i-Hop Homomorphic Encryption and Rerandomizable Yao Circuits

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6223)


Homomorphic encryption (HE) schemes enable computing functions on encrypted data, by means of a public Eval procedure that can be applied to ciphertexts. But the evaluated ciphertexts so generated may differ from freshly encrypted ones. This brings up the question of whether one can keep computing on evaluated ciphertexts. An i-hop homomorphic encryption scheme is one where Eval can be called on its own output up to i times, while still being able to decrypt the result. A multi-hop homomorphic encryption is a scheme which is i-hop for all i. In this work we study i-hop and multi-hop schemes in conjunction with the properties of function-privacy (i.e., Eval’s output hides the function) and compactness (i.e., the output of Eval is short). We provide formal definitions and describe several constructions.

First, we observe that “bootstrapping” techniques can be used to convert any (1-hop) homomorphic encryption scheme into an i-hop scheme for any i, and the result inherits the function-privacy and/or compactness of the underlying scheme. However, if the underlying scheme is not compact (such as schemes derived from Yao circuits) then the complexity of the resulting i-hop scheme can be as high as n O(i).

We then describe a specific DDH-based multi-hop homomorphic encryption scheme that does not suffer from this exponential blowup. Although not compact, this scheme has complexity linear in the size of the composed function, independently of the number of hops. The main technical ingredient in this solution is a re-randomizable variant of the Yao circuits. Namely, given a garbled circuit, anyone can re-garble it in such a way that even the party that generated the original garbled circuit cannot recognize it. This construction may be of independent interest.


Encryption Scheme Security Parameter Encrypt Data Homomorphic Encryption Oblivious Transfer 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Aguilar-Melchor, C., Gaborit, P., Herranz, J.: Additively Homomorphic Encryption with d-Operand Multiplications. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 138–154. Springer, Heidelberg (2010)Google Scholar
  2. 2.
    Aiello, W., Ishai, Y., Reingold, O.: Priced oblivious transfer: How to sell digital goods. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 119–135. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Barak, B., Haitner, I., Hofheinz, D., Ishai, Y.: Bounded key-dependent message security. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 423–444. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  4. 4.
    Boneh, D., Halevi, S., Hamburg, M., Ostrovsky, R.: Circular-secure encryption from decision diffie-hellman. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 108–125. Springer, Heidelberg (2008)Google Scholar
  5. 5.
    Cachin, C., Camenisch, J., Kilian, J., Müller, J.: One-round secure computation and secure autonomous mobile agents. In: Welzl, E., Montanari, U., Rolim, J.D.P. (eds.) ICALP 2000. LNCS, vol. 1853, pp. 512–523. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  6. 6.
    Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  7. 7.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC 2009, pp. 169–178. ACM, New York (2009)CrossRefGoogle Scholar
  8. 8.
    Gentry, C., Halevi, S., Vaikuntanathan, V.: i-hop homomorphic encryption schemes. Cryptology ePrint Archive, Report 2010/145 (2010)Google Scholar
  9. 9.
    Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984)zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Ishai, Y., Paskin, A.: Evaluating branching programs on encrypted data. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 575–594. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    Kushilevitz, E., Ostrovsky, R.: Replication is NOT Needed: SINGLE Database, Computationally-Private Information Retrieval. In: FOCS 1997, pp. 364–373. IEEE, Los Alamitos (1997)Google Scholar
  12. 12.
    Lindell, Y., Pinkas, B.: A Proof of Security of Yao’s Protocol for Two-Party Computation. J. Cryptology 22(2), 161–188 (2009)zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: ACM-SIAM Symposium on Discrete Algorithms - SODA 2001, pp. 448–457. ACM, New York (2001)Google Scholar
  14. 14.
    Naor, M., Segev, G.: Public-key cryptosystems resilient to key leakage. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 18–35. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  15. 15.
    Rivest, R., Adleman, L., Dertouzos, M.: On data banks and privacy homomorphisms. In: Foundations of Secure Computation, pp. 169–177. Academic Press, London (1978)Google Scholar
  16. 16.
    Sander, T., Young, A., Yung, M.: Non-interactive CryptoComputing for NC1. In: 40th Annual Symposium on Foundations of Computer Science - FOCS 1999, pp. 554–567. IEEE, Los Alamitos (1999)Google Scholar
  17. 17.
    Smart, N., Vercauteren, F.: Fully homomorphic encryption with relatively small key and ciphertext sizes. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 420–443. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  18. 18.
    van Dijk, M., Gentry, C., Halevi, S., Vaikuntanathan, V.: Fully homomorphic encryption over the integers. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 24–43. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  19. 19.
    Yao, A.C.: Protocols for secure computations (extended abstract). In: 23rd Annual Symposium on Foundations of Computer Science – FOCS 1982, pp. 160–164. IEEE, Los Alamitos (1982)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  1. 1.IBM T.J. Watson Research Center 

Personalised recommendations