Stream Ciphers: A Practical Solution for Efficient Homomorphic-Ciphertext Compression

  • Anne Canteaut
  • Sergiu Carpov
  • Caroline Fontaine
  • Tancrède Lepoint
  • María Naya-Plasencia
  • Pascal Paillier
  • Renaud Sirdey
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9783)

Abstract

In typical applications of homomorphic encryption, the first step consists for Alice to encrypt some plaintext m under Bob’s public key \(\mathsf {pk}\) and to send the ciphertext \(c = \mathsf {HE}_{\mathsf {pk}}(m)\) to some third-party evaluator Charlie. This paper specifically considers that first step, i.e. the problem of transmitting c as efficiently as possible from Alice to Charlie. As previously noted, a form of compression is achieved using hybrid encryption. Given a symmetric encryption scheme \(\mathsf {E}\), Alice picks a random key k and sends a much smaller ciphertext \(c' = (\mathsf {HE}_{\mathsf {pk}}(k), \mathsf {E}_k(m))\) that Charlie decompresses homomorphically into the original c using a decryption circuit \(\mathcal {C}_{{\mathsf {E}^{-1}}}\).

In this paper, we revisit that paradigm in light of its concrete implementation constraints; in particular \(\mathsf {E}\) is chosen to be an additive IV-based stream cipher. We investigate the performances offered in this context by Trivium, which belongs to the eSTREAM portfolio, and we also propose a variant with 128-bit security: Kreyvium. We show that Trivium, whose security has been firmly established for over a decade, and the new variant Kreyvium have an excellent performance.

