Fully Homomorphic Encryption Research Articles

Differential Fault Attack on Kreyvium & FLIP

In this article, we propose key recovery attack on two stream ciphers: Kreyvium and FLIP <inline-formula><tex-math notation="LaTeX">$_{530}(42,128,360)$</tex-math></inline-formula> using Differential Fault Attack (DFA) technique. These two ciphers are being used in Fully Homomorphic Encryption (FHE) due to their low error growth during keystream generation. Kreyvium is an NFSR-based stream cipher and FLIP is a permutation-based stream cipher. We first show that the complete state of the Kreyvium can be recovered by injecting 3 faults and considering 450 many keystream bits. In case of FLIP, we show that if there is a 1-bit fault in the state of the cipher then from 9000 normal and faulty keystream bits the state (i.e., the secret key) of the cipher can be recovered. For single bit fault, one will require to solve a system of equations for each 530 possible fault locations to recover the correct key of FLIP. To the best of our knowledge, this is the first article which analyzes the security of these two FHE supported stream ciphers under DFA and it has been observed that DFA completely reveals the secret keys of these two ciphers with very minimal faults.

Noise Free Fully Homomorphic Encryption Scheme Over Non-Associative Algebra

Among several approaches to privacy-preserving cryptographic schemes, we have concentrated on noise-free homomorphic encryption. It is a symmetric key encryption that supports homomorphic operations on encrypted data. We present a fully homomorphic encryption (FHE) scheme based on sedenion algebra over finite $Z_{n}$ rings. The innovation of the scheme is the compression of a 16-dimensional vector for the application of Frobenius automorphism. For sedenion, we have $p^{16}$ different possibilities that create a significant bijective mapping over the chosen 16-dimensional vector that adds permutation to our scheme. The security of this scheme is based on the assumption of the hardness of solving a multivariate quadratic equation system over finite $Z_{n}$ rings. The scheme results in $256n$ multivariate polynomial equations with $256+16n$ unknown variables for $n$ messages. For this reason, the proposed scheme serves as a security basis for potentially post-quantum cryptosystems. Moreover, after sedenion, no newly constructed algebra loses its properties. This scheme would therefore apply as a whole to the following algebras, such as 32-dimensional trigintadunion.

Leveled Certificateless Fully Homomorphic Encryption Schemes From Learning With Errors

Fully homomorphic encryption (FHE) is a form of public-key encryption that allows the computation of arbitrary functions on encrypted data without decrypting the data. As a result, it is a useful tool with numerous applications. Certificateless encryption (CLE) is a type of public-key encryption that combines the advantages of PKI-based public-key encryption with those of identity-based encryption (IBE). Thus, certificateless fully homomorphic encryption (CLFHE) has aroused considerable research interest. Recently, Chen, Hu, and Lian proposed a leveled certificateless homomorphic encryption (CLHE) scheme and proved its semantic security based on the learning with errors ( ${\mathsf {LWE}}$ ) problem in the random oracle model. However, their scheme supports only homomorphic addition, but not homomorphic multiplication. In this work, we construct two leveled CLFHE schemes using the approximate eigenvector method presented by Gentry, Sahai, and Waters. Based on the hardness of the ${\mathsf {LWE}}$ problem, we prove that one scheme satisfies adaptive semantic security and anonymity in the random oracle model, whereas the other satisfies selective semantic security and anonymity in the standard model.

The Role of Non-Positional Arithmetic on Efficient Emerging Cryptographic Algorithms

