Dissertations / Theses on the topic 'Fully homomorphic encryption'

Fully homomorphic encryption is an encryption scheme where a party can receive encrypted data and perform arbitrary operations on this data efficiently.The data remains encrypted throughout, but the operations can be done regardless, without having to know the decryption key.Such a scheme would be very advantageous, for example in ensuring the privacy of data that is sent to a third-party service.This is in contrast with schemes like Paillier where you can not perform a multiplication of encrypted data without decrypting the data first, or ElGamal where you can not perform an addition of encrypted data without decrypting the data first.This thesis acts as a survey of the most recent fully homomorphic encryption schemes. We study some of the latest fully homomorphic encryption schemes, make an analysis of them and make a comparison.These schemes have some elements in common:1. An efficient lattice-based cryptosystem, with security based on the hardness of well-known lattice problems. 2. An evaluation function with definitions for $c_{add}$ and $c_{mult}$, such that the noise does not rapidly increase.3. Techniques to make the scheme fully homomorphic with this evaluation function. Whenever possible, we rewrite the main results of these schemes in a more detailed and readable format.Apart from Gentry's scheme, the schemes that we choose to discuss are very new. The earliest one was published in October 2011, while some are still only available as eprints. We hope this work can help readers be up to date with the field of fully homomorphic encryption, paving way to further advances in the field.

Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2016.
This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.
Cataloged from student-submitted PDF version of thesis.
Includes bibliographical references (pages 50-51).
Fully homomorphic encryption (FHE) presents the possibility of removing the need to trust cloud providers with plaintext data. We present two new FHE scheme variants of BGV'12, both of which remove the need for key switching after a ciphertext multiplication, overall halving the runtime of bootstrapping. We also present multiple implementations of 32-bit integer addition evaluation, the fastest of which spends 16 seconds computing the addition circuit and 278 seconds bootstrapping. We nd that bootstrapping consumes approximately 90% of the computation time for integer addition and secure parameter settings are currently bottlenecked by the memory size of commodity hardware.
by Kevin C. King.
M. Eng.

Fully homomorphic encryption (FHE) allows for computation of arbitrary func- tions on encrypted data by a third party, while keeping the contents of the encrypted data secure. This area of research has exploded in recent years following Gentry’s seminal work. However, the early realizations of FHE, while very interesting from a theoretical and proof-of-concept perspective, are unfortunately far too inefficient to provide any use in practice. The bootstrapping step is the main bottleneck in current FHE schemes. This step refreshes the noise level present in the ciphertexts by homomorphically evaluating the scheme’s decryption function over encryptions of the secret key. Bootstrapping is necessary in all known FHE schemes in order to allow an unlimited amount of computation, as without bootstrapping, the noise in the ciphertexts eventually grows to a point where decryption is no longer guaranteed to be correct. In this work, we present two new bootstrapping algorithms for FHE schemes. The first works on packed ciphertexts, which encrypt many bits at a time, while the second works on unpacked ciphertexts, which encrypt a single bit at a time. Our algorithms lie at the heart of the fastest currently existing implementations of fully homomorphic encryption for packed ciphertexts and for single-bit encryptions, respectively, running hundreds of times as fast for practical parameters as the previous best implementations.

Homomorphic encryption has progressed rapidly in both efficiency and versatility since its emergence in 2009. Meanwhile, a multitude of pressing privacy needs --- ranging from cloud computing to healthcare management to the handling of shared databases such as those containing genomics data --- call for immediate solutions that apply fully homomorpic encryption (FHE) and somewhat homomorphic encryption (SHE) technologies. Recent rapid progress in fully homomorphic encryption has catalyzed renewed efforts to develop efficient privacy preserving protocols. Several works have already appeared in the literature that provide solutions to these problems by employing leveled or somewhat homomorphic encryption techniques. Here, we propose efficient ways of adapting the most fundamental programming problems; boolean algebra, arithmetic in binary and higher radix representation, sorting, and search to the fully homomorphic encryption domain by focusing on the multiplicative depth of the circuits alongside the more traditional metrics. The reduced depth allows much reduced noise growth and thereby makes it possible to select smaller parameter sizes in leveled FHE instantiations resulting in greater efficiency savings. We begin by exploring already existing solutions to these programming problems, and analyze them in terms of homomorphic evaluation and memory costs. Most of these algorithms appear to be not the best candidates for FHE solutions, hence we propose new methods and improvements over the existing algorithms to optimize performance.

L'argomento di cui tratta questa tesi è il modello proposto da Craig Gentry per ottenere uno schema di crittografia fully homomorphic, ovvero uno schema di crittografia che permetta di eseguire operazioni arbitrarie sui dati cifrati senza essere prima costretti a decifrarli. L'idea è quella di prendere uno schema somewhat homomorphic, cioè in grado di eseguire solo operazioni di complessità molto limitata sui dati cifrati, e renderlo bootstrappable, ovvero capace di valutare circuiti più complessi del proprio circuito di decrittazione. Saranno esaminate le caratteristiche che deve possedere uno schema somewhat homomorphic per poterlo rendere bootstrappable e i passaggi necessari per diminuire la complessità della decrittazione senza ridurre la sua capacità di valutazione dei circuiti. Infine saranno proposte alcune possibili applicazioni.

