Cryptology ePrint Archive: Report 2020/169

Multiparty Homomorphic Encryption (or: On Removing Setup in Multi-Key FHE)

Prabhanjan Ananth and Abhishek Jain and Zhengzhong Jin

Abstract: The notion of threshold multi-key fully homomorphic encryption (TMK-FHE) [Lopez-Alt, Tromer, Vaikuntanathan, STOC'12] was proposed as a generalization of fully homomorphic encryption to the multiparty setting. In a TMK-FHE scheme for $n$ parties, each party can individually choose a key pair and use it to encrypt its own private input. Given $n$ ciphertexts computed in this manner, the parties can homomorphically evaluate a circuit $C$ over them to obtain a new ciphertext containing the output of $C$, which can then be decrypted via a threshold decryption protocol. The key efficiency property is that the size of the (evaluated) ciphertext is independent of the size of the circuit.

TMK-FHE with one-round threshold decryption, first constructed by Mukherjee and Wichs [Eurocrypt'16], has found several powerful applications in cryptography over the past few years. However, an important drawback of all such TMK-FHE schemes is that they require a common setup which results in applications in the common random string model.

To address this concern, we propose a notion of multiparty homomorphic encryption (MHE) that retains the communication efficiency property of TMK-FHE, but sacrifices on the efficiency of final decryption. Specifically, MHE is defined in a similar manner as TMK-FHE, except that the final output computation process performed locally by each party is ``non-compact'' in that we allow its computational complexity to depend on the size of the circuit. We observe that this relaxation does not have a significant bearing in many important applications of TMK-FHE.

Our main contribution is a construction of MHE from the learning with errors assumption in the plain model. Our scheme can be used to remove the setup in many applications of TMK-FHE. For example, it yields the first construction of low-communication reusable non-interactive MPC in the plain model. To obtain our result, we devise a recursive self-synthesis procedure to transform any ``delayed-function'' two-round MPC protocol into an MHE scheme.

Category / Keywords: foundations / Multiparty Computation, FHE, Multi-Key FHE

Date: received 12 Feb 2020, last revised 26 Feb 2020

Contact author: prabhanjan va at gmail com,abhishek@cs jhu edu,zjin12@jhu edu

Available format(s): PDF | BibTeX Citation

Note: Added a missing transformation in Section 4.2.

Version: 20200226:213305 (All versions of this report)

Short URL: ia.cr/2020/169


[ Cryptology ePrint archive ]