Abstract
Homomorphic encryption enables computations over encrypted data without decryption, and can be used for outsourcing computations to some untrusted source. In homomorphic encryption based on the hardness of ring-learning with errors, offering promising security and functionality, a plaintext is represented by a polynomial. A plaintext is treated as a vector whose homomorphic evaluation enables component-wise addition and multiplication, as well as rotation across the components. We focus on a commonly used and time-consuming subroutine that enables homomorphically summing-up the components of the vector or homomorphically extracting the coefficients of the polynomial, and call it homomorphic trace-type function. We improve the efficiency of the homomorphic trace-type function evaluation. The homomorphic trace-type function evaluation is performed by repeating homomorphic rotation followed by addition (rotations-and-sums). To correctly add up a rotated ciphertext and an unrotated one, a special operation called key-switching should be performed on the rotated one. As key-switching is computationally expensive, the rotations-and-sums is inherently inefficient. We propose a more efficient trace-type function evaluation by using loop-unrolling, which is compatible with other optimization techniques such as hoisting, and can exploit multi-threading. We show that the rotations-and-sums is not the optimal solution in terms of runtime complexity and that a trade-off exists between time and space. Experimental results demonstrate that our proposed method works 1.32–2.12 times faster than the previous method.
Highlights
Homomorphic encryption (HE) allows computations over encrypted data without decryption
Since Gentry’s first construction of fully HE [1], numerous improvements in its theory and implementation have been made to increase efficiency as well as different types of computation (e.g., [2]–[5]). These subsequent schemes are based on the hardness of learning with errors (LWE) problem [6] or its ring variant called ring LWE (RLWE) problem [7]
RLWE-based HE schemes provide amortization because a plaintext is represented by a polynomial
Summary
Homomorphic encryption (HE) allows computations over encrypted data without decryption. RLWE-based HE schemes provide amortization because a plaintext is represented by a polynomial This allows one to pack multiple messages into the polynomial coefficients, thereby performing homomorphic operations such as component-wise addition, polynomial multiplication (convolution), and rotation (with the change of signs for a certain case). Coefficient representation is the most natural representation as the coefficient with respect to the power basis is aligned as a vector This representation allows the direct application of nonlinear operations (e.g., scaling, lifting, and word decomposition) on Rq. On the other hand, the multiplication of two elements in Rqi suffers from quadratic complexity in N. Throughout the paper, we use a superscript within parentheses to denote a ring element with respect to a large modulus in the RNS representation.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