Number representation systems establish ways in which numbers are mapped to computer architectures, and how operations over the numbers are translated into computer instructions. The efficiency of public-key cryptography is strongly affected by the used number representations, as these systems are constructed from mathematically inspired problems to ensure security, and thus rely on operations over large integers. In this paper, unconventional representations systems, including the Residue Number System (RNS) and stochastic number representations, are systematically reviewed. Homomorphic representations, which allow for parties to operate on data without having access to their plaintext representation, are also considered. The main goal of this survey is to introduce the reader to key aspects of non-traditional number representations that may be exploited for public-key cryptography, without delving too much into the details. Examples of the methods and algorithms herein surveyed include subquadratic modular multiplication for isogeny-based cryptography, the acceleration of Goldreich-Goldwasser-Halevi (GGH) decryption by an order of magnitude, the improvement of the Direct Anonymous Attestation (DAA) protocol both in terms of storage requirements and the time taken to execute it, and efficient algorithm-hiding Fully Homomorphic Encryption (FHE). The implementation of this type of systems in both sequential and parallel platforms is analysed, and their performance is compared with traditional approaches. We hope this work sows the seed of further research on the application of non-positional number arithmetic to other cryptographic use-cases.

Protecting data privacy in publicly verifiable delegation of matrix and polynomial functions

Outsourcing computation has gained significant attention in recent years in particular due to the prevalence of cloud computing. There are two main security concerns in outsourcing computation: guaranteeing that the server performs the computation correctly, and protecting the privacy of the client's data. The verifiable computation of Gennaro, Gentry and Parno addresses both concerns for outsourcing the computation of a function f on an input x to the cloud. The GGP scheme is privately delegatable, privately verifiable, and based on the expensive cryptographic primitives such as fully homomorphic encryption (FHE). In this paper we consider the problem of outsourcing matrix-vector multiplications of the form Fxwhere F is a matrix and xis a column vector, and construct publicly delegatable and publicly verifiable schemes. Our schemes are either input private or function private, highly efficient, and provably secure under the well-established assumptions such as the discrete-logarithm assumption. We decompose a polynomial computation, such as computing a univariate polynomial of arbitrary degree, a bivariate polynomial of arbitrary degree, a quadratic multivariate polynomial, and in general any multivariate polynomial, into a two-step computation in which the computaionally expensive step is a matrix-vector multiplication. We use the matrix schemes to outsource the computation of high-degree polynomials and obtain the first high-degree polynomial outsourcing schemes that simultaneously have public delegation, public verification and input privacy/function privacy.

Improving Data Spillage in Multi Cloud Capacity Administrations

Multi copy Dynamic information possession in distributed computing be able to to put missing information in dynamic methodology to the cloud server. Multi copy means, information to be imitated in different servers. The undertaking proprietor transfers the information into cloud server and the information is duplicated, then that photocopies are place away in several servers. The information is stored in multiple servers in order to avoid data loss due to vulnerabilities like hacking or server crash. We presented a new strategy that is, Fully Homo morphic Encryption (FHE) algorithm for taking multiple copies of information. The FHE algorithm is used to enhance security to the information stored in the servers. When the data proprietor uploads the file, the FHE algorithm splits the file and takes multiple copies of the file. These copies are zipped in order to decrease memory size and are stored in multiple servers. The stored files are encrypted to provide maximum security. The FHE algorithm provides keygen, copygen and taggen, using these keys the data can be decrypted and retrieved.

Private computation of the Schulze voting method over the cloud

In this work, we propose an algorithm that computes the Schulze voting method privately and finds the winner of the candidate without revealing the preferences of the voter. Users often outsource data to the cloud to get the result of an intended computation. Many a time, the user would like to keep the data and the result of the delegated computation private due to its sensitive nature. It is possible using data analytics to extract private information from a person. Hence, there is a need to perform computation on encrypted data, which can protect from a leak of private information. Homomorphic encryption (HE), allows computation on encrypted data. HE scheme takes input data in encrypted form and produces output in encrypted form. This encrypted output can not be decrypted without the private key. The Schulze method involves computation of a more complex function known as strength of strongest path. This is challenging to implement privately because it requires the evaluation of several functions over the ciphertexts. We use the Levelled-Brakerski–Gentry–Vaikuntanathan (BGV) fully homomorphic encryption (FHE) scheme to privately compute the strongest paths in a weighted graph using a modified image result of the Floyd–Warshall algorithm. We evaluated our proposed algorithm using an FHE library HElib. Besides, we implemented it for various parameters like time and number of levels in the modulus chain and also evaluated the size of the public key and secret key used for encryption and decryption. From the implementation results, we found that if we increase the number of levels, then the computation and communication complexity will also increase. Therefore, for efficient computation, we need to choose the optimal level.