Keywords

Stream ciphers Homomorphic cryptography Trivium 

References

  1. 1.
    Algorithms, key size and parameters report 2014. Technical report, ENISA (2014)Google Scholar
  2. 2.
    Albrecht, M.R., Rechberger, C., Schneider, T., Tiessen, T., Zohner, M.: Ciphers for MPC and FHE. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 430–454. Springer, Heidelberg (2015)Google Scholar
  3. 3.
    Armknecht, F., Mikhalev, V.: On lightweight stream ciphers with shorter internal states. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 451–470. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  4. 4.
    Aumasson, J.-P., Dinur, I., Meier, W., Shamir, A.: Cube testers and key recovery attacks on reduced-round MD6 and Trivium. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 1–22. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  5. 5.
    Babbage, S.: A space/time trade-off in exhaustive search attacks on stream ciphers. In: Proceedings of European Convention on Security and Detection, No. 408. IEEE (1995)Google Scholar
  6. 6.
    Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: Proceedings of FOCS, pp. 394–403. IEEE Computer Society (1997)Google Scholar
  7. 7.
    Berbain, C., Gilbert, H.: On the security of IV dependent stream ciphers. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 254–273. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. 8.
    Biryukov, A., Shamir, A.: Cryptanalytic time/memory/data tradeoffs for stream ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 1–13. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  9. 9.
    Borghoff, J., Canteaut, A., Güneysu, T., Kavun, E.B., Knezevic, M., Knudsen, L.R., Leander, G., Nikov, V., Paar, C., Rechberger, C., Rombouts, P., Thomsen, S.S., Yalçin, T.: PRINCE – a low-latency block cipher for pervasive computing applications. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 208–225. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  10. 10.
    Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (Leveled) Fully homomorphic encryption without bootstrapping. TOCT 6(3), 13 (2014)MathSciNetCrossRefGoogle Scholar
  11. 11.
    De Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN—a family of small and efficient hardware-oriented block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. 12.
    Cannière, C.D., Lano, J., Preneel, B.: Comments on there discovery of time memory data tradeoffs. Technical report, eSTREAM-ECRYPT Stream Cipher Project (2005). www.ecrypt.eu.org/stream/papersdir/040.pdf
  13. 13.
    De Cannière, C., Preneel, B.: Trivium. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 244–266. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  14. 14.
    Canteaut, A., Carpov, S., Fontaine, C., Lepoint, T., Naya-Plasencia, M., Paillier, P., Sirdey, R.: How to compress homomorphic ciphertexts. IACR Cryptol. ePrint Arch. 2015, 113 (2015). https://eprint.iacr.org/2015/113 Google Scholar
  15. 15.
    Carpov, S., Dubrulle, P., Sirdey, R.: Armadillo: a compilation chain for privacy preserving applications. In: Proceedings of ACM CCSW. ACM (2015)Google Scholar
  16. 16.
    Chakraborti, A., Chattopadhyay, A., Hassan, M., Nandi, M.: TriviA: a fast and secure authenticated encryption scheme. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 330–353. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  17. 17.
    Chenal, M., Tang, Q.: On key recovery attacks against existing somewhat homomorphic encryption schemes. In: Aranha, D.F., Menezes, A. (eds.) LATINCRYPT 2014. LNCS, vol. 8895, pp. 239–258. Springer, Heidelberg (2015)Google Scholar
  18. 18.
    Cheon, J.H., Coron, J.-S., Kim, J., Lee, M.S., Lepoint, T., Tibouchi, M., Yun, A.: Batch fully homomorphic encryption over the integers. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 315–335. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  19. 19.
    Coron, J.-S., Lepoint, T., Tibouchi, M.: Scale-invariant fully homomorphic encryption over the integers. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 311–328. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  20. 20.
    Courtois, N., Meier, W.: Algebraic attacks on stream ciphers with linear feedback. In: Biham, E. (ed.) Advances in Cryptology–EUROCRYPT 2003. LNCS, vol. 2656, pp. 345–359. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  21. 21.
    Dinur, I., Liu, Y., Meier, W., Wang, Q.: Optimized interpolation attacks on LowMC. IACR Cryptol. ePrint Arch. 2015, 418 (2015)MATHGoogle Scholar
  22. 22.
    Dinur, I., Shamir, A.: Cube attacks on tweakable black box polynomials. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 278–299. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  23. 23.
    Doröz, Y., Hu, Y., Sunar, B.: Homomorphic AES evaluation using NTRU. IACR Cryptol. ePrint Arch. 2014, 39 (2014)Google Scholar
  24. 24.
    Doröz, Y., Shahverdi, A., Eisenbarth, T., Sunar, B.: Toward practical homomorphic evaluation of block ciphers using prince. In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds.) FC 2014 Workshops. LNCS, vol. 8438, pp. 208–220. Springer, Heidelberg (2014)Google Scholar
  25. 25.
    ECRYPT - European Network of Excellence in Cryptology: The eSTREAM StreamCipher Project (2005). http://www.ecrypt.eu.org/stream/
  26. 26.
