Hommomrphic Encryption - Islam

Homomorphic Encryption
ECE 6900: Security and privacy preservation in wireless networks
Supervisor: Prof. Mohamed Mahmoud
Presented By: Islam Elgarhy
1
Agenda
❑Introduction
❑Homomorphic Encryption Types
❑Partially Homomorphic Encryption (PHE)
❑Somewhat Homomorphic Encryption (SWHE)
❑Fully Homomorphic Encryption (FHE)
❑Paillier Cryptosystem
❑Applications
2
Introduction
❑Legacy encryption systems depend on sharing a key (public or private) among

the peers involved in exchanging an encrypted message. However, this
approach poses privacy concerns.
• The users or service providers with the key have exclusive rights on the
data. Especially with popular cloud services, the control over the privacy of
the sensitive data is lost.
3
Introduction
❑Homomorphic Encryption (HE), a special kind of encryption scheme, can

address these concerns as it allows any third party to operate on the
encrypted data without decrypting it in advance.
❑i.e. E (𝑚1⊙ 𝑚2) = 𝐸 (𝑚1) ⊙ 𝐸(𝑚2)
4
Homomorphic Encryption Types
❑Homomorphic Encryption is classified into three categories:
❑Partially Homomorphic: (Only one operation, for unlimited number of
executions)
❑Somewhat Homomorphic: (Multiple operations for a limited number of
executions)
❑Fully Homomorphic: (Multiple operations for an unlimited number of
executions)
5
Partially Homomorphic Schemes
❑ RSA, ElGamal work for Multiplication

❑ Paillier work for Addition
6
How RSA Support Partially Homomorphic ?
❑ RSA is Multiplicatively homomorphic (but not additively)
If we have 2 encrypted message c1 and c2
e e
c1 = E(m1) = m1 mod n and c2= E(m2) = m2 mod n
c1 x c2 = E(m1) x E(m2)
= (m1 e mod n) x (m2e mod n)
= (m1 x m2 ) e mod n
= E(m1 x m2)
E(m1) x E(m2) = E(m1 x m2)
7
How ElGamal Support Partially
Homomorphic ?
❑ ElGamal is Multiplicatively homomorphic (but not additively)
c1 = E(m1) = gr1 , m1 Ar1 and c2 = E(m2) = gr2 , m2 Ar2

c1 x c2 = E(m1) x E(m2)
=(gr1 , m1 Ar1) (gr2 , m2 Ar2)
= (gr1 + r2,(m1 · m2) Ar1 + r2)
= E(m1 x m2)
E(m1) x E(m2) = E(m1 x m2)
8
Paillier Cryptosystem
❑ The Paillier cryptosystem has an additive homomorphism property, and it
is relatively efficient and secure. It comprises three algorithms:
1. Key Generation algorithm (KeyGen)

2. Encryption algorithm (Enc)
3. Decryption algorithm (Dec)
9
Paillier Cryptosystem
KeyGen:
Choose two large prime numbers (p, q).
Calculate n = p.q, λ = lcm (p–1, q–1).
Choose a semi-random, nonzero integer, g ϵ Z*n2.
Define L(u) = (u–1)/n.
Calculate μ = (L(gλ mod n2))-1 mod n.
The public key is Kpub = (n, g)
The private key is Kpri = (μ, λ).
Enc:
Given a message m ϵ Zn.
Choose a random number r ϵ Z*n.
Compute the ciphertext C = Enc(m) = gm. rn mod n2
Dec:
Given the ciphertext C ϵ Z*n2,
L(Cλ mod n2)
Recover the message Dec(C) = L(Cλ mod n2) . μ mod n = mod n = m
L(gλ mod n2) 10
Mathematical Scheme
Encryption and Decryption Algorithm
Or g ϵ Z*n2 , could have the general

form = (1 + 𝑛)𝛼 𝑅 𝑛 mode 𝑛2 where
α and R randomly from a set Z*n
11
Mathematical Scheme
Encryption and Decryption Algorithm
12
Paillier Cryptosystem Example
KeyGen Example:
Choose two large prime numbers (p, q) → (7,11).
The public key is Kpub = (n, g) → (77,5652)
Calculate n = p.q → (77), λ = lcm (p–1, q–1) → lcm(6,10) → (30).
The private key is Kpri = (μ, λ) → (74,30)
Define L(u) = (u–1)/n. Choose a generator g ϵ Z*n2 → (5652)
Calculate μ = (L(gλ mod n2))-1 mod n.
1 n 77
μ = L(gλ mod n2) mod n = gλ mod n2- 1
mod n = 565230 mod 5929-1 mod 77 → (74).
Enc Example:
Given a message m ϵ Zn → (42).
Choose a random number r ϵ Z*n → (23).
Compute the ciphertext C = Enc(m) = gm. rn mod n2 → C = 565242. 2377 mod 5929 → (4624)
Dec Example : Encrypted