Towards secure big data analytic for cloud-enabled applications with fully homomorphic encryption

Cloud computing empowers enterprises to efficiently manage big data and discovery of useful information which are the most fundamental challenges for big data enabled applications. The cloud offered unlimited resources that can store, manage and analyze massive and heterogeneous data to improve the quality assurance of application services. Nevertheless, cloud computing is exposed to enormous external and internal privacy breaches and leakage threats. In this paper, we introduce a privacy-preserving distributed analytics framework for big data in cloud. Fully Homomorphic Encryption (FHE) is used as an emerging and powerful cryptosystem that can carry out analysis tasks on encrypted data. The developed distributed approach has the scalability to partition both data and analysis computations into subset cloud computing nodes that can be run independently. This rapidly accelerates the performance of encrypted data processing while preserving a high level of analysis accuracy. Our experimental evaluation demonstrates the efficiency of the proposed framework, in terms of both analysis performance and accuracy, for building a secure analytics cloud-enabled application.

Fully homomorphic encryption based on the ring learning with rounding problem

Almost all existing well-known fully homomorphic encryption (FHE) schemes, which are based on either the learning with errors (LWE) or the ring LWE problem, require expensive Gaussian noise sampling. In this study, the authors propose an FHE scheme based on the ring learning with rounding (RLWR) problem. The learning with rounding (LWR) problem was proposed as a deterministic variant of LWE, while the RLWR is a variant of LWR. Sampling an LWR instance does not require Gaussian noise sampling process, and neither does an RLWR instance. Thus, our FHE scheme can be instantiated without the need for Gaussian noise sampling. To implement homomorphic operations, we devise a specific relinearisation method. Furthermore, we also prove that our RLWR-based FHE scheme is IND-CPA secure under RLWR assumption.

HARDWARE IMPLEMENTATION OF AN ENCRYPTION FOR ENHANCEMENT DGHV

In constructing a secure and reliable cloud computing environment, a fully homomorphic encryption (FHE) scheme is conceived as a major cryptographic tool, as it enables arbitrary arithmetic evaluation of a cipher text without revealing the plaintext. However, due to very high of fully homomorphic encryption systems stays impractical and unfit for real-time applications One way to address this restriction is by using graphics processing unit (GPUs) and field programmable gate arrays (FPGAs) to produce homomorphic encryption schemes. This paper represents the hardware implementation of an encryption for enhancement van Dijk, Gentry, Halevi and Vaikuntanathan’s (DGHV) scheme over the integer (DGHV10) using FPGA technology for high speed computation and real time results. The proposed method was simulated via Vivado system generator tools. Then design systems of fully homomrphic encryption are implemented in an FPGA hardware successfully using NEXYS 4 DDR board with ARTIX 7 XC7A100T FPGA. The Experimental results show that the FPGA- based fully homomorphic encryption system is 63 times faster than the simulation based implementation.

Design and Implementation of Encryption/Decryption Architectures for BFV Homomorphic Encryption Scheme

Fully homomorphic encryption (FHE) is a technique that allows computations on encrypted data without the need for decryption and it provides privacy in various applications such as privacy-preserving cloud computing. In this article, we present two hardware architectures optimized for accelerating the encryption and decryption operations of the Brakerski/Fan-Vercauteren (BFV) homomorphic encryption scheme with high-performance polynomial multipliers. For proof of concept, we utilize our architectures in a hardware/software codesign accelerator framework, in which encryption and decryption operations are offloaded to an FPGA device, while the rest of operations in the BFV scheme are executed in software running on an off-the-shelf desktop computer. Specifically, our accelerator framework is optimized to accelerate Simple Encrypted Arithmetic Library (SEAL), developed by the Cryptography Research Group at Microsoft Research. The hardware part of the proposed framework targets the XILINX VIRTEX-7 FPGA device, which communicates with its software part via a peripheral component interconnect express (PCIe) connection. For proof of concept, we implemented our designs targeting 1024-degree polynomials with 8-bit and 32-bit coefficients for plaintext and ciphertext, respectively. The proposed framework achieves almost $12\times $ and $7\times $ latency speedups, including I/O operations for the offloaded encryption and decryption operations, respectively, compared to their pure software implementations.

