Paper 2012/099
Homomorphic Evaluation of the AES Circuit
Craig Gentry, Shai Halevi, and Nigel P. Smart
Abstract
We describe a working implementation of leveled homomorphic encryption (with or without bootstrapping) that can evaluate the AES-128 circuit. This implementation is built on top of the HElib library, whose design was inspired by an early version of the current work. Our main implementation (without bootstrapping) takes about 4 minutes and 3GB of RAM, running on a small laptop, to evaluate an entire AES-128 encryption operation. Using SIMD techniques, we can process upto 120 blocks in each such evaluation, yielding an amortized rate of just over 2 seconds per block. For cases where further processing is needed after the AES computation, we describe a different setting that uses bootstrapping. We describe an implementation that lets us process 180 blocks in just over 18 minutes using 3.7GB of RAM on the same laptop, yielding amortized 6 seconds/block. We note that somewhat better amortized per-block cost can be obtained using "byte-slicing" (and maybe also "bit-slicing") implementations, at the cost of significantly slower wall-clock time for a single evaluation.
Note: This updated report described re-implementation of the AES circuit over the HElib library.
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- Published elsewhere. Extended abstract in CRYPTO 2012
- Keywords
- AESFully Homomorphic EncryptionImplementation
- Contact author(s)
- shaih @ alum mit edu
- History
- 2015-01-03: last of 4 revisions
- 2012-02-29: received
- See all versions
- Short URL
- https://ia.cr/2012/099
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2012/099,
author = {Craig Gentry and Shai Halevi and Nigel P. Smart},
title = {Homomorphic Evaluation of the {AES} Circuit},
howpublished = {Cryptology {ePrint} Archive, Paper 2012/099},
year = {2012},
url = {https://eprint.iacr.org/2012/099}
}