    Fan, J., Vercauteren, F.: Somewhat practical fully homomorphic encryption. IACR Cryptol. ePrint Arch. 2012, 144 (2012)Google Scholar
  27. 27.
    Fau, S., Sirdey, R., Fontaine, C., Aguilar, C., Gogniat, G.: Towards practical program execution over fully homomorphic encryption schemes. In: IEEE International Conference on P2P, Parallel, Grid, Cloud and Internet Computing, pp. 284–290 (2013)Google Scholar
  28. 28.
    Fouque, P.-A., Vannet, T.: Improving key recovery to 784 and 799 rounds of Trivium using optimized cube attacks. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 502–517. Springer, Heidelberg (2014)Google Scholar
  29. 29.
    Fuhr, T., Minaud, B.: Match box meet-in-the-middle attack against KATAN. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 61–81. Springer, Heidelberg (2015)Google Scholar
  30. 30.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of STOC, pp. 169–178. ACM (2009)Google Scholar
  31. 31.
    Gentry, C., Halevi, S., Smart, N.P.: Homomorphic evaluation of the AES circuit. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 850–867. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  32. 32.
    Golić, J.D.: Cryptanalysis of alleged A5 stream cipher. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 239–255. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  33. 33.
    Graepel, T., Lauter, K., Naehrig, M.: ML confidential: machine learning on encrypted data. In: Kwon, T., Lee, M.-K., Kwon, D. (eds.) ICISC 2012. LNCS, vol. 7839, pp. 1–21. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  34. 34.
    Halevi, S., Shoup, V.: Algorithms in HElib. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 554–571. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  35. 35.
    Herranz, J., Hofheinz, D., Kiltz, E.: Some (in)sufficient conditions for secure hybrid encryption. Inf. Comput. 208(11), 1243–1257 (2010)MathSciNetCrossRefMATHGoogle Scholar
  36. 36.
    Hong, J., Sarkar, P.: New applications of time memory data tradeoffs. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 353–372. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  37. 37.
    Iwata, T.: New blockcipher modes of operation with beyond the birthday bound security. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 310–327. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  38. 38.
    Jakobsen, T., Knudsen, L.R.: The interpolation attack on block ciphers. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 28–40. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  39. 39.
    Katz, J., Lindell, Y.: Introduction to Modern Cryptography, 2nd edn. Chapman and Hall/CRC Press, Boca Raton (2014)MATHGoogle Scholar
  40. 40.
    Knellwolf, S., Meier, W., Naya-Plasencia, M.: Conditional differential cryptanalysis of NLFSR-based cryptosystems. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 130–145. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  41. 41.
    Knellwolf, S., Meier, W., Naya-Plasencia, M.: Conditional differential cryptanalysis of Trivium and KATAN. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 200–212. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  42. 42.
    Lauter, K., López-Alt, A., Naehrig, M.: Private computation on encrypted genomic data. In: Aranha, D.F., Menezes, A. (eds.) LATINCRYPT 2014. LNCS, vol. 8895, pp. 3–27. Springer, Heidelberg (2015)Google Scholar
  43. 43.
    Lepoint, T., Naehrig, M.: A comparison of the homomorphic encryption schemes \({\sf FV}\) and \({\sf YASHE}\). In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT. LNCS, vol. 8469, pp. 318–335. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  44. 44.
    Lepoint, T., Paillier, P.: On the minimal number of bootstrappings in homomorphic circuits. In: Adams, A.A., Brenner, M., Smith, M. (eds.) FC 2013. LNCS, vol. 7862, pp. 189–200. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  45. 45.
    Maximov, A., Biryukov, A.: Two trivial attacks on Trivium. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 36–55. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  46. 46.
    Naehrig, M., Lauter, K.E., Vaikuntanathan, V.: Can homomorphic encryption be practical? In: Proceedings of ACM CCSW, pp. 113–124. ACM (2011)Google Scholar
  47. 47.
    National Institute of Standards and Technology: Recommendation for Block Cipher Modes of Operation. NIST Special, Publication 800–38A (2001)Google Scholar
  48. 48.
    Rogaway, P.: Evaluation of some blockcipher modes of operation. Cryptrec(2011). http://web.cs.ucdavis.edu/~rogaway/papers/modes.pdf
  49. 49.
    Smart, N.P., Vercauteren, F.: Fully homomorphic SIMD operations. Des. Codes Crypt. 71(1), 57–81 (2014)CrossRefMATHGoogle Scholar
  50. 50.
    Yasuda, K.: A new variant of PMAC: beyond the birthday bound. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 596–609. Springer, Heidelberg (2011)CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  • Anne Canteaut
    • 1
  • Sergiu Carpov
    • 2
  • Caroline Fontaine
    • 3
  • Tancrède Lepoint
    • 4
  • María Naya-Plasencia
    • 1
  • Pascal Paillier
    • 4
  • Renaud Sirdey
    • 2
  1. 1.InriaParisFrance
  2. 2.CEA LISTParisFrance
  3. 3.CNRS/Lab-STICC and Telecom Bretagne and UEBBrestFrance
  4. 4.CryptoExpertsParisFrance

Personalised recommendations