Faster Fully Homomorphic Encryption

We describe two improvements to Gentry’s fully homomorphic scheme based on ideal lattices and its analysis: we provide a more aggressive analysis of one of the hardness assumptions (the one related to the Sparse Subset Sum Problem) and we introduce a probabilistic decryption algorithm that can be implemented with an algebraic circuit of low multiplicative degree. Combined together, these improvements lead to a faster fully homomorphic scheme, with a O(λ 3.5) bit complexity per elementary binary add/mult gate, where λ is the security parameter. These improvements also apply to the fully homomorphic schemes of Smart and Vercauteren [PKC’2010] and van Dijk et al. [Eurocrypt’2010].

[1]  Craig Gentry,et al.  Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.

[2]  Philip N. Klein,et al.  Finding the closest lattice vector when it's unusually close , 2000, SODA '00.

[3]  C. P. Schnorr,et al.  A Hierarchy of Polynomial Time Lattice Basis Reduction Algorithms , 1987, Theor. Comput. Sci..

[4]  László Babai,et al.  On Lovász’ lattice reduction and the nearest lattice point problem , 1986, Comb..

[5]  Ravi Kumar,et al.  A sieve algorithm for the shortest lattice vector problem , 2001, STOC '01.

[7]  W. Hoeffding Probability Inequalities for sums of Bounded Random Variables , 1963 .

[8]  Shafi Goldwasser,et al.  Complexity of lattice problems - a cryptographic perspective , 2002, The Kluwer international series in engineering and computer science.

[9]  G. Tenenbaum Introduction to Analytic and Probabilistic Number Theory , 1995 .

[10]  Daniele Micciancio,et al.  Faster exponential time algorithms for the shortest vector problem , 2010, SODA '10.

[11]  Daniele Micciancio,et al.  A Deterministic Single Exponential Time Algorithm for Most Lattice Problems based on Voronoi Cell Computations ( Extended Abstract ) , 2009 .

[12]  Daniele Micciancio,et al.  Improving Lattice Based Cryptosystems Using the Hermite Normal Form , 2001, CaLC.

[13]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[14]  Craig Gentry,et al.  Computing arbitrary functions of encrypted data , 2010, CACM.

[15]  Ravi Kannan,et al.  Improved algorithms for integer programming and related lattice problems , 1983, STOC.

[16]  Erich Kaltofen,et al.  On fast multiplication of polynomials over arbitrary algebras , 1991, Acta Informatica.

[17]  Christoph Ludwig,et al.  A Faster Lattice Reduction Method Using Quantum Search , 2003, ISAAC.

[18]  Richard M. Karp,et al.  A Survey of Parallel Algorithms for Shared-Memory Machines , 1988 .

[19]  J. Neukirch Algebraic Number Theory , 1999 .

[20]  Frederik Vercauteren,et al.  Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes , 2010, Public Key Cryptography.

[21]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[22]  J. Boyar,et al.  On the multiplicative complexity of Boolean functions over the basis ∧,⊕,1 , 1998 .

[23]  Kenneth J. Giuliani Factoring Polynomials with Rational Coeecients , 1998 .

[24]  C. A. Rogers,et al.  An Introduction to the Geometry of Numbers , 1959 .

[25]  Nicolas Gama,et al.  Predicting Lattice Reduction , 2008, EUROCRYPT.

[26]  Craig Gentry,et al.  Toward Basing Fully Homomorphic Encryption on Worst-Case Hardness , 2010, CRYPTO.

[27]  Nicolas Gama,et al.  Finding short lattice vectors within mordell's inequality , 2008, STOC.

[28]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[29]  Oded Regev,et al.  Lattice-Based Cryptography , 2006, CRYPTO.

[30]  Ravi Kumar,et al.  Sampling short lattice vectors and the closest lattice vector problem , 2002, Proceedings 17th IEEE Annual Conference on Computational Complexity.

[31]  S. Lang Algebraic Number Theory , 1971 .

[32]  Arnold Schönhage,et al.  Schnelle Multiplikation großer Zahlen , 1971, Computing.

[33]  Craig Gentry,et al.  Implementing Gentry's Fully-Homomorphic Encryption Scheme , 2011, EUROCRYPT.

[34]  Igor E. Shparlinski,et al.  On the Insecurity of a Server-Aided RSA Protocol , 2001, ASIACRYPT.