Download presentation

Presentation is loading. Please wait.

Published byMark Salmons Modified over 2 years ago

1
Paper by: Craig Gentry Presented By: Daniel Henneberger

2
What is homomorphic encryption?

3
Computations on ciphertext which predictably modifies the plaintext Operate on messages while they are encrypted Data can be securely processed in unsecure environments ◦ Cloud Computing ◦ Databases ◦ Voting machines

6
Keygen Encrypt Decrypt Evaluate

7
1978 – Privacy Homomorphism US government pumps millions in it

8
Additive ◦ E(m1) + E(m2) = E(m1+m2) Multiplicative ◦ E(m1) * E(m2) = E(m1*m2) Why just Add and Mul? ◦ Can evaluate any function ◦ Turing complete over a ring

9
Somewhat Homomorphic ◦ You can do only do some functions ◦ RSA Fully Homomorphic ◦ You can do all functions Leveled Fully Homomorphic ◦ Keysize can grow with depth of the function Bootstrappable ◦ Can evaluate its own decryption circuit

10
Craig Gentry Stanford University and IBM Watson 2009

12
Before this paper, it was unknown if fully homomorphic encryption could exist First feasible result Holy grail of encryption 17 results on YouTube!

13
Ideal lattices are a form of difficult to compute mathematical problems Similar to: ◦ Integer Factorization ◦ Discrete logarithm problem ◦ Elliptic curves over finite fields (Elliptical curve) Closest vector problem Learning with errors Unbreakable with quantum computing ◦ Uses arbitrary approximations

14
“Recipe”: 1. Take two linearly independent vectors in R 2. 2. Close them for addition and for multiplication by an integer scalar. Each point corresponds to a vector in the lattice etc....

15
A cyclic lattice is ‘ideal’ (ring-based) NTRU – Asymmetric key cryptosystem that uses ring-based lattices Low circuit complexity Very fast Allows additive and multiplicative homomorphism

16
Lots of math involved with this: ◦ Cyclotomic Polynomials Too much for this class time

17
Evaluate(pk,C, Encrypt(pk,m1),..., Encrypt(pk,mt)) = Encrypt(pk,C(m1,..., mt)) Steps ◦ Create a general bootstrapping result ◦ Initial construction using ideal lattices ◦ Squash the decryption circuit to permit bootstrapping

19
Find a Public key scheme that is homomorphic for shallow circuits and uses ideal lattices ◦ NTRUEncrypt Ciphertext has a form of an ideal lattice + offset Use a cyclic ring of keys ◦ Hard to do ◦ Large key size (GB)

21
Evaluate its own decryption circuit Provides ability to recrypt plaintext Must be allowed to recrypt augmented versions to provide mathematical operations

22
Allows ‘unlimited’ additions ◦ Recrypt algorithm Greater multiplicative depth ◦ log log (N) - log log (n-1) ◦ Still bad

23
Can only evaluate in logarithmic depth ◦ Ciphertext grows ◦ Noise increases Addition- circuits can be corrected (recrypting) Multiplication- noise grows quickly Not yet practical ◦ Client must begin the decryption process to be bootstrappable ◦ Solution is approximate ◦ >1 day to compute 1 message

24
PollyCracker Fully Homomorphic Encryption over the Integers Fully Homomorphic Encryption over the Binary Polynomials

25
Many people have created new variants Implementations All slow Finding shortcuts AES-128 – Completed June 15 th 2012 ◦ Computed with 256GB of ram (still limiting factor) ◦ 24 Xeon cores ◦ Took 5 days per operation

Similar presentations

OK

1 Introduction to Information Security 0368-3065, Spring 2015 Lecture 7: Applied cryptography: asymmetric Eran Tromer Slides credit: John Mitchell, Stanford.

1 Introduction to Information Security 0368-3065, Spring 2015 Lecture 7: Applied cryptography: asymmetric Eran Tromer Slides credit: John Mitchell, Stanford.

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google

Food and nutrition for kids ppt on batteries Ppt on 7 wonders of the modern world Ppt on harmful effects of drinking alcohol Ppt on dining etiquettes Ppt on different types of reactions and their applications Ppt on viruses and bacteria test Home networking seminar ppt on 4g Ppt on conventional energy sources Ppt on online shopping mall Ppt on health care system in india