TY - GEN
T1 - Batch fully homomorphic encryption over the integers
AU - Cheon, Jung Hee
AU - Coron, Jean Sébastien
AU - Kim, Jinsu
AU - Lee, Moon Sung
AU - Lepoint, Tancrède
AU - Tibouchi, Mehdi
AU - Yun, Aaram
PY - 2013
Y1 - 2013
N2 - We extend the fully homomorphic encryption scheme over the integers of van Dijk et al.(DGHV) into a batch fully homomorphic encryption scheme, i.e. to a scheme that supports encrypting and homomorphically processing a vector of plaintexts as a single ciphertext. We present two variants in which the semantic security is based on different assumptions. The first variant is based on a new decisional problem, the Decisional Approximate-GCD problem, whereas the second variant is based on the more classical computational Error-Free Approximate-GCD problem but requires additional public key elements. We also show how to perform arbitrary permutations on the underlying plaintext vector given the ciphertext and the public key. Our scheme offers competitive performance even with the bootstrapping procedure: we describe an implementation of the homomorphic evaluation of AES, with an amortized cost of about 12 minutes per AES ciphertext on a standard desktop computer; this is comparable to the timings presented by Gentry et al.at Crypto 2012 for their implementation of a Ring-LWE based fully homomorphic encryption scheme.
AB - We extend the fully homomorphic encryption scheme over the integers of van Dijk et al.(DGHV) into a batch fully homomorphic encryption scheme, i.e. to a scheme that supports encrypting and homomorphically processing a vector of plaintexts as a single ciphertext. We present two variants in which the semantic security is based on different assumptions. The first variant is based on a new decisional problem, the Decisional Approximate-GCD problem, whereas the second variant is based on the more classical computational Error-Free Approximate-GCD problem but requires additional public key elements. We also show how to perform arbitrary permutations on the underlying plaintext vector given the ciphertext and the public key. Our scheme offers competitive performance even with the bootstrapping procedure: we describe an implementation of the homomorphic evaluation of AES, with an amortized cost of about 12 minutes per AES ciphertext on a standard desktop computer; this is comparable to the timings presented by Gentry et al.at Crypto 2012 for their implementation of a Ring-LWE based fully homomorphic encryption scheme.
KW - Approximate GCD
KW - Batch Encryption
KW - Chinese Remainder Theorem
KW - Fully Homomorphic Encryption
KW - Homomorphic AES
UR - http://www.scopus.com/inward/record.url?scp=84883356524&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-38348-9_20
DO - 10.1007/978-3-642-38348-9_20
M3 - Conference contribution
AN - SCOPUS:84883356524
SN - 9783642383472
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 315
EP - 335
BT - Advances in Cryptology, EUROCRYPT 2013 - 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
T2 - 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2013
Y2 - 26 May 2013 through 30 May 2013
ER -