Paper 2023/979

New Secret Keys for Enhanced Performance in (T)FHE

Abstract

Fully Homomorphic Encryption has known impressive improvements in the last 15 years, going from a technology long thought to be impossible to an existing family of encryption schemes able to solve a plethora of practical use cases related to the privacy of sensitive information. Recent results mainly focus on improving techniques within the traditionally defined framework of GLWE-based schemes, but the recent CPU implementation improvements are mainly incremental. To keep improving this technology, one solution is to modify the aforementioned framework, by using slightly different hardness assumptions. In this paper, we identify two limitations with (T)FHE: (i) there is no fine-grained control over the size of a GLWE secret key, which is traditionally composed of $k$ polynomials with $N=2^\alpha>1$ coefficients; (ii) for security reasons one cannot use a noise variance smaller than a certain $\sigma_{\min}$ so, for all ciphertext modulus $q\in \mathbb{N}$, there exists an integer $n_{\mathsf{plateau}}$ such that, with any secret key of size $k\cdot N \ge n_{\mathsf{plateau}}$, one cannot control their level of security, resulting in unnecessary big security levels. To overcome the aforementioned limitations, we introduce two new types of secret keys for GLWE-based cryptosystems, that can be used separately or together. We explain why these new secret keys are as secure as the traditional ones and we detail all the improvements that they bring to existing FHE algorithms alongside new algorithms especially efficient with these new keys. We provide many comparisons with state-of-the-art TFHE techniques with traditional secret keys, and some benchmarks showing computational speed-ups between $1.3$ and $2.4$ while keeping the same level of security and failure probability (correctness). Furthermore, the size of the key switching and bootstrapping keys is also reduced with this contribution by factors ranging from $1.5$ to $2.7$.