Cryptology ePrint Archive: Report 2017/246

An Analysis of FV Parameters Impact Towards its Hardware Acceleration

Joël Cathébras and Alexandre Carbon and Renaud Sirdey and Nicolas Ventroux

Abstract: The development of cloud computing services is restrained by privacy concerns. Centralized medical services for instance, require a guarantee of confidentiality when using outsourced computation platforms. Fully Homomorphic Encryption is an intuitive solution to address such issue, but until 2009, existing schemes were only able to evaluate a reduced number of operations (Partially Homomorphic Encryption). In 2009, C. Gentry proposed a blueprint to construct FHE schemes from SHE schemes. However, it was not practical due to the huge data size overhead and the exponential noise growth of the initial SHE. Since then, major improvements have been made over SHE schemes and their noise management, and resulting schemes, like BGV and FV, allow to foresee small applications. Besides scheme improvements, new practical approaches were proposed to bring homomorphic encryption closer to practice. The $IV$-based stream cipher trans-ciphering approach brought by Canteaut et al. in 2015 reduces the on-line latency of the trans-ciphering process to a simple homomorphic addition. The homomorphic evaluation of stream ciphers, that produces the trans-ciphering keystream, could be computed in an off-line phase, resulting in an almost transparent trans-ciphering process from the user point of view. This approach combined with hardware accelerations could bring homomorphic encryption closer to practice. This paper deals the choice of FV parameters for efficient implementation of this scheme in the light of related works' common approaches. At first sight, using large polynomial degree to reduce the coefficients size seemed to be advantageous, but further observations contradict it. Large polynomial degrees imply larger ciphertexts and more complex implementations, but smaller ones imply more primes to find for CRT polynomial representation. The result of this preliminary work for the choice of an adequate hardware target motivates the choice of small degree polynomials rather than small coefficients for the FV scheme.

Category / Keywords: Homomorphic evaluation, FV parameters, Chinese Remainder Theorem, Number Theorical Transform

Original Publication (with minor differences): WAHC'17 - 5th Workshop on Encrypted Computing and Applied Homomorphic Cryptography

Date: received 13 Mar 2017, last revised 13 Mar 2017

Contact author: joel cathebras at cea fr

Available format(s): PDF | BibTeX Citation

Version: 20170320:142204 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]