Batched Multi-hop Multi-key FHE from Ring-LWE with Compact Ciphertext Extension

Traditional fully homomorphic encryption (FHE) schemes support computation on data encrypted under a single key. In STOC 2012, Lopez-Alt et al. introduced the notion of multi-key FHE (MKFHE), which allows homomorphic computation on ciphertexts encrypted under different keys. In this work, we focus on MKFHE constructions from standard assumptions and propose a new construction of ring-LWE-based multi-hop MKFHE scheme. Our work is based on Brakerski-Gentry-Vaikuntanathan (BGV) FHE scheme where, in contrast, all the previous works on multi-key FHE with standard assumptions were based on Gentry-Sahai-Waters (GSW) FHE scheme. Therefore, our construction can encrypt a ring element rather than a single bit and naturally inherits the advantages in aspects of the ciphertext/plaintext ratio and the complexity of homomorphic operations. Moveover, our MKFHE scheme supports the Chinese Remainder Theorem (CRT)-based ciphertexts packing technique, achieves \(poly\left( k,L,\log n\right) \) computation overhead for k users, circuits with depth at most L and an n dimensional lattice, and gives the first batched MKFHE scheme based on standard assumptions to our knowledge. Furthermore, the ciphertext extension algorithms of previous schemes need to perform complex computation on each ciphertext, while our extension algorithm just needs to generate evaluation keys for the extended scheme. So the complexity of ciphertext extension is only dependent on the number of associated parities but not on the number of ciphertexts. Besides, our scheme also admits a threshold decryption protocol from which a generalized two-round MPC protocol can be similarly obtained as prior works.

[1]  Vinod Vaikuntanathan,et al.  Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages , 2011, CRYPTO.

[2]  Vinod Vaikuntanathan,et al.  Multiparty Computation with Low Communication, Computation and Interaction via Threshold FHE , 2012, EUROCRYPT.

[3]  Eric Miles,et al.  Annihilation Attacks for Multilinear Maps: Cryptanalysis of Indistinguishability Obfuscation over GGH13 , 2016, CRYPTO.

[4]  Daniel Wichs,et al.  Two Round Multiparty Computation via Multi-key FHE , 2016, EUROCRYPT.

[5]  Yehuda Lindell,et al.  Tutorials on the Foundations of Cryptography , 2017 .

[6]  Chris Peikert,et al.  Faster Bootstrapping with Polynomial Error , 2014, CRYPTO.

[7]  Martin R. Albrecht,et al.  A Subfield Lattice Attack on Overstretched NTRU Assumptions - Cryptanalysis of Some FHE and Graded Encoding Schemes , 2016, CRYPTO.

[8]  Craig Gentry,et al.  Fully Homomorphic Encryption with Polylog Overhead , 2012, EUROCRYPT.

[9]  Chris Peikert,et al.  A Toolkit for Ring-LWE Cryptography , 2013, IACR Cryptol. ePrint Arch..

[10]  Zvika Brakerski,et al.  Fully Homomorphic Encryption without Modulus Switching from Classical GapSVP , 2012, CRYPTO.

[11]  Craig Gentry,et al.  Field switching in BGV-style homomorphic encryption , 2013, J. Comput. Secur..

[12]  Shai Halevi,et al.  Algorithms in HElib , 2014, CRYPTO.

[13]  Joseph H. Silverman,et al.  NTRU: A Ring-Based Public Key Cryptosystem , 1998, ANTS.

[14]  Michael Clear,et al.  Multi-identity and Multi-key Leveled FHE from Learning with Errors , 2015, CRYPTO.

[15]  Chris Peikert,et al.  Multi-key FHE from LWE, Revisited , 2016, TCC.

[16]  Shai Halevi,et al.  Bootstrapping for HElib , 2015, EUROCRYPT.

[17]  J. Cheon,et al.  An algorithm for NTRU problems and cryptanalysis of the GGH multilinear map without a low-level encoding of zero , 2016, LMS J. Comput. Math..

[18]  Brent Waters,et al.  Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based , 2013, CRYPTO.

[19]  Vinod Vaikuntanathan,et al.  Efficient Fully Homomorphic Encryption from (Standard) LWE , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[20]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[21]  Berk Sunar,et al.  Homomorphic AES evaluation using the modified LTV scheme , 2016, Des. Codes Cryptogr..

[22]  Chris Peikert,et al.  Λολ: Functional Lattice Cryptography , 2016, CCS.

[23]  Craig Gentry,et al.  Homomorphic Evaluation of the AES Circuit , 2012, IACR Cryptol. ePrint Arch..

[24]  Frederik Vercauteren,et al.  Fully homomorphic SIMD operations , 2012, Designs, Codes and Cryptography.

[25]  Vinod Vaikuntanathan,et al.  On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption , 2012, STOC '12.

[26]  Craig Gentry,et al.  (Leveled) fully homomorphic encryption without bootstrapping , 2012, ITCS '12.

[27]  Virginia Vassilevska Williams,et al.  Multiplying matrices faster than coppersmith-winograd , 2012, STOC '12.

[28]  Léo Ducas,et al.  FHEW: Bootstrapping Homomorphic Encryption in Less Than a Second , 2015, EUROCRYPT.

[29]  Tatsuaki Okamoto,et al.  Packing Messages and Optimizing Bootstrapping in GSW-FHE , 2015, Public Key Cryptography.

[30]  Craig Gentry,et al.  Packed Ciphertexts in LWE-Based Homomorphic Encryption , 2013, Public Key Cryptography.

[31]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[32]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[33]  Chris Peikert,et al.  Practical Bootstrapping in Quasilinear Time , 2013, CRYPTO.

[34]  Craig Gentry,et al.  Better Bootstrapping in Fully Homomorphic Encryption , 2012, Public Key Cryptography.

[35]  Vinod Vaikuntanathan,et al.  Lattice-based FHE as secure as PKE , 2014, IACR Cryptol. ePrint Arch..

[36]  Zvika Brakerski,et al.  Lattice-Based Fully Dynamic Multi-key FHE with Short Ciphertexts , 2016, CRYPTO.

[37]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.