Cryptology ePrint Archive: Report 2014/873

Bootstrapping for HElib

Shai Halevi and Victor Shoup

Abstract: Gentry's bootstrapping technique is still the only known method of obtaining fully homomorphic encryption where the system's parameters do not depend on the complexity of the evaluated functions. Bootstrapping involves a *recryption* procedure where the scheme's decryption algorithm is evaluated homomorphically. Prior to this work there were very few implementations of recryption, and fewer still that can handle ``packed ciphertexts'' that encrypt vectors of elements.

In the current work, we report on an implementation of recryption of fully-packed ciphertexts using the HElib library for somewhat-homomorphic encryption. This implementation required extending previous recryption algorithms from the literature, as well as many aspects of the HElib library. Our implementation supports bootstrapping of packed ciphertexts over many extension fields/rings. One example that we tested involves ciphertexts that encrypt vectors of 1024 elements from $GF(2^{16})$. In that setting, the recryption procedure takes under 3 minutes (at security-level $\approx 80$) on a single core, and allows a multiplicative depth-11 computation before the next recryption is needed.

This report updates the results that we reported in Eurocrypt 2015 in several ways. Most importantly, it includes a much more robust method for deriving the parameters, ensuring that recryption errors only occur with negligible probability. Many aspects of this analysis are proven, and for the few well-specified heuristics that we made, we report on thorough experimentation to validate them. The procedure that we describe here is also significantly more efficient than in the previous version, incorporating many optimizations that were reported elsewhere (such as more efficient linear transformations) and adding a few new ones. Finally, our implementation now also incorporates Chen and Han's techniques from Eurocrypt 2018 for more efficient digit extraction (for some parameters), as well as for ``thin bootstrapping'' when the ciphertext is only sparsely packed.

Category / Keywords: public-key cryptography / Bootstrapping, Homomorphic Encryption, Implementation

Original Publication (with major differences): IACR-EUROCRYPT-2015

Date: received 22 Oct 2014, last revised 23 Sep 2019

Contact author: shaih at alum mit edu

Available format(s): PDF | BibTeX Citation

Version: 20190923:074412 (All versions of this report)

Short URL: ia.cr/2014/873


[ Cryptology ePrint archive ]