Which Ring Based Somewhat Homomorphic Encryption Scheme is Best?

  • Ana Costache
  • Nigel P. Smart
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9610)


The purpose of this paper is to compare side-by-side the NTRU and BGV schemes in their non-scale invariant (messages in the lower bits), and their scale invariant (message in the upper bits) forms. The scale invariant versions are often called the YASHE and FV schemes. As an additional optimization, we also investigate the ffect of modulus reduction on the scale-invariant schemes. We compare the schemes using the “average case” noise analysis presented by Gentry et al. In addition we unify notation and techniques so as to show commonalities between the schemes. We find that the BGV scheme appears to be more efficient for large plaintext moduli, whilst YASHE seems more efficient for small plaintext moduli (although the benefit is not as great as one would have expected).



This work has been supported in part by an ERC Advanced Grant ERC-2010-AdG-267188-CRIPTO and by the European Union’s H2020 Programme under grant agreement number ICT-644209. The authors would like to thank Steven Galbraith for comments on an earlier version of this manuscript.


  1. 1.
    Bos, Joppe W., Lauter, Kristin, Loftus, Jake, Naehrig, Michael: Improved security for a ring-based fully homomorphic encryption scheme. In: Stam, Martijn (ed.) IMACC 2013. LNCS, vol. 8308, pp. 45–64. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  2. 2.
    Z. Brakerski. Fully homomorphic encryption without modulus switching from classical gapsvp. In: Safavi-Naini and Canetti [16], pp. 868–886Google Scholar
  3. 3.
    Brakerski, Z., Gentry, C., Vaikuntanathan, V.: Fully homomorphic encryption without bootstrapping. In: Innovations in Theoretical Computer Science (ITCS 2012) (2012).
  4. 4.
    Damgård, I., Pastro, V., Smart, N.P., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini and Canetti [16], pp. 643–662Google Scholar
  5. 5.
    Doröz, Y., Hu, Y., Sunar, B.: Homomorphic AES evaluation using the modified LTV scheme. Des. Codes, Cryptography (2015, to appear).
  6. 6.
    Fan, J., Vercauteren, F.: Somewhat practical fully homomorphic encryption. IACR Cryptology ePrint Archive 2012, 144 (2012)Google Scholar
  7. 7.
    C. Gentry. A fully homomorphic encryption scheme. Ph.D thesis, Stanford University (2009).
  8. 8.
    Gentry, C., Halevi, S., Smart, N.P.: Fully homomorphic encryption with polylog overhead. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 465–482. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  9. 9.
    Gentry, C., Halevi, S., Smart, N.P.: Homomorphic evaluation of the AES circuit. In: Safavi-Naini and Canetti [16], pp. 850–867Google Scholar
  10. 10.
    Kirchner, P., Fouque, P.: An improved BKW algorithm for LWE with applications to cryptography and lattices. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO – 2015. LNCS, vol. 9215, pp. 43–62. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  11. 11.
    Lauter, K., Naehrig, M., Vaikuntanathan, V.: Can homomorphic encryption be practical? In: CCSW, pp. 113–124. ACM (2011)Google Scholar
  12. 12.
    Lepoint, T., Naehrig, M.: A comparison of the homomorphic encryption schemes FV and YASHE. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT 2014. LNCS, vol. 8469, pp. 318–335. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  13. 13.
    Lindner, R., Peikert, C.: Better key sizes (and attacks) for LWE-based encryption. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 319–339. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  14. 14.
    Lòpez-Alt, A., Tromer, E., Vaikuntanathan, V.: On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption. In: STOC, ACM (2012)Google Scholar
  15. 15.
    Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  16. 16.
    Safavi-Naini, R., Canetti, R. (eds): Cryptogr. – 2015. LNCS, vol. 7417, Springer, Heidelberg (2012)Google Scholar
  17. 17.
    Smart, N.P., Vercauteren, F.: Fully homomorphic SIMD operations. Des. Codes Cryptogr. 71(1), 57–81 (2014)CrossRefzbMATHGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity of BristolBristolUK

Personalised recommendations