Abstract
Very recently, Costache and Smart proposed a fully homomorphic encryption (FHE) scheme based on the Learning with Rounding (LWR) problem, which removes the noise (typically, Gaussian noise) sampling needed in the previous lattices-based FHEs. But their scheme did not work, since the noise of homomorphic multiplication is complicated and large, which leads to failure of decryption. More specifically, they chose LWR instances as a public key and the private key therein as a secret key and then used the tensor product to implement homomorphic multiplication, which resulted in a tangly modulus problem. Recall that there are two moduli in the LWR instances, and then the moduli will tangle together due to the tensor product. Inspired by their work, we built the first workable LWR-based FHE scheme eliminating the tangly modulus problem by cleverly adopting the celebrated approximate eigenvector method proposed by Gentry et al. at Crypto 2013. Roughly speaking, we use a specific matrix multiplication to perform the homomorphic multiplication, hence no tangly modulus problem. Furthermore, we also extend the LWR-based FHE scheme to the multikey setting using the tricks used to construct LWE-based multikey FHE by Mukherjee and Wichs at Eurocrypt 2016. Our LWR-based multikey FHE construction provides an alternative to the existing multikey FHEs and can also be applied to multiparty computation with higher efficiency.
Highlights
Homomorphic encryption (FHE) is a cryptographic primitive that allows performing arbitrarily complex and efficiently computable evaluations over encrypted data without decrypting them
We propose a workable LWRbased Fully homomorphic encryption (FHE) scheme eliminating the tangly modulus problem by cleverly adopting the celebrated approximate eigenvector method in GSW13
Style to avoid the tangly modulus problem. It seems that the method of [12] has been tailored to be employed in constructing our Learning with Rounding (LWR)-based multikey FHE scheme, since it helps to avoid the tangly modulus problem when expanding the valid ciphertexts needed in multikey setting
Summary
Homomorphic encryption (FHE) is a cryptographic primitive that allows performing arbitrarily complex and efficiently computable evaluations over encrypted data without decrypting them. Costache and Smart [22] showed a FHE scheme based on the ring-LWR problem (or RLWR, a variant of Learning with Rounding (LWR) problem) Their scheme removes the Gaussian noise needed in the previous LWEbased FHEs and results in slightly smaller ciphertexts. The LWR (the definition of LWR will be presented in Section 2.2), mainly leveraged by a scaled rounding function [23] including two different moduli q and p, makes the tensor product ⊗ used by them to implement homomorphic multiplication intractable In more detail, they chose RLWR instances as a public key and the private key therein as a secret key, and the ciphertext was computed as a vector c = (V, w) ∈ Rq × Rp decrypting to message μ ∈ Rt, where Rq, Rp, Rt are quotient rings.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
