Blending FHE-NTRU Keys – The Excalibur Property
Can Bob give Alice his decryption secret and be convinced that she will not give it to someone else? This is achieved by a proxy re-encryption scheme where Alice does not have Bob’s secret but instead she can transform ciphertexts in order to decrypt them with her own key. In this article, we answer this question in a different perspective, relying on a property that can be found in the well-known modified NTRU encryption scheme. We show how parties can collaborate to one-way-glue their secret-keys together, giving Alice’s secret-key the additional ability to decrypt Bob’s ciphertexts. The main advantage is that the protocols we propose can be plugged directly to the modified NTRU scheme with no post-key-generation space or time costs, nor any modification of ciphertexts. In addition, this property translates to the NTRU-based multikey homomorphic scheme, allowing to equip a hierarchic chain of users with automatic re-encryption of messages and supporting homomorphic operations of ciphertexts. To achieve this, we propose two-party computation protocols in cyclotomic polynomial rings. We base the security in presence of various types of adversaries on the RLWE and DSPR assumptions, and on two new problems in the modified NTRU ring.
KeywordsEncryption Scheme Quadratic System Validation Protocol Random Polynomial Malicious Adversary
We would like to thank Pablo Schinke Gross for suggesting the term Excalibur and the INDOCRYPT 2016 anonymous reviewers for their helpful comments. This work has been supported in part by the FUI CRYPTOCOMP project.
- 8.Brakerski, Z., Vaikuntanathan, V.: Efficient fully homomorphic encryption from (standard) LWE. In: Proceedings of the 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science. FOCS 2011, pp. 97–106. IEEE Computer Society, Washington, DC (2011)Google Scholar
- 11.Gentry, C.: A fully homomorphic encryption scheme. Ph.D. thesis, Stanford, CA, USA, aAI3382729 (2009)Google Scholar
- 12.Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing. STOC 2009, pp. 169–178. ACM, New York (2009). http://doi.acm.org/10.1145/1536414.1536440
- 13.Gentry, C., Halevi, S.: Fully homomorphic encryption without squashing using depth-3 arithmetic circuits. In: Proceedings of the 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science, pp. 107–109. FOCS 2011. IEEE Computer Society, Washington, DC (2011)Google Scholar
- 19.Gentry, C., Sahai, A., Waters, B.: Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 75–92. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40041-4_5 CrossRefGoogle Scholar
- 22.Lauter, K., Lopez-Alt, A., Naehrig, M.: Private computation on encrypted genomic data. Techical report (2014). http://research.microsoft.com/apps/pubs/default.aspx?id=219979
- 23.López-Alt, A., Tromer, E., Vaikuntanathan, V.: On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption. In: STOC, pp. 1219–1234 (2012)Google Scholar
- 27.Yasuda, M., Shimoyama, T., Kogure, J., Yokoyama, K., Koshiba, T.: Secure pattern matching using somewhat homomorphic encryption. In: Proceedings of the 2013 ACM Workshop on Cloud Computing Security Workshop. CCSW 2013, pp. 65–76. ACM, New York (2013). http://doi.acm.org/10.1145/2517488.2517497