Skip to main content
SpringerLink
Log in

Homomorphic AES evaluation using the modified LTV scheme

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

Since its introduction more than a decade ago the homomorphic properties of the NTRU encryption scheme have gone largely ignored. A variant of NTRU proposed by Stehlé and Steinfeld was recently extended into a full fledged multi-key fully homomorphic encryption scheme by López-Alt, Tromer and Vaikuntanathan (LTV). This NTRU based FHE presents a viable alternative to the currently dominant BGV style FHE schemes. While the scheme appears to be more efficient, a full implementation and comparison to BGV style implementations has been missing in the literature. In this work, we develop a customized implementation of the LTV. First parameters are selected to yield an efficient and yet secure LTV instantiation. We present an analysis of the noise growth that allows us to formulate a modulus cutting strategy for arbitrary circuits. Furthermore, we introduce a specialization of the ring structure that allows us to drastically reduce the public key size making evaluation of deep circuits such as the AES block cipher viable on a standard computer with a reasonable amount of memory. Moreover, with the modulus specialization the need for key switching is eliminated. Finally, we present a generic bit-sliced implementation of the LTV scheme that embodies a number of optimizations. To assess the performance of the scheme we homomorphically evaluate the full 10 round AES circuit in 29 h with 2048 message slots resulting in 51 s per AES block evaluation time.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Notes

  1. Ignoring those terms will result in a more conservative estimation.

References

  1. Gentry C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing, Ser. STOC ’09, pp. 169–178. ACM, New York (2009).

  2. Rivest R., Adleman L., Dertouzos M.: On Data Banks and Privacy Homomorphisms, pp. 169–177. Academic Press, New York (1978).

  3. Gentry C., Halevi S.: Implementing gentrys fully-homomorphic encryption scheme. In: Paterson K. (ed.) Advances in Cryptology (EUROCRYPT 2011). Lecture Notes in Computer Science, vol. 6632, pp. 129–148. Springer, Berlin (2011).

  4. Wang W., Hu Y., Chen L., Huang X., Sunar B.: Accelerating fully homomorphic encryption using GPU. In: High Performance Extreme Computing (HPEC), Sept 2012, pp. 1–5 (2012).

  5. Brakerski Z., Gentry C., Vaikuntanathan V.: (leveled) fully homomorphic encryption without bootstrapping. In: Proceedings of the 3rd Innovations in Theoretical Computer Science Conference (ITCS ’12), pp. 309–325. ACM, New York (2012).

  6. Gentry C., Halevi S., Smart N.: Homomorphic evaluation of the AES circuit. In: Safavi-Naini R., Canetti R. (eds.) Advances in Cryptology (CRYPTO 2012). Lecture Notes in Computer Science, vol. 7417, pp. 850–867. Springer, Berlin (2012). doi:10.1007/978-3-642-32009-5_49.

  7. Gentry C., Halevi S., Smart N.: Fully homomorphic encryption with polylog overhead. In: Pointcheval D., Johansson T. (eds.) Advances in Cryptology (EUROCRYPT 2012). Lecture Notes in Computer Science, vol. 7237, pp. 465–482. Springer, Berlin (2012). doi:10.1007/978-3-642-29011-4_28.

  8. Smart N., Vercauteren F.: Fully homomorphic SIMD operations. Des. Codes Cryptogr. 71(1), 57–81, (2014). doi:10.1007/s10623-012-9720-4.

  9. López-Alt A., Tromer E., Vaikuntanathan V.: On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption. In: Proceedings of the 44th Annual ACM Symposium on Theory of Computing (STOC ’12), pp. 1219–1234. ACM, New York (2012).

  10. Hoffstein J., Pipher J., Silverman J.: NTRU: a ring-based public key cryptosystem. In: Buhler J. (ed.) Algorithmic Number Theory. Lecture Notes in Computer Science, vol. 1423, pp. 267–288. Springer, Berlin. doi:10.1007/BFb0054868.

  11. Stehl D., Steinfeld R.: Making NTRU as secure as worst-case problems over ideal lattices. In: Paterson K. (ed.) Advances in Cryptology (EUROCRYPT 2011). Lecture Notes in Computer Science, vol. 6632, pp. 27–47. Springer, Berlin (2011). doi:10.1007/978-3-642-20465-4_4.

  12. Bos J., Lauter K., Loftus J., Naehrig M.: Improved security for a ring-based fully homomorphic encryption scheme. In: Stam M. (ed.) Cryptography and Coding. Lecture Notes in Computer Science, vol. 8308, pp. 45–64. Springer, Berlin (2013). doi:10.1007/978-3-642-45239-0_4.

  13. Brakerski Z.: Fully homomorphic encryption without modulus switching from classical gapSVP. In: Safavi-Naini R., Canetti R. (eds.) Advances in Cryptology (CRYPTO 2012). Lecture Notes in Computer Science, vol. 7417, pp. 868–886. Springer, Berlin (2012). doi:10.1007/978-3-642-32009-5_50.

  14. Micciancio D., Regev O.: Worst-case to average-case reductions based on gaussian measures. SIAM J. Comput. 37(1), 267–302 (2007). doi:10.1137/S0097539705447360.

  15. Lyubashevsky V., Peikert C., Regev O.: On ideal lattices and learning with errors over rings. In: Gilbert H. (ed.) Advances in Cryptology (EUROCRYPT 2010). Lecture Notes in Computer Science, vol. 6110, pp. 1–23. Springer, Berlin (2010). doi:10.1007/978-3-642-13190-5_1.

