CRT-based fully homomorphic encryption over the integers

Jung Hee Cheon; Jinsu Kim; Moon Sung Lee; Aaram Yun

doi:10.1016/j.ins.2015.03.019

CRT-based fully homomorphic encryption over the integers

Jung Hee Cheon, Jinsu Kim, Moon Sung Lee, Aaram Yun

Cyber Security

Research output: Contribution to journal › Article › peer-review

32 Scopus citations

Abstract

In 1978, Rivest, Adleman and Dertouzos introduced the basic concept of privacy homomorphism that allows computation on encrypted data without decryption. It was an interesting work whose idea precedes the recent development of fully homomorphic encryption, although actual example schemes proposed in the paper are all susceptible to simple known-plaintext attacks. In this paper, we revisit one of their proposals, in particular the third scheme which is based on the Chinese Remainder Theorem and is ring homomorphic. It is known that only a single pair of known plaintext/ciphertext is needed to break this scheme. However, by exploiting the standard technique to insert an error to a message before encryption, we can cope with this problem. We present a secure modification of their proposal by showing that the proposed scheme is fully homomorphic and secure against the chosen plaintext attacks under the approximate GCD assumption and the sparse subset sum assumption when the message space is restricted to Z2k. Interestingly, the proposed scheme can be regarded as a generalization of the DGHV scheme with larger plaintext space. Our scheme has O∼(^λ5) ciphertext expansion overhead while the DGHV has O∼(^λ8) for the security parameter λ. When restricted to the homomorphic encryption scheme with depth of O(logλ), the overhead is reduced to O∼(λ). Our scheme can be used in applications requiring a large message space ^ZQ for logQ=O(^λ4), or SIMD style operations on ZQk for logQ=O(λ),k=O(^λ3), with O∼(^λ5) ciphertext size as in the DGHV.

Original language	English
Pages (from-to)	149-162
Number of pages	14
Journal	Information Sciences
Volume	310
DOIs	https://doi.org/10.1016/j.ins.2015.03.019
State	Published - 20 Jul 2015

Bibliographical note

Funding Information:
We would like to thank Taekyoung Kwon and Hyung Tae Lee for valuable comments. The first, second, and third authors were supported by the ICT R&D program of MSIP/IITP [No. 10047212] and the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIP) (No. 2014R1A2A1A11050917 ). The third author was also supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education ( NRF-2012R1A1A2039129 ). The last author was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education (No. 2011-0025127 ).

Publisher Copyright:
© 2015 Published by Elsevier Inc.

Keywords

Approximate gcd
Chinese remainder theorem
DGHV
Homomorphic encryption
Privacy homomorphism

Access to Document

10.1016/j.ins.2015.03.019

Cite this

@article{5ecd619263b04fbda965256cee8c0c4b,

title = "CRT-based fully homomorphic encryption over the integers",

abstract = "In 1978, Rivest, Adleman and Dertouzos introduced the basic concept of privacy homomorphism that allows computation on encrypted data without decryption. It was an interesting work whose idea precedes the recent development of fully homomorphic encryption, although actual example schemes proposed in the paper are all susceptible to simple known-plaintext attacks. In this paper, we revisit one of their proposals, in particular the third scheme which is based on the Chinese Remainder Theorem and is ring homomorphic. It is known that only a single pair of known plaintext/ciphertext is needed to break this scheme. However, by exploiting the standard technique to insert an error to a message before encryption, we can cope with this problem. We present a secure modification of their proposal by showing that the proposed scheme is fully homomorphic and secure against the chosen plaintext attacks under the approximate GCD assumption and the sparse subset sum assumption when the message space is restricted to Z2k. Interestingly, the proposed scheme can be regarded as a generalization of the DGHV scheme with larger plaintext space. Our scheme has O∼(λ5) ciphertext expansion overhead while the DGHV has O∼(λ8) for the security parameter λ. When restricted to the homomorphic encryption scheme with depth of O(logλ), the overhead is reduced to O∼(λ). Our scheme can be used in applications requiring a large message space ZQ for logQ=O(λ4), or SIMD style operations on ZQk for logQ=O(λ),k=O(λ3), with O∼(λ5) ciphertext size as in the DGHV.",

keywords = "Approximate gcd, Chinese remainder theorem, DGHV, Homomorphic encryption, Privacy homomorphism",

author = "Cheon, {Jung Hee} and Jinsu Kim and Lee, {Moon Sung} and Aaram Yun",

note = "Funding Information: We would like to thank Taekyoung Kwon and Hyung Tae Lee for valuable comments. The first, second, and third authors were supported by the ICT R&D program of MSIP/IITP [No. 10047212] and the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIP) (No. 2014R1A2A1A11050917 ). The third author was also supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education ( NRF-2012R1A1A2039129 ). The last author was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education (No. 2011-0025127 ). Publisher Copyright: {\textcopyright} 2015 Published by Elsevier Inc.",

