Fully Homomorphic Encryption with Polylog Overhead

  • Craig Gentry
  • Shai Halevi
  • Nigel P. Smart
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7237)

Abstract

We show that homomorphic evaluation of (wide enough) arithmetic circuits can be accomplished with only polylogarithmic overhead. Namely, we present a construction of fully homomorphic encryption (FHE) schemes that for security parameter λ can evaluate any width-Ω(λ) circuit with t gates in time \(t\cdot \mbox{polylog}(\lambda )\).

To get low overhead, we use the recent batch homomorphic evaluation techniques of Smart-Vercauteren and Brakerski-Gentry-Vaikuntanathan, who showed that homomorphic operations can be applied to “packed” ciphertexts that encrypt vectors of plaintext elements. In this work, we introduce permuting/routing techniques to move plaintext elements across these vectors efficiently. Hence, we are able to implement general arithmetic circuit in a batched fashion without ever needing to “unpack” the plaintext vectors.

We also introduce some other optimizations that can speed up homomorphic evaluation in certain cases. For example, we show how to use the Frobenius map to raise plaintext elements to powers of p at the “cost” of a linear operation.

References

  1. 1.
    Rivest, R., Adleman, L., Dertouzos, M.L.: On data banks and privacy homomorphisms. In: Foundations of Secure Computation, pp. 169–180 (1978)Google Scholar
  2. 2.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Mitzenmacher, M. (ed.) STOC, pp. 169–178. ACM (2009)Google Scholar
  3. 3.
    Gentry, C.: A fully homomorphic encryption scheme. PhD thesis, Stanford University (2009), http://crypto.stanford.edu/craig
  4. 4.
    Smart, N.P., Vercauteren, F.: Fully homomorphic SIMD operations (2011) (manuscript), http://eprint.iacr.org/2011/133
  5. 5.
    Brakerski, Z., Gentry, C., Vaikuntanathan, V.: Fully homomorphic encryption without bootstrapping. In: The 3rd Innovations in Theoretical Computer Science Conference, ITCS (2012), Full version at, http://eprint.iacr.org/2011/277
  6. 6.
    Lyubashevsky, V., Peikert, C., Regev, O.: On Ideal Lattices and Learning with Errors over Rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  7. 7.
    Brakerski, Z., Vaikuntanathan, V.: Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 505–524. Springer, Heidelberg (2011)Google Scholar
  8. 8.
    Brakerski, Z., Vaikuntanathan, V.: Efficient fully homomorphic encryption from (standard) LWE. In: FOCS. IEEE Computer Society (2011)Google Scholar
  9. 9.
    Lauter, K., Naehrig, M., Vaikuntanathan, V.: Can homomorphic encryption be practical? In: ACM Workshop on Cloud Computing Security, pp. 113–124 (2011)Google Scholar
  10. 10.
    Stehlé, D., Steinfeld, R.: Faster Fully Homomorphic Encryption. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 377–394. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Gentry, C., Halevi, S.: Implementing Gentry’s Fully-Homomorphic Encryption Scheme. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 129–148. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  12. 12.
    Gentry, C., Halevi, S., Smart, N.P.: Fully homomorphic encryption with polylog overhead (2011), Full version at http://eprint.iacr.org/2011/566
  13. 13.
    Smart, N.P., Vercauteren, F.: Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 420–443. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Hennessy, J.L., Patterson, D.A.: Computer Architecture: A Quantitative Approach, 4th edn. Morgan Kaufmann (2006)Google Scholar
  15. 15.
    Beneš, V.E.: Optimal rearrangeable multistage connecting networks. Bell System Technical Journal 43, 1641–1656 (1964)MathSciNetMATHGoogle Scholar
  16. 16.
    Waksman, A.: A permutation network. J. ACM 15, 159–163 (1968)MathSciNetMATHCrossRefGoogle Scholar
  17. 17.
    Damgård, I., Ishai, Y., Krøigaard, M.: Perfectly Secure Multiparty Computation and the Computational Overhead of Cryptography. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 445–465. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  18. 18.
    Lev, G., Pippenger, N., Valiant, L.: A fast parallel algorithm for routing in permutation networks. IEEE Transactions on Computers C-30, 93–100 (1981)MathSciNetGoogle Scholar
  19. 19.
    Leighton, F.T.: Introduction to parallel algorithms and architectures: arrays, trees, hypercubes, 2nd edn. M. Kaufmann Publishers (1992)Google Scholar

Copyright information

© International Association for Cryptologic Research 2012

Authors and Affiliations

  • Craig Gentry
    • 1
  • Shai Halevi
    • 1
  • Nigel P. Smart
    • 2
  1. 1.IBM T.J. Watson Research CenterYorktown HeightsU.S.A.
  2. 2.Dept. Computer ScienceUniversity of BristolBristolUnited Kingdom

Personalised recommendations