Encryption Techniques to Ensure Data Confidentiality in Cloud

Cloud computing is proving to be a beneficial model for all types of users as it enables anyone to share and make use of the available pool of resources and get the desired services online. It reduces the operational and maintenance costs since the user needs to pay for what he has used. Databases and applications are moved to the cloud and stored in large data stores of the cloud service provider which may be insecure or untrustworthy. End users want to know the location of data being stored and who have control over the information apart from the owners. They particularly want the data to be secured from unintentional or illegal access even by the service providers. As the data are stored in geographically dispersed area, the data is vulnerable. The most important concern is that data confidentiality is to be attained while data is stored or in transit. To provide confidentiality, initially cryptographic approaches were used that disclose the keys needed for decryption only to the authorized users. But in the cloud, the adopted encryption schemes should support fine-grained access control, high performance, scalability as well as full delegation. In order to share valuable data confidentially on the cloud in a secured way, various encryption techniques are available starting from Identity-Based Encryption, Attribute-Based Encryption, Hierarchical Attribute-Based Encryption, Identity-Based Broadcast Encryption, Searchable Encryption, Homomorphic Encryption, Fully Homomorphic Encryption and so on. This paper analyses some of the recent and popular encryption techniques and discusses the issues related to them.

Improving the Efficiency of SVM Classification With FHE

In an ever more data-centric economy, machine learning models have risen in importance. With the large amounts of data companies collect, they are able to develop highly accurate models to predict the behaviours of their customers. It is thus important to safeguard the data used to build these models to prevent competitors from mimicking their services. In addition, as this type of techniques finds its way into areas that need to deal with more sensitive information, like the medical industry, the privacy of the data that needs to be classified also has to be ensured. Herein, this topic is addressed by homomorphically evaluating Support Vector Machine (SVM) models, in a way that guarantees that a client learns nothing about the model except for the classification of his data, and that the service provider learns nothing about the data. Whereas, previously, Fully Homomorphic Encryption (FHE) has mostly focused on either bit-wise or value-wise computations, SVMs present an additional challenge since they combine both: during an initial phase a kernel function is evaluated that makes use of real arithmetic, and during a second phase the sign bit has to be extracted. Novel techniques are herein proposed that allow for speedups of up to 2.7 and 6.6 for the evaluation of polynomials and the determination of sign, respectively, in comparison to the state of the art. Finally, it is shown that the proposed techniques do not deteriorate the classification accuracy of the SVM models.

PVIDM: Privacy-preserving verifiable shape context based image denoising and matching with efficient outsourcing in the malicious setting

With the emerging techniques of wireless communication and cloud computing, large volumes of multimedia data are outsourced from resource-constrained users to the cloud with abundant resource for both delegated storage and computation. Unfortunately, there exists a risk of users’ image privacy leakage in the process of outsourcing to the cloud in the malicious setting. Most of the existing work achieved privacy-preserving verifiable image feature extraction and matching by using public key (fully) homomorphic encryption (FHE), and the heavy computational overhead and communication overhead cannot adapt to resource-constrained mobile devices. Other works disabled to achieve image denoising in the encrypted domain or only focused on the scale-invariant feature transform (SIFT) descriptor that is inappropriate for position-sensitive feature extraction. To address these issues, in this paper, a privacy-preserving verifiable shape context based image denoising and matching protocol PVIDM with efficient outsourcing in the malicious setting is proposed. To achieve this end, by exploiting any one-way trapdoor permutation, an efficient privacy-preserving verifiable image denoising scheme PPVID is firstly proposed to improve the accuracy of image matching, without exploiting public key FHE. Then, based on PPVID, a lightweight shape context based privacy-preserving verifiable image feature extraction and matching protocol PPVIM is devised, where secure and efficient comparison and counting protocols in the encrypted domain are respectively proposed. Both image privacy and image matching result privacy are well protected, and the correctness of image matching result can be efficiently verified. Finally, formal security proof and extensive simulations on real-world data sets demonstrate the efficiency and practicability of our proposed PVIDM. Especially, both the computational complexity for the usage of any one-way trapdoor permutation at data owner’s/user’s end and the size of the authentication tag generated by the cloud are O(1), independent to both the number of database images and the number of pixels in each image.