year = "2015",

month = jul,

day = "20",

doi = "10.1016/j.ins.2015.03.019",

language = "English",

volume = "310",

pages = "149--162",

journal = "Information Sciences",

issn = "0020-0255",

publisher = "Elsevier Inc.",

}

TY - JOUR

T1 - CRT-based fully homomorphic encryption over the integers

AU - Cheon, Jung Hee

AU - Kim, Jinsu

AU - Lee, Moon Sung

AU - Yun, Aaram

N1 - Funding Information: We would like to thank Taekyoung Kwon and Hyung Tae Lee for valuable comments. The first, second, and third authors were supported by the ICT R&D program of MSIP/IITP [No. 10047212] and the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIP) (No. 2014R1A2A1A11050917 ). The third author was also supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education ( NRF-2012R1A1A2039129 ). The last author was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education (No. 2011-0025127 ). Publisher Copyright: © 2015 Published by Elsevier Inc.

PY - 2015/7/20

Y1 - 2015/7/20

N2 - In 1978, Rivest, Adleman and Dertouzos introduced the basic concept of privacy homomorphism that allows computation on encrypted data without decryption. It was an interesting work whose idea precedes the recent development of fully homomorphic encryption, although actual example schemes proposed in the paper are all susceptible to simple known-plaintext attacks. In this paper, we revisit one of their proposals, in particular the third scheme which is based on the Chinese Remainder Theorem and is ring homomorphic. It is known that only a single pair of known plaintext/ciphertext is needed to break this scheme. However, by exploiting the standard technique to insert an error to a message before encryption, we can cope with this problem. We present a secure modification of their proposal by showing that the proposed scheme is fully homomorphic and secure against the chosen plaintext attacks under the approximate GCD assumption and the sparse subset sum assumption when the message space is restricted to Z2k. Interestingly, the proposed scheme can be regarded as a generalization of the DGHV scheme with larger plaintext space. Our scheme has O∼(λ5) ciphertext expansion overhead while the DGHV has O∼(λ8) for the security parameter λ. When restricted to the homomorphic encryption scheme with depth of O(logλ), the overhead is reduced to O∼(λ). Our scheme can be used in applications requiring a large message space ZQ for logQ=O(λ4), or SIMD style operations on ZQk for logQ=O(λ),k=O(λ3), with O∼(λ5) ciphertext size as in the DGHV.

AB - In 1978, Rivest, Adleman and Dertouzos introduced the basic concept of privacy homomorphism that allows computation on encrypted data without decryption. It was an interesting work whose idea precedes the recent development of fully homomorphic encryption, although actual example schemes proposed in the paper are all susceptible to simple known-plaintext attacks. In this paper, we revisit one of their proposals, in particular the third scheme which is based on the Chinese Remainder Theorem and is ring homomorphic. It is known that only a single pair of known plaintext/ciphertext is needed to break this scheme. However, by exploiting the standard technique to insert an error to a message before encryption, we can cope with this problem. We present a secure modification of their proposal by showing that the proposed scheme is fully homomorphic and secure against the chosen plaintext attacks under the approximate GCD assumption and the sparse subset sum assumption when the message space is restricted to Z2k. Interestingly, the proposed scheme can be regarded as a generalization of the DGHV scheme with larger plaintext space. Our scheme has O∼(λ5) ciphertext expansion overhead while the DGHV has O∼(λ8) for the security parameter λ. When restricted to the homomorphic encryption scheme with depth of O(logλ), the overhead is reduced to O∼(λ). Our scheme can be used in applications requiring a large message space ZQ for logQ=O(λ4), or SIMD style operations on ZQk for logQ=O(λ),k=O(λ3), with O∼(λ5) ciphertext size as in the DGHV.

KW - Approximate gcd

KW - Chinese remainder theorem

KW - DGHV

KW - Homomorphic encryption

KW - Privacy homomorphism

UR - http://www.scopus.com/inward/record.url?scp=84926687996&partnerID=8YFLogxK

U2 - 10.1016/j.ins.2015.03.019

DO - 10.1016/j.ins.2015.03.019

M3 - Article

AN - SCOPUS:84926687996

SN - 0020-0255

VL - 310

SP - 149

EP - 162

JO - Information Sciences

JF - Information Sciences

ER -

CRT-based fully homomorphic encryption over the integers

Abstract

Bibliographical note

Keywords

Access to Document

Fingerprint

Cite this