar
- 14.Lòpez-Alt, A., Tromer, E., Vaikuntanathan, V.: On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption. In: STOC, ACM (2012)Google Scholar
- 16.Safavi-Naini, R., Canetti, R. (eds): Cryptogr. – 2015. LNCS, vol. 7417, Springer, Heidelberg (2012)Google Scholar