Le chiffrement totalement homomorphe permet d’effectuer des calculs sur des données chiffrées sans fuite d’information sur celles-ci. Pour résumer, un utilisateur peut chiffrer des données, tandis qu’un serveur, qui n’a pas accès à la clé de déchiffrement, peut appliquer à l’aveugle un algorithme sur ces entrées. Le résultat final est lui aussi chiffré, et il ne peut être lu que par l’utilisateur qui possède la clé secrète. Dans cette thèse, nous présentons des nouvelles techniques et constructions pour le chiffrement totalement homomorphe qui sont motivées par des applications en apprentissage automatique, en portant une attention particulière au problème de l’inférence homomorphe, c’est-à-dire l’évaluation de modèles cognitifs déjà entrainé sur des données chiffrées. Premièrement, nous proposons un nouveau schéma de chiffrement totalement homomorphe adapté à l’évaluation de réseaux de neurones artificiels sur des données chiffrées. Notre schéma atteint une complexité qui est essentiellement indépendante du nombre de couches dans le réseau, alors que l’efficacité des schéma proposés précédemment dépend fortement de la topologie du réseau. Ensuite, nous présentons une nouvelle technique pour préserver la confidentialité du circuit pour le chiffrement totalement homomorphe. Ceci permet de cacher l’algorithme qui a été exécuté sur les données chiffrées, comme nécessaire pour protéger les modèles propriétaires d’apprentissage automatique. Notre mécanisme rajoute un coût supplémentaire très faible pour un niveau de sécurité égal. Ensemble, ces résultats renforcent les fondations du chiffrement totalement homomorphe efficace pour l’apprentissage automatique, et représentent un pas en avant vers l’apprentissage profond pratique préservant la confidentialité. Enfin, nous présentons et implémentons un protocole basé sur le chiffrement totalement homomorphe pour le problème de recherche d’information confidentielle, c’est-à-dire un scénario où un utilisateur envoie une requête à une base de donnée tenue par un serveur sans révéler cette requête
Fully homomorphic encryption enables computation on encrypted data without leaking any information about the underlying data. In short, a party can encrypt some input data, while another party, that does not have access to the decryption key, can blindly perform some computation on this encrypted input. The final result is also encrypted, and it can be recovered only by the party that possesses the secret key. In this thesis, we present new techniques/designs for FHE that are motivated by applications to machine learning, with a particular attention to the problem of homomorphic inference, i.e., the evaluation of already trained cognitive models on encrypted data. First, we propose a novel FHE scheme that is tailored to evaluating neural networks on encrypted inputs. Our scheme achieves complexity that is essentially independent of the number of layers in the network, whereas the efficiency of previously proposed schemes strongly depends on the topology of the network. Second, we present a new technique for achieving circuit privacy for FHE. This allows us to hide the computation that is performed on the encrypted data, as is necessary to protect proprietary machine learning algorithms. Our mechanism incurs very small computational overhead while keeping the same security parameters. Together, these results strengthen the foundations of efficient FHE for machine learning, and pave the way towards practical privacy-preserving deep learning. Finally, we present and implement a protocol based on homomorphic encryption for the problem of private information retrieval, i.e., the scenario where a party wants to query a database held by another party without revealing the query itself

Craig Gentry a proposé en 2009 le premier schéma de chiffrement complétement homomorphe. Depuis, un effort conséquent a été, et est toujours, fourni par la communauté scientifique pour rendre utilisable ce nouveau type de cryptographie. Son côté révolutionnaire tient au fait qu'il permet d'effectuer des traitements directement sur des données chiffrées (sans que l’entité réalisant les traitements ait besoin de les déchiffrer). Plusieurs pistes se sont développées en parallèle, explorant d'un côté des schémas complétement homomorphes, plus flexibles entermes d'applications mais plus contraignants en termes de taille de données ou en coût de calcul, et de l'autre côté des schémas quelque peu homomorphes, moins flexibles mais aussi moins coûteux. Cette thèse, réalisée au sein de la chaire de cyberdéfense des systèmes navals, s’inscrit dans cette dynamique. Nous avons endossé divers rôles. Tout d’abord un rôle d'attaquant pour éprouver la sécurité des hypothèses sous-jacentes aux propositions. Ensuite, nous avons effectué un état de l’art comparatif des schémas quelque peu homomorphes les plus prometteurs afin d'identifier le(s) meilleur(s) selon les cas d’usages, et de donner des conseils dans le choix des paramètres influant sur leur niveau de sécurité, la taille des données chiffrées et le coût algorithmique des calculs. Enfin, nous avons endossé le rôle du concepteur en proposant un nouveau schéma complétement homomorphe performant, ainsi que son implémentation mise à disposition sur github
Craig Gentry presented in 2009 the first fully homomorphic encryption scheme. Since then, a tremendous effort has been, and still is, dedicated by the cryptographic community to make practical this new kind of cryptography. It is revolutionnary because it enables direct computation on encrypted data (without the need for the computing entity to decrypt them). Several trends have been developed in parallel, exploring on one side fully homomorphic encryption schemes, more versatile for applications but more costly in terms of time and memory. On the other side, the somewhat homomorphic encryption schemes are less flexible but more efficient. This thesis, achieved within the Chair of Naval Cyber Defence, contributes to these trends. We have endorsed different roles. First, an attacker position to assess the hardness of the security assumptions of the proposals. Then, we conducted a state-of-the-art of the most promising schemes in order to identify the best(s) depending on the use-cases and to give precise advice to appropriately set the parameters that drive security level, ciphertext sizes and computation costs. Last, we endorsed a designer role. We proposed a new powerful fully homomorphic encryption scheme together with its open-source implementation, available on github

We give a review of the Smart-Vercauteren fully homomorphic encryp-tion scheme presented in 2010. The scheme follows Craig Gentry’sblueprint of first defining a somewhat homomorphic encryption scheme,and prove that it is bootstrappable. This is then used to create the fullyhomomorphic scheme. Compared to the original paper by Smart andVercauteren, we give a more comprehensive background, and explainsthe concepts of the scheme more in detail. This text is therefore wellsuited for readers who find Smart and Vercauteren’s paper too brief.

