Homomorphic Encryption: From Private-Key to Public-Key
We show how to transform any additively homomorphic private-key encryption scheme that is compact, into a public-key encryption scheme. By compact we mean that the length of a homomorphically generated encryption is independent of the number of ciphertexts from which it was created. We do not require anything else on the distribution of homomorphically generated encryptions (in particular, we do not require them to be distributed like real ciphertexts).
Our resulting public-key scheme is homomorphic in the following sense. If the private-key scheme is i + 1-hop homomorphic with respect to some set of operations then the public-key scheme we construct is i-hop homomorphic with respect to the same set of operations.