Lightweight Privacy-Preserving Training and Evaluation for Discretized Neural Networks

Machine learning, particularly the neural network (NN), is extensively exploited in dizzying applications. In order to reduce the burden of computing for resource-constrained clients, a large number of historical private datasets are required to be outsourced to the semi-trusted or malicious cloud for model training and evaluation. To achieve privacy preservation, most of the existing work either exploited the technique of public key fully homomorphic encryption (FHE) resulting in considerable computational cost and ciphertext expansion, or secure multiparty computation (SMC) requiring multiple rounds of interactions between user and cloud. To address these issues, in this article, a lightweight privacy-preserving model training and evaluation scheme LPTE for discretized NNs (DiNNs) is proposed. First, we put forward an efficient single key fully homomorphic data encapsulation mechanism (SFH-DEM) without exploiting public key FHE. Based on SFH-DEM, a series of atomic calculations over the encrypted domain, including multivariate polynomial, nonlinear activation function, gradient function, and maximum operations are devised as building blocks. Furthermore, a lightweight privacy-preserving model training and evaluation scheme LPTE for DiNNs is proposed, which can also be extended to convolutional NN. Finally, we give the formal security proofs for dataset privacy, model training privacy, and model evaluation privacy under the semi-honest environment and implement the experiment on real dataset MNIST for recognizing handwritten numbers in DiNN to demonstrate the high efficiency and accuracy of our proposed LPTE.

An Efficient Fully Homomorphic Encryption Scheme for Private Information Retrieval in the Cloud

Information retrieval in the cloud is common and convenient. Nevertheless, privacy concerns should not be ignored as the cloud is not fully trustable. Fully Homomorphic Encryption (FHE) allows arbitrary operations to be performed on encrypted data, where the decryption of the result of ciphertext operation equals that of the corresponding plaintext operation. Thus, FHE schemes can be utilized for private information retrieval (PIR) on encrypted data. In the FHE scheme proposed by Ducas and Micciancio (DM), only a single homomorphic NOT AND (NAND) operation is allowed between consecutive ciphertext refreshings. Aiming at this problem, an improved FHE scheme is proposed for efficient PIR where homomorphic additions and multiplications are based on linear operations on ciphertext vectors. Theoretical analysis shows that when compared with the DM scheme, the proposed scheme allows multiple homomorphic additions and a single homomorphic multiplication to be performed. The number of allowed homomorphic additions is determined by the ratio of the ciphertext modulus to the upper bound of initial ciphertext noise. Moreover, simulation results show that the proposed scheme is significantly faster than the DM scheme in the homomorphic evaluation for a series of algorithms.

Private Compound Wildcard Queries Using Fully Homomorphic Encryption

Fully homomorphic encryption (FHE) brings a paradigm shift in cryptographic engineering by enabling us to resolve various unsolved problems. Among them, this work solves the problem to design a private database query (PDQ) protocol that supports compound queries with wildcard conditions on encrypted databases using FHE. More precisely, we consider a setting where clients outsource an encrypted database using FHE to a remote server, and later request results of compound queries including a wildcard search condition–given a set of attribute values $\lbrace A_1, A_2, \ldots, A_{n}\rbrace${A1,A2,...,An} and a search pattern $W$W, retrieve a set of all attribute values $A_i$Ai's in which the pattern $W$W occurs. To this end, we first develop an algorithm for testing whether an encrypted string contains an encrypted pattern without revealing any information of the pattern, taking auxiliary encryptions as additional inputs. Then, using this algorithm, we design PDQ protocols on encrypted databases, which support compound queries using wildcard search conditions. Finally, we demonstrate proof-of-concept implementation results of our protocols by exploiting single-instruction-multiple-data operations and multi-threading techniques.