" In the last decade, cloud computing became popular among companies for outsourcing some of their services. Companies use cloud services to store crucial information such as financial and client data. Cloud services are not only cost effective but also easier to manage since the companies avoid maintenance of servers. Although cloud has its advantages, maintaining the security is a big concern. Cloud services might not have any malicious intent, but attacks targeting cloud systems could easily steal vital data belong to the companies. The only protection that assures the security of the information is a strong encryption. However, these schemes only protects the information but prevent you to do any computation on the data. This was an open problem for more than 30 years and it has been solved recently by the introduction of the first fully homomorphic encryption (FHE) scheme by Gentry. The FHE schemes allow you to do arbitrary computation on an encrypted data by still preserving the encryption. Namely, the message is not revealed (decrypted) at any given time while computing the arbitrary circuit. However, the first FHE scheme is not practical for any practical application. Later, numerous research work has been published aiming at making fully homomorphic encryption practical for daily use, but still they were too inefficient to be used in everyday practical applications. In this dissertation we tackle the efficiency problems of fully homomorphic encryption (FHE) schemes. We propose two new FHE schemes that improve the storage requirement and runtime performance. The first scheme (Doröz, Hu and Sunar) reduces the size of the evaluation keys in existing NTRU based FHE schemes. In the second scheme (F-NTRU) we designed an NTRU based FHE scheme which is not only free of costly evaluation keys but also competitive in runtime performance. We further proposed two hardware accelerators to increase the performance of arithmetic operations underlying the schemes. The first accelerator is a custom hardware architecture for realizing the Gentry-Halevi fully homomorphic encryption scheme. This contribution presents the first full realization of FHE in hardware. The architecture features an optimized multi-million bit multiplier based on the Schönhage-Strassen multiplication algorithm. Moreover, a number of optimizations including spectral techniques as well as a precomputation strategy is used to significantly improve the performance of the overall design. The other accelerator is optimized for a class of reconfigurable logic for somewhat homomorphic encryption (SWHE) based schemes. Our design works as a co-processor: the most compute-heavy operations are offloaded to this specialized hardware. The core of our design is an efficient polynomial multiplier as it is the most compute-heavy operation of our target scheme. The presented architecture can compute the product of very-large polynomials more efficiently than software implementations on CPUs. Finally, to assess the performance of proposed schemes and hardware accelerators we homomorphically evaluate the AES and the Prince block ciphers. We introduce various optimizations including a storage-runtime trade-off. Our benchmarking results show significant speedups over other existing instantiations. Also, we present a private information retrieval (PIR) scheme based on a modified version of Doröz, Hu and Sunar’s homomorphic scheme. The scheme is capable of privately retrieving data from a database containing 4 billion entries. We achieve asymptotically lower bandwidth cost compared to other PIR schemes which makes it more practical. "

Many organisations are moving towards using cloud storage and cloud computation services. This raises the important issue of data security and privacy. Fully homomorphic encryption (FHE) is a privacy-preserving technique which allows computations on encrypted data without the use of a decryption key. FHE schemes have widespread applications. from secure cloud computation to the secure access of medical records for statistical purposes. However. current software implementations of FHE schemes are not practical for real time applications due to slow performance and inherently large parameter sizes required to guarantee an adequate level of security. Therefore, in this thesis, algorithmic and architectural optimisations of FHE hardware designs are proposed to Improve the performance of these schemes, targeting the FPGA platform. The focus is on FHE over the integers. The first reported hardware designs of the encryption step of the integer-based FHE scheme are proposed, incorporating Comba and FFT multiplication methods. These designs achieve speed up factors of up to 13 and 45 respectively compared to the existing benchmark software implementation. A novel design in which a low Hamming weight multiplicand Is incorporated into the multiplication required in the encryption step is also proposed to further enhance performance and a speed up factor of up to 130 is attained. A comprehensive analysis of multiplication techniques for large integers is presented to determine the most optimal hardware building blocks for FHE operations. Hardware designs of novel combinations of multiplication methods are proposed for this purpose. For some applications, these combined multiplier architectures are shown to perform better than architectures using individual multiplication methods. Throughout this research, it is shown that optimised hardware architectures of FHE schemes can greatly improve practicality; significant speed up factors, ranging up to 130, are achieved with the hardware design of the encryption step of the integer-based FHE scheme.

Security is always a big problem in IoT (internet of things),when it comes to IoT, there must have cloud computing because many devices in IoT are small embedded devices and they don’t always have enough power to finish some complex calculations. Then, they need to take advantage of a third party system especially cloud at present to finish some operations, but the cloud is not safe enough now, in which some important and private information may be leaked, then people introduce homomorphic encryption which can do calculation on encrypted data. To meet the modern needs for random calculations in which the operation can have random times’ addition and multiplication, researchers are trying to make fully homomorphic encryption practical. So in my thesis, I would choose one fully homomorphic encryption scheme to implement a detailed IoT scenario using some IoT devices such as laptop and raspberry pi. Then I would use performance measurements such as response time calculations to do the performance evaluation such as effectiveness and scalability for this technique. Finally, I find some relationship between different parameters and response time, and also effectiveness, scalability in results and conclusion part.

