Advertisement

Homomorphic Lower Digits Removal and Improved FHE Bootstrapping

  • Hao Chen
  • Kyoohyung Han
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10820)

Abstract

Bootstrapping is a crucial operation in Gentry’s breakthrough work on fully homomorphic encryption (FHE), where a homomorphic encryption scheme evaluates its own decryption algorithm. There has been a couple of implementations of bootstrapping, among which HElib arguably marks the state-of-the-art in terms of throughput, ciphertext/message size ratio and support for large plaintext moduli.

In this work, we applied a family of “lowest digit removal” polynomials to design an improved homomorphic digit extraction algorithm which is a crucial part in bootstrapping for both FV and BGV schemes. When the secret key has 1-norm \(h=||s||_1\) and the plaintext modulus is \(t = p^r\), we achieved bootstrapping depth \(\log h + \log ( \log _p(ht))\) in FV scheme. In case of the BGV scheme, we brought down the depth from \(\log h + 2 \log t\) to \(\log h + \log t\).

We implemented bootstrapping for FV in the SEAL library. We also introduced another “slim mode”, which restrict the plaintexts to batched vectors in \(\mathbb {Z}_{p^r}\). The slim mode has similar throughput as the full mode, while each individual run is much faster and uses much smaller memory. For example, bootstrapping takes 6.75 s for vectors over GF(127) with 64 slots and 1381 s for vectors over \(GF(257^{128})\) with 128 slots. We also implemented our improved digit extraction procedure for the BGV scheme in HElib.

Keywords

Homomorphic encryption Bootstrapping Implementation 

Notes

Acknowledgements

We wish to thank Kim Laine, Amir Jalali and Zhicong Huang for implementing significant performance optimizations to SEAL. We thank Shai Halevi for helpful discussions on bootstrapping in HElib.

