Download presentation

Presentation is loading. Please wait.

Published byMark Salmons Modified about 1 year ago

1
Paper by: Craig Gentry Presented By: Daniel Henneberger

2
What is homomorphic encryption?

3
Computations on ciphertext which predictably modifies the plaintext Operate on messages while they are encrypted Data can be securely processed in unsecure environments ◦ Cloud Computing ◦ Databases ◦ Voting machines

4

5

6
Keygen Encrypt Decrypt Evaluate

7
1978 – Privacy Homomorphism US government pumps millions in it

8
Additive ◦ E(m1) + E(m2) = E(m1+m2) Multiplicative ◦ E(m1) * E(m2) = E(m1*m2) Why just Add and Mul? ◦ Can evaluate any function ◦ Turing complete over a ring

9
Somewhat Homomorphic ◦ You can do only do some functions ◦ RSA Fully Homomorphic ◦ You can do all functions Leveled Fully Homomorphic ◦ Keysize can grow with depth of the function Bootstrappable ◦ Can evaluate its own decryption circuit

10
Craig Gentry Stanford University and IBM Watson 2009

11

12
Before this paper, it was unknown if fully homomorphic encryption could exist First feasible result Holy grail of encryption 17 results on YouTube!

13
Ideal lattices are a form of difficult to compute mathematical problems Similar to: ◦ Integer Factorization ◦ Discrete logarithm problem ◦ Elliptic curves over finite fields (Elliptical curve) Closest vector problem Learning with errors Unbreakable with quantum computing ◦ Uses arbitrary approximations

14
“Recipe”: 1. Take two linearly independent vectors in R 2. 2. Close them for addition and for multiplication by an integer scalar. Each point corresponds to a vector in the lattice etc....

15
A cyclic lattice is ‘ideal’ (ring-based) NTRU – Asymmetric key cryptosystem that uses ring-based lattices Low circuit complexity Very fast Allows additive and multiplicative homomorphism

16
Lots of math involved with this: ◦ Cyclotomic Polynomials Too much for this class time

17
Evaluate(pk,C, Encrypt(pk,m1),..., Encrypt(pk,mt)) = Encrypt(pk,C(m1,..., mt)) Steps ◦ Create a general bootstrapping result ◦ Initial construction using ideal lattices ◦ Squash the decryption circuit to permit bootstrapping

18

19
Find a Public key scheme that is homomorphic for shallow circuits and uses ideal lattices ◦ NTRUEncrypt Ciphertext has a form of an ideal lattice + offset Use a cyclic ring of keys ◦ Hard to do ◦ Large key size (GB)

20

21
Evaluate its own decryption circuit Provides ability to recrypt plaintext Must be allowed to recrypt augmented versions to provide mathematical operations

22
Allows ‘unlimited’ additions ◦ Recrypt algorithm Greater multiplicative depth ◦ log log (N) - log log (n-1) ◦ Still bad

23
Can only evaluate in logarithmic depth ◦ Ciphertext grows ◦ Noise increases Addition- circuits can be corrected (recrypting) Multiplication- noise grows quickly Not yet practical ◦ Client must begin the decryption process to be bootstrappable ◦ Solution is approximate ◦ >1 day to compute 1 message

24
PollyCracker Fully Homomorphic Encryption over the Integers Fully Homomorphic Encryption over the Binary Polynomials

25
Many people have created new variants Implementations All slow Finding shortcuts AES-128 – Completed June 15 th 2012 ◦ Computed with 256GB of ram (still limiting factor) ◦ 24 Xeon cores ◦ Took 5 days per operation

Similar presentations

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google