Le chiffrement complètement homomorphe est une classe de chiffrement permettant de calculer n’importe quelle fonction sur des données chiffrées et de produire une version chiffrée du résultat. Il permet de déléguer des données à un cloud de façon sécurisée, faire effectuer des calculs, tout en gardant le caractère privé de ces données. Cependant, l’innéficacité actuelle des schémas de chiffrement complètement homomorphes, et leur inadéquation au contexte de délégation de calculs, rend son usage seul insuffisant pour cette application. Ces deux problèmes peuvent être résolus, en utilisant ce chiffrement dans un cadre plus large, en le combinant avec un schéma de chiffrement symétrique. Cette combinaison donne naissance au chiffrement complètement homomorphe hybride, conçu dans le but d’une délégation de calculs efficace, garantissant des notions de sécurité et de vie privée. Dans cette thèse, nous étudions le chiffrement complètement homomorphe hybride et ses composantes, à travers la conception de primitives cryptographiques symétriques rendant efficace cette construction hybride. En examinant les schémas de chiffrement complètement homomorphes, nous developpons des outils pour utiliser efficacement leurs propriétés homomorphiques dans un cadre plus complexe. En analysant différents schémas symétriques, et leurs composantes, nous déterminons de bons candidats pour le contexte hybride. En étudiant la sécurité des constructions optimisant l’évaluation homomorphique, nous contribuons au domaine des fonctions booléennes utilisées en cryptologie. Plus particulièrement, nous introduisons une nouvelle famille de schémas de chiffrement symétriques, avec une nouvelle construction, adaptée au contexte hybride. Ensuite, nous nous intéressons à son comportement homomorphique, et nous étudions la sécurité de cette construction. Finalement, les particularités de cette famille de schémas de chiffrement motivant des cryptanalyses spécifiques, nous développons et analysons de nouveaux critères cryptographiques booléens
Fully homomorphic encryption, firstly built in 2009, is a very powerful kind of encryption, allowing to compute any function on encrypted data, and to get an encrypted version of the result. Such encryption enables to securely delegate data to a cloud, ask for computations, recover the result, while keeping private the data during the whole process. However, today’s inefficiency of fully homomorphic encryption, and its inadequateness to the outsourcing computation context, makes its use alone insufficient for this application. Both of these issues can be circumvented, using fully homomorphic encryption in a larger framework, by combining it with a symmetric encryption scheme. This combination gives a hybrid fully homomorphic framework, designed towards efficient outsourcing computation, providing both security and privacy. In this thesis, we contribute to the study of hybridfully homomorphic framework, through the analysis, and the design of symmetric primitives making efficient this hybrid construction. Through the examination of fully homomorphic encryption schemes, we develop tools to efficiently use the homomorphic properties in a more complex framework. By investigating various symmetric encryption schemes, and buildingblocks up to the circuit level, we determine good candidates for a hybrid context. Through evaluating the security of constructions optimizing the homomorphic evaluation, we contribute to a wide study within the cryptographic Boolean functions area. More particularly, we introduce a new family of symmetric encryption schemes, with a new design, adapted to the hybrid fully homomorphic framework. We then investigate its behavior relatively to homomorphic evaluation, and we address the security of such design. Finally, particularities of this family of ciphers motivate specific cryptanalyses, therefore we develop and analyze new cryptographic Boolean criteria

After the first plausible fully homomorphic encryption (FHE) scheme designed by Gentry, interests of a building a practical scheme in FHE has kept increasing. This paper presents an engineering study of accelerating the FHE with BGV scheme and proves the feasibility of implement certain parts of HElib on GPU. The BGV scheme is a RLWE-based FHE scheme, which introduces a set of algorithms in polynomial arithmetic. The encryption scheme is implemented in finite field. Therefore, acceleration of the large polynomial arithmetic with efficient modular reduction is the most crucial part of our research efforts. Note that our implementation does not include the noise management yet. Hence all the work is still in the stage of somewhat homomorphic encryption, namely SWHE. Finally, our implementation of the encryption procedure, when comparing with HElib compiled by 9.3.0 version NTL library on Xeon CPU, has achieved 3.4x speedup on the platform with GTX 780ti GPU.

Dans les schémas de chiffrement classique, l'objectif principal du schéma est d'assurer la confidentialité des données. Le chiffrement totalement homomorphe, une variante réalisée pour la première fois par Gentry, est un schéma de chiffrement qui permet également le calcul sur les données chiffrées, sans jamais avoir besoin de les déchiffrer. En l'utilisant, tout tiers non fiable avec le matériel de clé pertinent peut effectuer des calculs homomorphes, conduisant à de nombreuses applications où un tiers non fiable peut toujours être autorisée à calculer sur des chiffrements de données sensibles (cloud computing), ou où la confiance doit être décentralisée ( calcul multipartite).Cette thèse comporte deux contributions principales au chiffrement totalement homomorphe. Dans la première partie, on prend un FHE basé sur les nombres de Fermat et on étend le chiffrement sur des nombres à plusieurs bits. On ajoute la possibilité d'évaluer homomorphiquement des fonctions de petites tailles, et en les utilisant, on arrive à faire des additions et multiplications avec peu de bootstrappings, et qui peux servir comme composante des computations plus larges. Certains résultats plus récents sur les variables aléatoires sous-gaussiennes sont adaptés pour donner une meilleure analyse d'erreur.L'un des obstacles pour la généralisation de FHE est sa grande complexité computationelle, et des architectures optimisées pour accélérer les calculs FHE sur du matériel reconfigurable ont été proposées. La deuxième partie propose une architecture materiélle pour l'arithmetique des polynômes utilisés dans les systèmes comme FV. Elle peut être utlisée pour faire l'addition et la multiplication des polynômes anneaux, en utilisant une paire d'algorithmes NTT qui évite l'utilisation de bit reversal, et comprend les multiplications par les vecteurs de poids. Pour le côut de stocker les facteurs twiddles dans un ROM, on évite les mises à jour des twiddles, ce qui mène à un compte de cycle beaucoup plus petit
In conventional encryption schemes, the primary aim of the scheme is to ensure confidentiality of the data. Fully Homomorphic Encryption (FHE), a variant first realized by Gentry, is an encryption scheme which also allows for computation over the encrypted data, without ever needing to decrypt it. Using this, any untrusted third party with the relevant key material can perform homomorphic computations, leading to many applications where an untrusted party can still be allowed to compute over encryptions of sensitive data (cloud computing), or where the trust needs to be decentralized (multi-party computation).This thesis consists of two main contributions to Fully Homomorphic Encryption. In the first part, we take an FHE based on Fermat numbers and extend it to work with multi-bit numbers. We also add the ability to homomorphically evaluate small functions, with which we can compute additions and multiplication with only a few bootstrappings, and these can be used as building blocks for larger computations. Some newer results on sub-Gaussian random variables are adapted to give a better error analysis.One of the obstacles in bringing FHE to the mainstream remains its large computational complexity, and optimized architectures to accelerate FHE computations on reconfigurable hardware have been proposed. The second part of our thesis proposes an architecture for the polynomial arithmetic used in FV-like cryptosystems. This can be used to compute the sum and product of ring polynomials, using a pair of NTT algorithms which avoids the use of bit reversal, and subsumes the need for multiplication by weight vectors. For the cost of storing twiddle factors in a ROM, we avoid twiddle updates leading to a much smaller cycle count

