Cryptology ePrint Archive: Report 2014/032

Scale-Invariant Fully Homomorphic Encryption over the Integers

Jean-Sébastien Coron and Tancrède Lepoint and Mehdi Tibouchi

Abstract: At Crypto 2012, Brakerski constructed a scale-invariant fully homomorphic encryption scheme based on the LWE problem, in which the same modulus is used throughout the evaluation process, instead of a ladder of moduli when doing “modulus switching”. In this paper we describe a variant of the van Dijk et al. FHE scheme over the integers with the same scale-invariant property. Our scheme has a single secret modulus whose size is linear in the multiplicative depth of the circuit to be homomorphically evaluated, instead of exponential; we therefore construct a leveled fully homomorphic encryption scheme. This scheme can be transformed into a pure fully homomorphic encryption scheme using bootstrapping, and its security is still based on the Approximate-GCD problem.

We also describe an implementation of the homomorphic evaluation of the full AES encryption circuit, and obtain significantly improved performance compared to previous implementations: about 23 seconds (resp. 3 minutes) per AES block at the 72-bit (resp. 80-bit) security level on a mid-range workstation.

Finally, we prove the equivalence between the (error-free) decisional Approximate-GCD problem introduced by Cheon et al. (Eurocrypt 2013) and the classical computational Approximate-GCD problem. This equivalence allows to get rid of the additional noise in all the integer-based FHE schemes described so far, and therefore to simplify their security proof.

Category / Keywords: public-key cryptography / Fully Homomorphic Encryption, Approximage-GCD, Homomorphic AES

Original Publication (with major differences): IACR-PKC-2014

Date: received 11 Jan 2014

Contact author: jean-sebastien coron at uni lu

Available format(s): PDF | BibTeX Citation

Version: 20140112:132648 (All versions of this report)

Short URL: ia.cr/2014/032