Presentation is loading. Please wait.

Presentation is loading. Please wait.

Paper by: Craig Gentry Presented By: Daniel Henneberger.

Similar presentations


Presentation on theme: "Paper by: Craig Gentry Presented By: Daniel Henneberger."— Presentation transcript:

1 Paper by: Craig Gentry Presented By: Daniel Henneberger

2  What is homomorphic encryption?

3  Computations on ciphertext which predictably modifies the plaintext  Operate on messages while they are encrypted  Data can be securely processed in unsecure environments ◦ Cloud Computing ◦ Databases ◦ Voting machines

4

5

6  Keygen  Encrypt  Decrypt  Evaluate

7  1978 – Privacy Homomorphism  US government pumps millions in it

8  Additive ◦ E(m1) + E(m2) = E(m1+m2)  Multiplicative ◦ E(m1) * E(m2) = E(m1*m2)  Why just Add and Mul? ◦ Can evaluate any function ◦ Turing complete over a ring

9  Somewhat Homomorphic ◦ You can do only do some functions ◦ RSA  Fully Homomorphic ◦ You can do all functions  Leveled Fully Homomorphic ◦ Keysize can grow with depth of the function  Bootstrappable ◦ Can evaluate its own decryption circuit

10 Craig Gentry Stanford University and IBM Watson 2009

11

12  Before this paper, it was unknown if fully homomorphic encryption could exist  First feasible result  Holy grail of encryption  17 results on YouTube!

13  Ideal lattices are a form of difficult to compute mathematical problems  Similar to: ◦ Integer Factorization ◦ Discrete logarithm problem ◦ Elliptic curves over finite fields (Elliptical curve)  Closest vector problem  Learning with errors  Unbreakable with quantum computing ◦ Uses arbitrary approximations

14 “Recipe”: 1. Take two linearly independent vectors in R 2. 2. Close them for addition and for multiplication by an integer scalar. Each point corresponds to a vector in the lattice etc....

15  A cyclic lattice is ‘ideal’ (ring-based)  NTRU – Asymmetric key cryptosystem that uses ring-based lattices  Low circuit complexity  Very fast  Allows additive and multiplicative homomorphism

16  Lots of math involved with this: ◦ Cyclotomic Polynomials  Too much for this class time

17  Evaluate(pk,C, Encrypt(pk,m1),..., Encrypt(pk,mt)) = Encrypt(pk,C(m1,..., mt))  Steps ◦ Create a general bootstrapping result ◦ Initial construction using ideal lattices ◦ Squash the decryption circuit to permit bootstrapping

18

19  Find a Public key scheme that is homomorphic for shallow circuits and uses ideal lattices ◦ NTRUEncrypt  Ciphertext has a form of an ideal lattice + offset  Use a cyclic ring of keys ◦ Hard to do ◦ Large key size (GB)

20

21  Evaluate its own decryption circuit  Provides ability to recrypt plaintext  Must be allowed to recrypt augmented versions to provide mathematical operations

22  Allows ‘unlimited’ additions ◦ Recrypt algorithm  Greater multiplicative depth ◦ log log (N) - log log (n-1) ◦ Still bad

23  Can only evaluate in logarithmic depth ◦ Ciphertext grows ◦ Noise increases  Addition- circuits can be corrected (recrypting)  Multiplication- noise grows quickly  Not yet practical ◦ Client must begin the decryption process to be bootstrappable ◦ Solution is approximate ◦ >1 day to compute 1 message

24  PollyCracker  Fully Homomorphic Encryption over the Integers  Fully Homomorphic Encryption over the Binary Polynomials

25  Many people have created new variants  Implementations  All slow  Finding shortcuts  AES-128 – Completed June 15 th 2012 ◦ Computed with 256GB of ram (still limiting factor) ◦ 24 Xeon cores ◦ Took 5 days per operation


Download ppt "Paper by: Craig Gentry Presented By: Daniel Henneberger."

Similar presentations


Ads by Google