Cryptology ePrint Archive: Report 2015/337

Modular Hardware Architecture for Somewhat Homomorphic Function Evaluation

Sujoy Sinha Roy and Kimmo Järvinen and Frederik Vercauteren and Vassil Dimitrov and Ingrid Verbauwhede

Abstract: We present a hardware architecture for all building blocks required in polynomial ring based fully homomorphic schemes and use it to instantiate the somewhat homomorphic encryption scheme YASHE. Our implementation is the first FPGA implementation that is designed for evaluating functions on homomorphically encrypted data (up to a certain multiplicative depth) and we illustrate this capability by evaluating the SIMON-64/128 block cipher in the encrypted domain. Our implementation provides a fast polynomial operations unit using CRT and NTT for multiplication combined with an optimized memory access scheme; a fast Barrett like polynomial reduction method; an efficient divide and round unit required in the multiplication of ciphertexts and an efficient CRT unit. These building blocks are integrated in an instruction-set coprocessor to execute YASHE, which can be controlled by a computer for evaluating arbitrary functions (up to the multiplicative depth 44 and 128-bit security level). Our architecture was compiled for a single Virtex-7 XC7V1140T FPGA, where it consumes 23\% of registers, 53\% of LUTs, 53\% of DSP slices, and 38\% of BlockRAM memory. The implementation evaluates SIMON-64/128 in approximately 171.3s (at 143 MHz) and it processes 2048 ciphertexts at once giving a relative time of only 83.6 ms per block. This is 24.5 times faster than the leading software implementation on a 4-core Intel Core-i7 processor running at 3.4 GHz.

Category / Keywords: implementation / Fully homomorphic encryption, YASHE, FPGA, NTT, CRT

Original Publication (in the same form): IACR-CHES-2015

Date: received 14 Apr 2015, last revised 11 Sep 2015

Contact author: Sujoy SinhaRoy at esat kuleuven be

Available format(s): PDF | BibTeX Citation

Note: Changes for camera-ready in CHES 2015.

Version: 20150911:132452 (All versions of this report)

Short URL: ia.cr/2015/337

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]