Les schémas de Chiffrement Complètement Homomorphe (FHE) permettent de manipuler des données chiffrées avec grande flexibilité : ils rendent possible l'évaluation de fonctions à travers les couches de chiffrement. Depuis la découverte du premier schéma FHE en 2009 par Craig Gentry, maintes recherches ont été effectuées pour améliorer l'efficacité, atteindre des nouveaux niveaux de sécurité, et trouver des applications et liens avec d'autres domaines de la cryptographie. Dans cette thèse, nous avons étudié en détail ce type de schémas. Nos contributions font état d'une nouvelle attaque de récuperation des clés au premier schéma FHE, et d'une nouvelle notion de sécurité en structures hierarchiques, évitant une forme de trahison entre les usagers tout en gardant la flexibilité FHE. Enfin, on décrit aussi des implémentations informatiques. Cette recherche a été effectuée au sein du Laboratoire de Mathématiques de Versailles avec le Prof. Louis Goubin
Fully Homomorphic Encryption schemes allow public processing of encrypted data. Since the groundbreaking discovery of the first FHE scheme in 2009 by Craig Gentry, an impressive amount of research has been conducted to improve efficiency, achieve new levels of security, and describe real applications and connections to other areas of cryptography. In this Dissertation, we first give a detailed account on research these past years. Our contributions include a key-recovery attack on the ideal lattices FHE scheme and a new conception of hierarchic encryption, avoiding at some extent betrayal between users while maintaining the flexibility of FHE. We also describe some implementations. This research was done in the Laboratoire de Mathématiques de Versailles, under supervision of Prof. Louis Goubin

Advances in technology have now made it possible to monitor heart rate, body temperature and sleep patterns; continuously track movement; record brain activity; and sequence DNA in the jungle --- all using devices that fit in the palm of a hand. These and other recent developments have sparked interest in privacy-preserving methods: computational approaches which are able to utilise the data without leaking subjects' personal information. Classical encryption techniques have been used very successfully to protect data in transit and in storage. However, the process of encrypting data also renders it unusable in computation. Recently developed fully homomorphic encryption (FHE) techniques improve on this substantially. Unlike classical methods, which require the data to be decrypted prior to computation, homomorphic methods allow data to be simultaneously stored or transfered securely, and used in computation. However, FHE imposes serious constraints on computation, both arithmetic (e.g., no divisions can be performed) and computational (e.g., multiplications become much slower), rendering traditional statistical algorithms inadequate. In this thesis we develop statistical and machine learning methods for outsourced, privacy-preserving analysis of sensitive information under FHE. Specifically, we tackle two problems: (i) classification, using a semiparametric approach based on the naive Bayes assumption and modeling the class decision boundary directly using an approximation to univariate logistic regression; (ii) regression, using two approaches; an accelerated method for least squares estimation based on gradient descent, and a cooperative framework for Bayesian regression based on recursive Bayesian updating in a multi-party setting. Taking into account the constraints imposed by FHE, we analyse the potential of different algorithmic approaches to provide tractable solutions to these problems and give details on several computational costs and performance trade-offs.

In the past decade, one of the major breakthroughs in computer science theory is the first construction of fully homomorphic encryption (FHE) scheme introduced by Gentry. Using a FHE one may perform an arbitrary numbers of computations directly on the encrypted data without revealing of the secret key. Therefore, a practical FHE provides an invaluable security application for emerging technologies such as cloud computing and cloud-based storage. However, FHE is far from real life deployment due to serious efficiency impediments. The main part of this dissertation focuses on accelerating the existing FHE schemes using GPU and hardware design to make them more efficient and practical towards real-life applications. Another part of this dissertation is for the hardware design of the large key-size RSA cryptosystem. As the Moore law continues driving the computer technology, the key size of the Rivest-Shamir-Adelman (RSA) encryption is necessary to be upgraded to 2048, 4096 or even 8192 bits to provide higher level security. In this dissertation, the FFT multiplication is employed for the large-size RSA hardware design instead of using the traditional interleaved Montgomery multiplication to show the feasibility of the FFT multiplication for large-size RSA design.

