Abstract
In typical applications of homomorphic encryption, the first step consists for Alice to encrypt some plaintext m under Bob's public key $$\mathsf {pk}$$ and to send the ciphertext $$c = \mathsf {HE}_{\mathsf {pk}}m$$ to some third-party evaluator Charlie. This paper specifically considers that first step, i.e. the problem of transmitting c as efficiently as possible from Alice to Charlie. As previously noted, a form of compression is achieved using hybrid encryption. Given a symmetric encryption scheme $$\mathsf {E}$$, Alice picks a random key k and sends a much smaller ciphertext $$c' = \mathsf {HE}_{\mathsf {pk}}k, \mathsf {E}_km$$ that Charlie decompresses homomorphically into the original c using a decryption circuit $$\mathcal {C}_{{\mathsf {E}^{-1}}}$$. In this paper, we revisit that paradigm in light of its concrete implementation constraints; in particular $$\mathsf {E}$$ is chosen to be an additive IV-based stream cipher. We investigate the performances offered in this context by Trivium, which belongs to the eSTREAM portfolio, and we also propose a variant with 128-bit security: Kreyvium. We show that Trivium, whose security has been firmly established for over a decade, and the new variant Kreyvium have an excellent performance.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