References

  1. 1.
    Aguilar-Melchor, C., Barrier, J., Guelton, S., Guinet, A., Killijian, M.-O., Lepoint, T.: NFLlib: NTT-Based Fast Lattice Library. In: Sako, K. (ed.) CT-RSA 2016. LNCS, vol. 9610, pp. 341–356. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-29485-8_20CrossRefGoogle Scholar
  2. 2.
    Albrecht, M.R., Player, R., Scott, S.: On the concrete hardness of learning with errors. J. Math. Cryptol. 9(3), 169–203 (2015)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Biasse, J.-F., Ruiz, L.: FHEW with efficient multibit bootstrapping. In: Lauter, K., Rodríguez-Henríquez, F. (eds.) LATINCRYPT 2015. LNCS, vol. 9230, pp. 119–135. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-22174-8_7CrossRefGoogle Scholar
  4. 4.
    Bonte, C., Bootland, C., Bos, J.W., Castryck, W., Iliashenko, I., Vercauteren, F.: Faster homomorphic function evaluation using non-integral base encoding. Cryptology ePrint Archive, Report 2017/333 (2017). http://eprint.iacr.org/2017/333
  5. 5.
    Bos, J.W., Castryck, W., Iliashenko, I., Vercauteren, F.: Privacy-friendly forecasting for the smart grid using homomorphic encryption and the group method of data handling. Cryptology ePrint Archive, Report 2016/1117 (2016). http://eprint.iacr.org/2016/1117
  6. 6.
    Bos, J.W., Lauter, K., Loftus, J., Naehrig, M.: Improved security for a ring-based fully homomorphic encryption scheme. In: Stam, M. (ed.) IMACC 2013. LNCS, vol. 8308, pp. 45–64. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-45239-0_4CrossRefGoogle Scholar
  7. 7.
    Brakerski, Z.: Fully homomorphic encryption without modulus switching from classical GapSVP. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 868–886. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32009-5_50CrossRefGoogle Scholar
  8. 8.
    Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (Leveled) fully homomorphic encryption without bootstrapping. In: Proceedings of the 3rd Innovations in Theoretical Computer Science Conference, pp. 309–325. ACM (2012)Google Scholar
  9. 9.
    Brakerski, Z., Vaikuntanathan, V.: Fully homomorphic encryption from ring-LWE and security for key dependent messages. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 505–524. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-22792-9_29CrossRefGoogle Scholar
  10. 10.
    Brakerski, Z., Vaikuntanathan, V.: Efficient fully homomorphic encryption from (standard) LWE. SIAM J. Comput. 43(2), 831–871 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Cheon, J.H., Han, K., Kim, D.: Faster bootstrapping of FHE over the integers. IACR Cryptology ePrint Archive, 2017:79 (2017)Google Scholar
  12. 12.
    Cheon, J.H., Kim, A., Kim, M., Song, Y.: Homomorphic encryption for arithmetic of approximate numbers. Cryptology ePrint Archive, Report 2016/421 (2016). http://eprint.iacr.org/2016/421
  13. 13.
    Cheon, J.H., Stehlé, D.: Fully homomophic encryption over the integers revisited. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 513–536. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46800-5_20Google Scholar
  14. 14.
    Chillotti, I., Gama, N., Georgieva, M., Izabachène, M.: Faster fully homomorphic encryption: bootstrapping in less than 0.1 seconds. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 3–33. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53887-6_1CrossRefGoogle Scholar
  15. 15.
    Chillotti, I., Gama, N., Georgieva, M., Izabachène, M.: Improving TFHE: faster packed homomorphic operations and efficient circuit bootstrapping (2017). https://eprint.iacr.org/2017/430
  16. 16.
    Coron, J.-S., Lepoint, T., Tibouchi, M.: Scale-invariant fully homomorphic encryption over the integers. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 311–328. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-54631-0_18CrossRefGoogle Scholar
  17. 17.
    Costache, A., Smart, N.P., Vivek, S., Waller, A.: Fixed point arithmetic in SHE scheme. IACR Cryptology ePrint Archive, 2016:250 (2016)Google Scholar
  18. 18.
    Ducas, L., Micciancio, D.: FHEW: bootstrapping homomorphic encryption in less than a second. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 617–640. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46800-5_24Google Scholar
  19. 19.
    Fan, J., Vercauteren, F.: Somewhat practical fully homomorphic encryption. Cryptology ePrint Archive, Report 2012/144 (2012). http://eprint.iacr.org/
  20. 20.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. STOC 9, 169–178 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Gentry, C., Halevi, S., Smart, N.P.: Better bootstrapping in fully homomorphic encryption. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 1–16. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-30057-8_1CrossRefGoogle Scholar
  22. 22.
    Gentry, C., Sahai, A., Waters, B.: Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 75–92. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40041-4_5CrossRefGoogle Scholar
  23. 23.
    Gilad-Bachrach, R., Dowlin, N., Laine, K., Lauter, K., Naehrig, M., Wernsing, J., Cryptonets: applying neural networks to encrypted data with high throughput and accuracy. In: International Conference on Machine Learning, pp. 201–210 (2016)Google Scholar
  24. 24.
    Graepel, T., Lauter, K., Naehrig, M.: ML confidential: machine learning on encrypted data. In: Kwon, T., Lee, M.-K., Kwon, D. (eds.) ICISC 2012. LNCS, vol. 7839, pp. 1–21. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-37682-5_1CrossRefGoogle Scholar
  25. 25.
    Halevi, S., Shoup, V.: Bootstrapping for HElib. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 641–670. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46800-5_25Google Scholar
  26. 26.
    Griffin, M.: Lowest degree of polynomial that removes the first digit of an integer in base p. MathOverflow, Version 08 May 2017. https://mathoverflow.net/users/61910/michaelgriffin, https://mathoverflow.net/q/269282
  27. 27.
    Laine, K., Player, R.: Simple encrypted arithmetic library-SEAL (v2. 0). Technical report, September 2016Google Scholar
  28. 28.
    Nuida, K., Kurosawa, K.: (Batch) fully homomorphic encryption over integers for non-binary message spaces. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 537–555. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46800-5_21Google Scholar
  29. 29.
    Paterson, M.S., Stockmeyer, L.J.: On the number of nonscalar multiplications necessary to evaluate polynomials. SIAM J. Comput. 2(1), 60–66 (1973)MathSciNetCrossRefzbMATHGoogle Scholar
  30. 30.
    Smart, N.P., Vercauteren, F.: Fully homomorphic SIMD operations. Des. Codes Cryptograp. 292, 1–25 (2014)zbMATHGoogle Scholar
  31. 31.
    van Dijk, M., Gentry, C., Halevi, S., Vaikuntanathan, V.: Fully homomorphic encryption over the integers. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 24–43. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13190-5_2CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  1. 1.Microsoft ResearchRedmondUSA
  2. 2.Seoul National UniversitySeoulKorea

Personalised recommendations