  16. Micciancio D., Regev O.: Lattice-based cryptography. In: Bernstein D., Buchmann J., Dahmen E. (eds.) Post-quantum Cryptography, pp. 147–191. Springer, Berlin (2009). doi:10.1007/978-3-540-88702-7_5.

  17. Lindner R., Peikert C.: Better key sizes (and attacks) for LWE-based encryption. In: Kiayias A. (ed.) Topics in Cryptology (CT-RSA 2011). Lecture Notes in Computer Science, vol. 6558, pp. 319–339. Springer, Berlin (2011). doi:10.1007/978-3-642-19074-2_21.

  18. Hoffstein J., Silverman J.H., Whyte W.: Estimated breaking times for NTRU lattices. version 2, NTRU Cryptosystems, Technical Report (2003).

  19. Gama N., Nguyen P.: Predicting lattice reduction. In: Smart N. (ed.) Advances in Cryptology (EUROCRYPT 2008). Lecture Notes in Computer Science, vol. 4965, pp. 31–51. Springer, Berlin (2008). doi:10.1007/978-3-540-78967-3_3.

  20. Coppersmith D., Shamir A.: Lattice attacks on NTRU. In: Fumy W. (ed.) Advances in Cryptology (EUROCRYPT 97). Lecture Notes in Computer Science, vol. 1233, pp. 52–61. Springer, Berlin (1997). doi:10.1007/3-540-69053-0_5.

  21. Schnorr C., Euchner M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program., 66(1–3), 181–199 (1994). doi:10.1007/BF01581144.

  22. Shoup V.: NTL: A Library for Doing Number Theory. http://www.shoup.net/ntl

  23. van de Pol J., Smart N.: Estimating key sizes for high dimensional lattice-based systems. In: Stam M. (ed.) Cryptography and Coding. Lecture Notes in Computer Science, vol. 8308, pp. 290–303. Springer, Berlin (2013). doi:10.1007/978-3-642-45239-0_17.

  24. Chen Y., Nguyen P.: BKZ 2.0: better lattice security estimates. In: Lee D., Wang X. (eds.) Advances in Cryptology (ASIACRYPT 2011). Lecture Notes in Computer Science, vol. 7073, pp. 1–20. Springer, Berlin (2011). doi:10.1007/978-3-642-25385-0_1.

  25. Lepoint T., Naehrig M.: A comparison of the homomorphic encryption schemes FV and YASHE. In: Pointcheval D., Vergnaud D. (eds.) Progress in Cryptology (AFRICACRYPT 2014). Lecture Notes in Computer Science, vol. 8469, pp. 318–335. Springer, Berlin (2014). doi:10.1007/978-3-319-06734-6_20.

  26. Chen Y., Nguyen P.: BKZ 2.0: Better Lattice Security Estimates. (2013). http://www.di.ens.fr/ychen/research/Full_BKZ.pdf.

  27. Silverman J.H.: Invertibility in Truncated Polynomial Rings. Technical report, NTRU Cryptosystems (1998).

  28. Schnhage A., Strassen V.: Schnelle multiplikation großer zahlen. Computing 7(3–4), 281–292 (1971).

  29. Canright D.: A very compact S-Box for AES. In: Rao J., Sunar B. (eds.) Cryptographic Hardware and Embedded Systems (CHES 2005). Lecture Notes in Computer Science, vol. 3659, pp. 441–455. Springer, Berlin (2005). doi:10.1007/11545262_32.

  30. Gentry C., Halevi S., Smart N.: Homomorphic evaluation of the AES circuit (updated implementation). (2015). https://eprint.iacr.org/2012/099.pdf.

  31. Mella S., Susella R.: On the homomorphic computation of symmetric cryptographic primitives. In: Stam M. (ed.) Cryptography and Coding. Lecture Notes in Computer Science, vol. 8308, pp. 28–44. Springer, Berlin (2013). doi:10.1007/978-3-642-45239-0_3.

  32. Helib: A Software Library that Implements Homomorphic Encryption (HE). https://github.com/shaih/HElib.

  33. Dai W., Doröz Y., Sunar B.: Accelerating NTRU based homomorphic encryption using GPUs. IACR Cryptology ePrint Archive, vol. 389 (2014). http://eprint.iacr.org/2014/389.

  34. Öztürk E., Doröz Y., Sunar B., Savaş E.: Accelerating somewhat homomorphic evaluation using FPGAs. Cryptology ePrint Archive, Report 2015/294 (2015). http://eprint.iacr.org/.

Download references

Acknowledgments

We would like to thank Jeffrey Hoffstein for pointing us to Coppersmith and Shamir’s paper [20], and for helpful discussions to William J. Martin on the LTV scheme and to Joppe W. Bos and Michael Naehrig for clarifying the YASHE scheme. This work was in part supported by the NSF-CNS Awards #1117590 and #1319130.

Author information

Authors and Affiliations

  1. Worcester Polytechnic Institute, 100 Institute Rd, Worcester, MA, 01609, USA

    Yarkın Doröz, Yin Hu & Berk Sunar

Authors
  1. Yarkın Doröz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yin Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Berk Sunar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yarkın Doröz.

Additional information

Communicated by L. Perret.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Doröz, Y., Hu, Y. & Sunar, B. Homomorphic AES evaluation using the modified LTV scheme. Des. Codes Cryptogr. 80, 333–358 (2016). https://doi.org/10.1007/s10623-015-0095-1

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-015-0095-1

Keywords

Mathematics Subject Classification

Search

Navigation