Cryptology ePrint Archive: Report 2013/307

Maliciously Circuit-Private FHE

Rafail Ostrovsky and Anat Paskin-Cherniavsky and Beni Paskin-Cherniavsky

Abstract: We present a framework for transforming FHE (fully homomorphic encryption) schemes with no circuit privacy requirements into maliciously circuit-private FHE. That is, even if both maliciously formed public key and ciphertext are used, encrypted outputs only reveal the evaluation of the circuit on some well-formed input $x^*$. Previous literature on FHE only considered semi-honest circuit privacy. Circuit-private FHE schemes have direct applications to computing on encrypted data. In that setting, one party (a receiver) holding an input $x$ wishes to learn the evaluation of a circuit $C$ held by another party (a sender). The goal is to make receiver's work sublinear (and ideally independent) of $|C|$, using a 2-message protocol. The transformation technique may be of independent interest, and have various additional applications. The framework uses techniques akin to Gentry's bootstrapping and conditional disclosure of secrets (CDS [AIR01]) combining a non circuit private FHE scheme, with a homomorphic encryption (HE) scheme for a smaller class of circuits which is maliciously circuit-private. We devise the first known circuit private FHE, by instantiating our framework by various (standard) FHE schemes from the literature.

Category / Keywords: Fully homomorphic encryption, computing on encrypted data, privacy, malicious setting

Original Publication (with major differences): IACR-CRYPTO-2014
DOI:
10.1007/978-3-662-44371-2_30

Date: received 22 May 2013, last revised 19 Aug 2014

Contact author: anps83 at gmail com

Available format(s): PDF | BibTeX Citation

Note: Full version for submission to CRYPTO 2014. Added: * Added a new multi-hop circuit-private FHE result. * Separated steps 1 and 2, so now the construction precisely follows the outline in the intro (upto an optional simplification). * Improved notation and presentation.

Version: 20140819:102523 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]