In the current work, we report on an implementation of recryption of fully-packed ciphertexts using the HElib library for somewhat-homomorphic encryption. This implementation required extending previous recryption algorithms from the literature, as well as many aspects of the HElib library. Our implementation supports bootstrapping of packed ciphertexts over many extension fields/rings. One example that we tested involves ciphertexts that encrypt vectors of 1024 elements from $GF(2^{16})$. In that setting, the recryption procedure takes under 3 minutes (at security-level $\approx 80$) on a single core, and allows a multiplicative depth-11 computation before the next recryption is needed.
This report updates the results that we reported in Eurocrypt 2015 in several ways. Most importantly, it includes a much more robust method for deriving the parameters, ensuring that recryption errors only occur with negligible probability. Many aspects of this analysis are proven, and for the few well-specified heuristics that we made, we report on thorough experimentation to validate them. The procedure that we describe here is also significantly more efficient than in the previous version, incorporating many optimizations that were reported elsewhere (such as more efficient linear transformations) and adding a few new ones. Finally, our implementation now also incorporates Chen and Han's techniques from Eurocrypt 2018 for more efficient digit extraction (for some parameters), as well as for ``thin bootstrapping'' when the ciphertext is only sparsely packed.
Category / Keywords: public-key cryptography / Bootstrapping, Homomorphic Encryption, Implementation Original Publication (with major differences): IACR-EUROCRYPT-2015 Date: received 22 Oct 2014, last revised 20 Apr 2020 Contact author: shaih at alum mit edu Available format(s): PDF | BibTeX Citation Note: Minor clarifications Version: 20200421:015345 (All versions of this report) Short URL: ia.cr/2014/873