A privacy‐preserving multifactor authentication system

AbstractIn recent years, there has been a significant number of works on the development of multifactor authentication (MFA) systems. Traditionally, behavioral biometrics (eg, keystroke dynamics) have been known to have the best usability because they do not require one to know or possess anything—they simply communicate “how you type” to an authenticator. However, though highly usable, MFA approaches that are based on biometrics are highly intrusive, and users' sensitive information is exposed to untrusted servers. To address this privacy concern, in this paper, we present a privacy‐preserving MFA system for computer users, called PINTA. In PINTA, the second factor is a hybrid behavioral profile user, while the first authentication factor is a password. The hybrid profile of the user includes host‐based and network flow‐based features. Since the features include users' sensitive information, it needs to be protected from untrusted parties. To protect users' sensitive profiles and to handle the varying nature of the user profiles, we adopt two cryptographic methods: Fuzzy hashing and fully homomorphic encryption (FHE). Our results show that PINTA can successfully validate legitimate users and detect impostors. Although the results are promising, the trade‐off for privacy preservation is a slight reduction in performance compared with traditional identity‐based MFA techniques.

PrivFT: Private and Fast Text Classification With Homomorphic Encryption

The need for privacy-preserving analytics is higher than ever due to the severity of privacy risks and to comply with new privacy regulations leading to an amplified interest in privacy-preserving techniques that try to balance between privacy and utility. In this work, we present an efficient method for Text Classification while preserving the privacy of the content using Fully Homomorphic Encryption (FHE). Our system (named \textbf{Priv}ate \textbf{F}ast \textbf{T}ext (PrivFT)) performs two tasks: 1) making inference of encrypted user inputs using a plaintext model and 2) training an effective model using an encrypted dataset. For inference, we train a supervised model and outline a system for homomorphic inference on encrypted user inputs with zero loss to prediction accuracy. In the second part, we show how to train a model using fully encrypted data to generate an encrypted model. We provide a GPU implementation of the Cheon-Kim-Kim-Song (CKKS) FHE scheme and compare it with existing CPU implementations to achieve 1 to 2 orders of magnitude speedup at various parameter settings. We implement PrivFT in GPUs to achieve a run time per inference of less than 0.66 seconds. Training on a relatively large encrypted dataset is more computationally intensive requiring 5.04 days.

Towards the AlexNet Moment for Homomorphic Encryption: HCNN, the First Homomorphic CNN on Encrypted Data With GPUs

Deep Learning as a Service (DLaaS) stands as a promising solution for cloud-based inference applications. In this setting, the cloud has a pre-learned model whereas the user has samples on which she wants to run the model. The biggest concern with DLaaS is the user privacy if the input samples are sensitive data. We provide here an efficient privacy-preserving system by employing high-end technologies such as Fully Homomorphic Encryption (FHE), Convolutional Neural Networks (CNNs) and Graphics Processing Units (GPUs). FHE, with its widely-known feature of computing on encrypted data, empowers a wide range of privacy-concerned applications. This comes at high cost as it requires enormous computing power. In this article, we show how to accelerate the performance of running CNNs on encrypted data with GPUs. We evaluated two CNNs to classify homomorphically the MNIST and CIFAR-10 datasets. Our solution achieved sufficient security level ( <inline-formula><tex-math notation="LaTeX">$&gt; 80$</tex-math></inline-formula> bit) and reasonable classification accuracy (99) and (77.55 percent) for MNIST and CIFAR-10, respectively. In terms of latency, we could classify an image in 5.16 seconds and 304.43 seconds for MNIST and CIFAR-10, respectively. Our system can also classify a batch of images ( <inline-formula><tex-math notation="LaTeX">$&gt;$</tex-math></inline-formula> 8,000) without extra overhead.