Avec l’essor du cloud, il est devenu plus simple de déléguer la gestion et l’analyse des données à des infrastructures externes, favorisant la combinaison de données variées pour en tirer des informations utiles. Toutefois, garantir la confidentialité des données sensibles reste un obstacle majeur. Le calcul sécurisé multipartite (MPC) répond à ce défi en permettant à plusieurs participants de collaborer pour effectuer des calculs sur leurs données sans révéler celles-ci. Cette thèse explore une approche où les propriétaires des données délèguent ces calculs à des serveurs non fiables, tout en préservant sécurité et confidentialité. Pour cela, nous nous appuyons sur le chiffrement complètement homomorphe(FHE), qui permet de calculer directement sur des données chiffrées. Nos contributions incluent un protocole robuste de MPC basé sur le FHE et une méthode générique réduisant les besoins en communication. Ces avancées rendent les calculs sécurisés plus efficaces et accessibles, même pour des projets impliquant de nombreux participants
With the rise of cloud computing, it has become easier to delegate themanagement and analysis of data to external infrastructures, enabling the combinationof diverse datasets to extract valuable insights. However, ensuring the confidentialityof sensitive data remains a significant challenge. Secure multiparty computation(MPC) addresses this issue by allowing multiple participants to collaborateon computations without revealing their private data. This thesis explores an approachwhere data owners delegate these computations to untrusted servers whilemaintaining security and confidentiality. To achieve this, we rely on fully homomorphicencryption (FHE), which allows computations to be performed directly on encrypteddata. Our contributions include a robust MPC protocol based on FHE and a genericmethod that minimizes communication requirements.These advancements make secure computations more efficient and accessible,even for projects involving a large number of participants

La cryptographie à base de réseaux euclidiens a généré un vif intérêt durant les deux dernièresdécennies grâce à des propriétés intéressantes, incluant une conjecture de résistance àl’ordinateur quantique, de fortes garanties de sécurité provenant d’hypothèses de difficulté sur lepire cas et la construction de schémas de chiffrement pleinement homomorphes. Cela dit, bienqu’elle soit cruciale à bon nombre de schémas à base de réseaux euclidiens, la génération debruit gaussien reste peu étudiée et continue de limiter l’efficacité de cette cryptographie nouvelle.Cette thèse s’attelle dans un premier temps à améliorer l’efficacité des générateurs de bruitgaussien pour les signatures hache-puis-signe à base de réseaux euclidiens. Nous proposons unnouvel algorithme non-centré, avec un compromis temps-mémoire flexible, aussi rapide que savariante centrée pour des tables pré-calculées de tailles acceptables en pratique. Nousemployons également la divergence de Rényi afin de réduire la précision nécessaire à la doubleprécision standard. Notre second propos tient à construire Falcon, un nouveau schéma designature hache-puis-signe, basé sur la méthode théorique de Gentry, Peikert et Vaikuntanathanpour les signatures à base de réseaux euclidiens. Nous instancions cette méthode sur les réseauxNTRU avec un nouvel algorithme de génération de trappes
Lattice-based cryptography has generated considerable interest in the last two decades due toattractive features, including conjectured security against quantum attacks, strong securityguarantees from worst-case hardness assumptions and constructions of fully homomorphicencryption schemes. On the other hand, even though it is a crucial part of many lattice-basedschemes, Gaussian sampling is still lagging and continues to limit the effectiveness of this newcryptography. The first goal of this thesis is to improve the efficiency of Gaussian sampling forlattice-based hash-and-sign signature schemes. We propose a non-centered algorithm, with aflexible time-memory tradeoff, as fast as its centered variant for practicable size of precomputedtables. We also use the Rényi divergence to bound the precision requirement to the standarddouble precision. Our second objective is to construct Falcon, a new hash-and-sign signaturescheme, based on the theoretical framework of Gentry, Peikert and Vaikuntanathan for latticebasedsignatures. We instantiate that framework over NTRU lattices with a new trapdoor sampler

