Advertisement

Lattice-Based Fully Dynamic Multi-key FHE with Short Ciphertexts

  • Zvika BrakerskiEmail author
  • Renen Perlman
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9814)

Abstract

We present a multi-key fully homomorphic encryption scheme that supports an unbounded number of homomorphic operations for an unbounded number of parties. Namely, it allows to perform arbitrarily many computational steps on inputs encrypted by an a-priori unbounded (polynomial) number of parties. Inputs from new parties can be introduced into the computation dynamically, so the final set of parties needs not be known ahead of time. Furthermore, the length of the ciphertexts, as well as the space complexity of an atomic homomorphic operation, grow only linearly with the current number of parties.

Prior works either supported only an a-priori bounded number of parties (López-Alt, Tromer and Vaikuntanthan, STOC ’12), or only supported single-hop evaluation where all inputs need to be known before the computation starts (Clear and McGoldrick, Crypto ’15, Mukherjee and Wichs, Eurocrypt ’16). In all aforementioned works, the ciphertext length grew at least quadratically with the number of parties.

Technically, our starting point is the LWE-based approach of previous works. Our result is achieved via a careful use of Gentry’s bootstrapping technique, tailored to the specific scheme. Our hardness assumption is that the scheme of Mukherjee and Wichs is circular secure (and thus bootstrappable). A leveled scheme can be achieved under standard LWE.

References

  1. [Ale03]
    Alekhnovich, M.: More on average case vs approximation complexity. In: Proceedings of 44th Symposium on Foundations of Computer Science (FOCS 2003), Cambridge, MA, USA, pp. 298–307. IEEE Computer Society, 11–14 October 2003Google Scholar
  2. [AP14]
    Alperin-Sheriff, J., Peikert, C.: Faster bootstrapping with polynomial error. In: Garay and Gennaro [GG14], pp. 297–314Google Scholar
  3. [Bar89]
    Mix Barrington, D.A.: Bounded-width polynomial-size branching programs recognize exactly those languages in nc\(^1\). J. Comput. Syst. Sci. 38(1), 150–164 (1989)MathSciNetCrossRefzbMATHGoogle Scholar
  4. [BFKL93]
    Blum, A., Furst, M.L., Kearns, M., Lipton, R.J.: Cryptographic primitives based on hard learning problems. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 278–291. Springer, Heidelberg (1994)Google Scholar
  5. [BGV12]
    Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (Leveled) fully homomorphic encryption without bootstrapping. In: Goldwasser, S. (ed.) ITCS, pp. 309–325. ACM (2012). Invited to ACM Transactions onComputation TheoryGoogle Scholar
  6. [BV11]
    Brakerski, Z., Vaikuntanathan, V.: Efficient fully homomorphic encryption from (standard) LWE. In: Ostrovsky, R. (ed.) FOCS, pp. 97–106. IEEE (2011). https://eprint.iacr.org/2011/344.pdf
  7. [BV14]
    Brakerski, Z., Vaikuntanathan, V.: Lattice-based FHE as secure as PKE. In: Naor, M. (ed.) Innovations in Theoretical Computer Science, ITCS 2014, Princeton, NJ, USA, pp. 1–12. ACM, 12–14 January 2014Google Scholar
  8. [CM15]
    Clear, M., McGoldrick, C.: Multi-identity and multi-key leveled FHE from learning with errors. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 630–656. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  9. [Gen09a]
    Gentry, C.: A fully homomorphic encryption scheme. Ph.D. thesis, Stanford University (2009)Google Scholar
  10. [Gen09b]
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC, pp. 169–178 (2009)Google Scholar
  11. [GG14]
    Garay, J.A., Gennaro, R. (eds.): CRYPTO 2014, Part I. LNCS, vol. 8616. Springer, Heidelberg (2014)zbMATHGoogle Scholar
  12. [GHV10]
    Gentry, C., Halevi, S., Vaikuntanathan, V.: i-hop homomorphic encryption and Rerandomizable Yao circuits. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 155–172. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  13. [GSW13]
    Gentry, C., Sahai, A., Waters, B.: Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 75–92. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  14. [HS14]
    Halevi, S., Shoup, V.: Algorithms in HElib. In: Garay and Gennaro [GG14], pp. 554–571Google Scholar
  15. [HS15]
    Halevi, S., Shoup, V.: Bootstrapping for HElib. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 641–670. Springer, Heidelberg (2015)Google Scholar
  16. [LTV12]
    López-Alt, A., Tromer, E., Vaikuntanathan, V.: On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption. In: Karloff, H.J., Pitassi, T. (eds.) Proceedings of 44th Symposium on Theory of Computing Conference, STOC 2012, New York, NY, USA, pp. 1219–1234. ACM, 19–22 May 2012Google Scholar
  17. [MM11]
    Micciancio, D., Mol, P.: Pseudorandom knapsacks and the sample complexity of LWE search-to-decision reductions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 465–484. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  18. [MP12]
    Micciancio, D., Peikert, C.: Trapdoors for lattices: simpler, tighter, faster, smaller. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 700–718. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  19. [MW16]
    Mukherjee, P., Wichs, D.: Two round multiparty computation via multi-key FHE. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 735–763. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-49896-5_26 CrossRefGoogle Scholar
  20. [Pei09]
    Peikert, C.: Public-key cryptosystems from the worst-case shortest vector problem: extended abstract. In: Proceedings of 41st Annual ACM Symposium on Theory of Computing, STOC 2009, Bethesda, MD, USA, pp. 333–342, 31 May - 2 June 2009Google Scholar
  21. [PS16]
    Peikert, C., Shiehian, S.: Multi-key FHE from LWE (revisited). IACR Cryptology ePrint Archive 2016:196 (2016)Google Scholar
  22. [RAD78]
    Rivest, R., Adleman, L., Dertouzos, M.: On data banks and privacy homomorphisms. In: Foundations of Secure Computation, pp. 169–177. Academic Press, Cambridge (1978)Google Scholar
  23. [Reg05]
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Proceedings of 37th Annual ACM Symposium on Theory of Computing, Baltimore, MD, USA, pp. 84–93, 22–24 May 2005Google Scholar
  24. [Sch87]
    Schnorr, C.-P.: A hierarchy of polynomial time lattice basis reduction algorithms. Theor. Comput. Sci. 53, 201–224 (1987)MathSciNetCrossRefzbMATHGoogle Scholar
  25. [Vio09]
    Viola, E.: Barrington’s Theorem - Lecture Notes (2009). Scribe by Zhou, F. http://www.ccs.neu.edu/home/viola/classes/gems-08/lectures/le11.pdf

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.Weizmann Institute of ScienceRehovotIsrael
  2. 2.Tel-Aviv UniversityTel AvivIsrael

Personalised recommendations