Homomorphic evaluation of hash functions offers a solution to the challenge of data integrity authentication in the context of homomorphic encryption. The earliest attempt to achieve homomorphic evaluation of SHA-256 hash function was proposed by Mella and Susella (in: Cryptography and coding—14th IMA international conference, IMACC 2013. Lecture notes in computer science, vol 8308. Springer, Heidelberg, pp 28–44, 2013. https://doi.org/10.1007/978-3-642-45239-0_3.) based on the BGV scheme. Unfortunately, their implementation faced significant limitations due to the exceedingly high multiplicative depth, rendering it impractical. Recently, a homomorphic implementation of SHA-256 based on the TFHE scheme (Homomorphic evaluation of SHA-256. https://github.com/zama-ai/tfhe-rs/tree/main/tfhe/examples/sha256_bool) brings it from theory to reality, however, its current efficiency remains insufficient. In this paper, we revisit the homomorphic evaluation of the SHA-256 hash function in the context of TFHE, further reducing the reliance on gate bootstrapping and enhancing evaluation latency. Specifically, we primarily utilize ternary gates to reduce the number of gate bootstrappings required for logic functions in message expansion and addition of modulo 232\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$$2^{32}$$\\end{document} in iterative compression. Furthermore, we demonstrate that our optimization techniques are applicable to the Chinese commercial cryptographic hash SM3. Finally, we give specific comparative implementations based on the TFHE-rs library. Experiments demonstrate that our optimization techniques lead to an improvement of approximately 35–50% compared with the state-of-the-art result under different cores.
Read full abstract