Le chiffrement homomorphe est une branche de la cryptologie, dans laquelle les schémas de chiffrement offrent la possibilité de faire des calculs sur les messages chiffrés, sans besoin de les déchiffrer. L’intérêt pratique de ces schémas est dû à l’énorme quantité d'applications pour lesquels ils peuvent être utilisés. En sont un exemple le vote électronique, les calculs sur des données sensibles, comme des données médicales ou financières, le cloud computing, etc..Le premier schéma de chiffrement (complètement) homomorphe n'a été proposé qu'en 2009 par Gentry. Il a introduit une technique appelée bootstrapping, utilisée pour réduire le bruit des chiffrés : en effet, dans tous les schémas de chiffrement homomorphe proposés, les chiffrés contiennent une petite quantité de bruit, nécessaire pour des raisons de sécurité. Quand on fait des calculs sur les chiffrés bruités, le bruit augmente et, après avoir évalué un certain nombre d’opérations, ce bruit devient trop grand et, s'il n'est pas contrôlé, risque de compromettre le résultat des calculs.Le bootstrapping est du coup fondamental pour la construction des schémas de chiffrement homomorphes, mais est une technique très coûteuse, qu'il s'agisse de la mémoire nécessaire ou du temps de calcul. Les travaux qui on suivi la publication de Gentry ont eu comme objectif celui de proposer de nouveaux schémas et d’améliorer le bootstrapping pour rendre le chiffrement homomorphe faisable en pratique. L’une des constructions les plus célèbres est GSW, proposé par Gentry, Sahai et Waters en 2013. La sécurité du schéma GSW se fonde sur le problème LWE (learning with errors), considéré comme difficile en pratique. Le bootstrapping le plus rapide, exécuté sur un schéma de type GSW, a été proposé en 2015 par Ducas et Micciancio. Dans cette thèse on propose une nouvelle variante du schéma de chiffrement homomorphe de Ducas et Micciancio, appelée TFHE.Le schéma TFHE améliore les résultats précédents, en proposant un bootstrapping plus rapide (de l'ordre de quelques millisecondes) et des clés de bootstrapping plus petites, pour un même niveau de sécurité. TFHE utilise des chiffrés de type TLWE et TGSW (scalaire et ring) : l’accélération du bootstrapping est principalement due à l’utilisation d’un produit externe entre TLWE et TGSW, contrairement au produit externe GSW utilisé dans la majorité des constructions précédentes.Deux types de bootstrapping sont présentés. Le premier, appelé gate bootstrapping, est exécuté après l’évaluation homomorphique d’une porte logique (binaire ou Mux) ; le deuxième, appelé circuit bootstrapping, peut être exécuté après l’évaluation d’un nombre d'opérations homomorphiques plus grand, pour rafraîchir le résultat ou pour le rendre compatible avec la suite des calculs.Dans cette thèse on propose aussi de nouvelles techniques pour accélérer l’évaluation des calculs homomorphiques, sans bootstrapping, et des techniques de packing des données. En particulier, on présente un packing, appelé vertical packing, qui peut être utilisé pour évaluer efficacement des look-up table, on propose une évaluation via automates déterministes pondérés, et on présente un compteur homomorphe appelé TBSR qui peut être utilisé pour évaluer des fonctions arithmétiques.Pendant les travaux de thèse, le schéma TFHE a été implémenté et il est disponible en open source.La thèse contient aussi des travaux annexes. Le premier travail concerne l’étude d’un premier modèle théorique de vote électronique post-quantique basé sur le chiffrement homomorphe, le deuxième analyse la sécurité des familles de chiffrement homomorphe dans le cas d'une utilisation pratique sur le cloud, et le troisième ouvre sur une solution différente pour le calcul sécurisé, le calcul multi-partite
Fully homomorphic encryption is a new branch of cryptology, allowing to perform computations on encrypted data, without having to decrypt them. The main interest of homomorphic encryption schemes is the large number of practical applications for which they can be used. Examples are given by electronic voting, computations on sensitive data, such as medical or financial data, cloud computing, etc..The first fully homomorphic encryption scheme has been proposed in 2009 by Gentry. He introduced a new technique, called bootstrapping, used to reduce the noise in ciphertexts: in fact, in all the proposed homomorphic encryption schemes, the ciphertexts contain a small amount of noise, which is necessary for security reasons. If we perform computations on noisy ciphertexts, the noise increases and, after a certain number of operations, the noise becomes to large and it could compromise the correctness of the final result, if not controlled.Bootstrapping is then fundamental to construct fully homomorphic encryption schemes, but it is very costly in terms of both memory and time consuming.After Gentry’s breakthrough, the presented schemes had the goal to propose new constructions and to improve bootstrapping, in order to make homomorphic encryption practical. One of the most known schemes is GSW, proposed by Gentry, Sahai et Waters in 2013. The security of GSW is based on the LWE (learning with errors) problem, which is considered hard in practice. The most rapid bootstrapping on a GSW-based scheme has been presented by Ducas and Micciancio in 2015. In this thesis, we propose a new variant of the scheme proposed by Ducas and Micciancio, that we call TFHE.The TFHE scheme improves previous results, by performing a faster bootstrapping (in the range of a few milliseconds) and by using smaller bootstrapping keys, for the same security level. TFHE uses TLWE and TGSW ciphertexts (both scalar and ring): the acceleration of bootstrapping is mainly due to the replacement of the internal GSW product, used in the majority of previous constructions, with an external product between TLWE and TGSW.Two kinds of bootstrapping are presented. The first one, called gate bootstrapping, is performed after the evaluation of a homomorphic gate (binary or Mux); the second one, called circuit bootstrapping, can be executed after the evaluation of a larger number of homomorphic operations, in order to refresh the result or to make it compatible with the following computations.In this thesis, we also propose new techniques to improve homomorphic computations without bootstrapping and new packing techniques. In particular, we present a vertical packing, that can be used to efficiently evaluate look-up tables, we propose an evaluation via weighted deterministic automata, and we present a homomorphic counter, called TBSR, that can be used to evaluate arithmetic functions.During the thesis, the TFHE scheme has been implemented and it is available in open source.The thesis contains also ancillary works. The first one concerns the study of the first model of post-quantum electronic voting based on fully homomorphic encryption, the second one analyzes the security of homomorphic encryption in a practical cloud implementation scenario, and the third one opens up about a different solution for secure computing, multi-party computation

Title: Homomorphic encryption and coding theory Author: Veronika Půlpánová Department: Department of algebra Supervisor: RNDr. Michal Hojsík, Ph.D., Department of algebra Abstract: The current mainstream in fully homomorphic encryption is the appro- ach that uses the theory of lattices. The thesis explores alternative approaches to homomorphic encryption. First we present a code-based homomorphic encrypti- on scheme by Armknecht et. al. and study its properties. Then we describe the family of cryptosystems commonly known as Polly Cracker and identify its pro- blematic aspects. The main contribution of this thesis is the design of a new fully homomorphic symmetric encryption scheme based on Polly Cracker. It proposes a new approach to overcoming the complexity of the simple Polly Cracker - based cryptosystems. It uses Gröbner bases to generate zero-dimensional ideals of po- lynomial rings over finite fields whose factor rings are then used as the rings of ciphertexts. Gröbner bases equip these rings with a multiplicative structure that is easily algorithmized, thus providing an environment for a fully homomorphic cryptosystem. Keywords: Fully homomorphic encryption, Polly Cracker, coding theory, zero- dimensional ideals

碩士
國立中正大學
通訊工程研究所
102
Fully homomorphic encryption is capable to execute specific operations on encrypted data without decrypting it. When we decrypt the result of the operation, it is the same as result of the calculation on the raw data. Therefore, we use the fully homomorphic algorithm to protect the data from leaking out. In this thesis, we use the client / server model to design a health cloud storage system that allows users to store their own health data in this system, and the system ciphertext using these data to do a series of arithmetic operations and the operating result returned to the user.