Message
Given the ciphertext C ϵ Z* n2,
Recover the message m = Dec(C) = L(Cλ mod n2) . μ mod n → m = L(462430 mod 5929) . 74 mod 77
30
m = 4624 mod 5929-1 . 74 mod 77 =63.74 mod 77= 42 mod 77 = 42
Original
77 Message 13
How Paillier Cryptosystem Support Partially
Homomorphic ?
❑ Paillier is Additively homomorphic
n n
c1 = E(m1) = gm1. r1 mod n2 and c2 = E(m2) = gm2. r2 mod n2
c1 x c2 = E(m1) x E(m2)
= gm1 . r1n mod n2 x gm2 . r 2n mod n2 This is what I care
about it
= (gm1 . r 1n) . (gm2 . r 2n)mod n2
= g(m1+m2) . (r1 . r2) n mod n2
= E(m1 + m2)
E(m1) x E(m2) = E(m1 + m2)
14
How Paillier Cryptosystem Support Partially
Homomorphic ?
m1 = 30 and r1 = 23 and m2 = 25 and r2 = 34
c1 = E(m1) = 565230. 2377 mod 5929 and c2= E(m2) = 565225. 3477 mod 5929
c1 x c2 = E(m1) x E(m2)
= 565230. 2377 mod 5929 x 565225. 3477 mod 5929
= (565230. 2377) . (565225. 3477)mod 5929
= 5652(30+25) . (23 . 34)77 mod 5929 = 5652(55) . (782)77 mod 5929
= 2179
Recover the message m = Dec(C) = L(Cλ mod n2) . μ mod n

m = L(217930 mod 5929) . 74 mod 77
m= 2179 30 mod 5929 -1

. 74 mod 77 = 2442 mod 77 = 55
77
Aggregation of
• 55 = 30 + 25 Original Message 15
Homomorphism Properties
16
Applications
❑ Smart Metering Infrastructure privacy preservation
❑ E‐Voting
17
Applications (AMI Network)
❑ The AMI fulfill the two way communication that connect the utility to the consumer
❑ Multi-hop structure, smart meters usually communicate with each other through wireless
communication and they route each other message to the gateway.
❑ AMI network suffer from privacy preserving problems. (Fine-Grained → Privacy

Information)
18
Three scenarios:
❑ Spatial Aggregation
❑ Temporal Aggregation
❑ Spatio‐Temporal Aggregation
19
20
21
❑ Temporal Aggregation
22
❑ Spatio‐Temporal Aggregation
23
❑ Performance Analysis of Three schemes
24
References
[1] Michael O’Keeffe, “The Paillier Cryptosystem, A Look Into The Cryptosystem And Its Potential
Application”
[2] Erkin, Z., Tsudik, G. (2012). Private Computation of Spatial and Temporal Power Consumption with Smart
Meters. In: Bao, F., Samarati, P., Zhou, J. (eds) Applied Cryptography and Network Security. ACNS 2012.
Lecture Notes in Computer Science, vol 7341. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-
642-31284-7_33
[3] Mark A. Will, Ryan K.L. Ko, Chapter 5 - A guide to homomorphic encryption,Editor(s): Ryan Ko, Kim-Kwang
Raymond Choo,The Cloud Security Ecosystem,Syngress, 2015,
[4] Paillier, P. (1999). Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In: Stern, J.
(eds) Advances in Cryptology — EUROCRYPT ’99. EUROCRYPT 1999. Lecture Notes in Computer Science, vol
1592. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48910-X_16
25
26

Hommomrphic Encryption - Islam

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Hommomrphic Encryption - Islam

Uploaded by

Copyright:

Available Formats

Homomorphic Encryption

ECE 6900: Security and privacy preservation in wireless networks

Supervisor: Prof. Mohamed Mahmoud

Presented By: Islam Elgarhy

❑Legacy encryption systems depend on sharing a key (public or private) among

❑Homomorphic Encryption (HE), a special kind of encryption scheme, can

❑i.e. E (𝑚1⊙ 𝑚2) = 𝐸 (𝑚1) ⊙ 𝐸(𝑚2)

❑ RSA, ElGamal work for Multiplication

= (m1 e mod n) x (m2e mod n)

E(m1) x E(m2) = E(m1 x m2)

c1 = E(m1) = gr1 , m1 Ar1 and c2 = E(m2) = gr2 , m2 Ar2

E(m1) x E(m2) = E(m1 x m2)

1. Key Generation algorithm (KeyGen)

Or g ϵ Z*n2 , could have the general

Dec Example : Encrypted

Recover the message m = Dec(C) = L(Cλ mod n2) . μ mod n

m= 2179 30 mod 5929 -1

❑ AMI network suffer from privacy preserving problems. (Fine-Grained → Privacy

You might also like