碩士
國立中正大學
通訊工程研究所
102
With the development of technology, the popularity of wireless networks and many wireless applications, there are more and more opportunities to make the device to connect with each other and to exchange information. The Wi-Fi Direct is a new wireless connection technology based on this demand, which enables Wi-Fi devices to connect easily with each other by the peer to peer mode without requiring a wireless access point. However, when we want to send data to other users’ device for data processing and do not want other users to be able to decrypt the data, the traditional Wi-Fi encryption system will be unable to meet our needs. In view of this, we proposed to use fully homomorphic encryption combined with current Wi-Fi encryption system to solve this problem. The concept of homomorphic encryption is when we carry out a specific operation on ciphertext, after decryption, the result is equivalent to the corresponding plaintext. So that we can perform data processing in ciphertext and maintain the correctness of data, and make the devices to pass and process data through Wi-Fi Direct protocol with convenience and security.

碩士
國立中正大學
通訊工程研究所
103
With advances in technological development, as well as the popularity of cloud computing and the Internet, increasing numbers of cloud services have become available. The cash flow system of cloud computing constitutes a new cash flow service based on this large demand, which enables users to transfer funds over the Internet. However, when users want to transfer data to other users’ accounts for processing and do not want the servers to be able to decrypt the data, the traditional cash flow system is inadequate. To solve this problem, we propose to implement fully homomorphic encryption combined with the cash flow system of cloud computing. The concept of homomorphic encryption refers to when we perform a specific operation in ciphertext, the result after decryption is equivalent to the corresponding plaintext. Therefore, utilizing homomorphic encryption allows us to perform data processing in ciphertext, maintain data accuracy, achieve cloud computing, and securely protect the data from decryption.

碩士
國立成功大學
電機工程學系
107
Fully homomorphic encryption (FHE) allows computations to be performed directly on encrypted data. This ensures data privacy even on the cloud. Currently used computations on encrypted data are of extremely high complexity. In this paper, we propose low-complexity low-level operations on fully homomorphic encrypted data such as compare-and-swap, binary addition, and binary multiplication. To improve the algorithmic performance, we apply the concept of aggregate plaintext. The number of homomorphic multiplications in our compare-and-swap, binary addition, and binary multiplication are lg n+4, 2n-1, and 6n-4, respectively. For 64-bit data compare-and-swap and binary addition, the proposed algorithms operate over 16 and 9 times faster than related works, respectively. For 32-bit multiplication, the speed improvement is over 7 times.

碩士
國立中正大學
通訊工程研究所
104
Nowadays, some applications of telemedicine are transferring users’ personal and health information to cloud server for store via internet. The purpose is to allow demander can obtain users’ information more easily and quickly from a distance. But in fact, the aforementioned operation has security risks about whether these server providers can be fully trusted. In view of this, we propose to use fully homomorphic encryption not only for data encryption to enhance data security in telemedicine system but can allow users to maintain their privacy. At the same time, we can process the ciphertexts directly based on homomorphic property.

碩士
國立中正大學
通訊工程研究所
103
Gentry proposed the first practical scheme which can compute arbitrary functions of encrypted data in 2009. This scheme is named “Fully Homomorphic Encryption (FHE).” FHE allows us to compute more than two specific calculations without the secret decryption key. FHE can deal with and protect large amount of private data and can be widely used in cloud database application or data storage application. However, the GSM encryption system uses one-way authentication, SIM card will use secret key (ki) and random number (RAND) to produce a “signal response (SRES)” and send to the authentication center. At the same time, authentication center also uses ki and RAND to produce an SRES and compares two SRESs. If two SRESs are the same, authentication will succeed. If the authentication center is fake, the user can not recognize when the authentication center requests the user to send the SRES. In this thesis, we address the problem above and provide an encryption algorithm efficiency analysis. As a result, our scheme which is combined with fully homomorphic encryption is more secure and practical.

碩士
國立臺灣大學
資訊網路與多媒體研究所
107
Without the requirement of trusted third-parties, Blockchain guarantees an environment which can be trusted to everyone. However, the transparency property caused a hazard to real-world application that every on-chain information can be viewed by every user. That is to say, the application which contains sensitive data and personal information which require privacy protection cannot be implemented into Blockchain. We propose Fully Homomorphic Encryption scheme into Blockchain, combining the trusty and privacy protection, build up a new framework to obtain both of the advantages and make the Blockchain applications easier to enforce privacy protection based on our system. Our framework’s programmer can encrypt the private data off-chain by FHE scheme, sequentially, they can call FHE function to compute their data after their smart contracts deploy to Blockchain. To present the advantages and the weakness of our framework, we then design a Vickrey Auction System using our FHE-based system to make the bidding price in secret while output the winner and his/her required payment.

Lattice-based cryptography has generated considerable interest in the last two decades due toattractive features, including conjectured security against quantum attacks, strong securityguarantees from worst-case hardness assumptions and constructions of fully homomorphicencryption schemes. On the other hand, even though it is a crucial part of many lattice-basedschemes, Gaussian sampling is still lagging and continues to limit the effectiveness of this newcryptography. The first goal of this thesis is to improve the efficiency of Gaussian sampling forlattice-based hash-and-sign signature schemes. We propose a non-centered algorithm, with aflexible time-memory tradeoff, as fast as its centered variant for practicable size of precomputedtables. We also use the Rényi divergence to bound the precision requirement to the standarddouble precision. Our second objective is to construct Falcon, a new hash-and-sign signaturescheme, based on the theoretical framework of Gentry, Peikert and Vaikuntanathan for latticebasedsignatures. We instantiate that framework over NTRU lattices with a new trapdoor sampler.