Professional Documents
Culture Documents
1
Agenda
❑Introduction
❑Homomorphic Encryption Types
❑Partially Homomorphic Encryption (PHE)
❑Somewhat Homomorphic Encryption (SWHE)
❑Fully Homomorphic Encryption (FHE)
❑Paillier Cryptosystem
❑Applications
2
Introduction
• The users or service providers with the key have exclusive rights on the
data. Especially with popular cloud services, the control over the privacy of
the sensitive data is lost.
3
Introduction
4
Homomorphic Encryption Types
❑Homomorphic Encryption is classified into three categories:
❑Partially Homomorphic: (Only one operation, for unlimited number of
executions)
❑Somewhat Homomorphic: (Multiple operations for a limited number of
executions)
❑Fully Homomorphic: (Multiple operations for an unlimited number of
executions)
5
Partially Homomorphic Schemes
6
How RSA Support Partially Homomorphic ?
❑ RSA is Multiplicatively homomorphic (but not additively)
If we have 2 encrypted message c1 and c2
e e
c1 = E(m1) = m1 mod n and c2= E(m2) = m2 mod n
c1 x c2 = E(m1) x E(m2)
= (m1 x m2 ) e mod n
= E(m1 x m2)
7
How ElGamal Support Partially
Homomorphic ?
❑ ElGamal is Multiplicatively homomorphic (but not additively)
If we have 2 encrypted message c1 and c2
8
Paillier Cryptosystem
❑ The Paillier cryptosystem has an additive homomorphism property, and it
is relatively efficient and secure. It comprises three algorithms:
9
Paillier Cryptosystem
KeyGen:
Choose two large prime numbers (p, q).
Calculate n = p.q, λ = lcm (p–1, q–1).
Choose a semi-random, nonzero integer, g ϵ Z*n2.
Define L(u) = (u–1)/n.
Calculate μ = (L(gλ mod n2))-1 mod n.
The public key is Kpub = (n, g)
The private key is Kpri = (μ, λ).
Enc:
Given a message m ϵ Zn.
Choose a random number r ϵ Z*n.
Compute the ciphertext C = Enc(m) = gm. rn mod n2
Dec:
Given the ciphertext C ϵ Z*n2,
L(Cλ mod n2)
Recover the message Dec(C) = L(Cλ mod n2) . μ mod n = mod n = m
L(gλ mod n2) 10
Mathematical Scheme
Encryption and Decryption Algorithm
11
Mathematical Scheme
Encryption and Decryption Algorithm
12
Paillier Cryptosystem Example
KeyGen Example:
Choose two large prime numbers (p, q) → (7,11).
The public key is Kpub = (n, g) → (77,5652)
Calculate n = p.q → (77), λ = lcm (p–1, q–1) → lcm(6,10) → (30).
The private key is Kpri = (μ, λ) → (74,30)
Define L(u) = (u–1)/n. Choose a generator g ϵ Z*n2 → (5652)
Calculate μ = (L(gλ mod n2))-1 mod n.
1 n 77
μ = L(gλ mod n2) mod n = gλ mod n2- 1
mod n = 565230 mod 5929-1 mod 77 → (74).
Enc Example:
Given a message m ϵ Zn → (42).
Choose a random number r ϵ Z*n → (23).
Compute the ciphertext C = Enc(m) = gm. rn mod n2 → C = 565242. 2377 mod 5929 → (4624)
30
m = 4624 mod 5929-1 . 74 mod 77 =63.74 mod 77= 42 mod 77 = 42
Original
77 Message 13
How Paillier Cryptosystem Support Partially
Homomorphic ?
❑ Paillier is Additively homomorphic
If we have 2 encrypted message c1 and c2
n n
c1 = E(m1) = gm1. r1 mod n2 and c2 = E(m2) = gm2. r2 mod n2
c1 x c2 = E(m1) x E(m2)
= gm1 . r1n mod n2 x gm2 . r 2n mod n2 This is what I care
about it
= (gm1 . r 1n) . (gm2 . r 2n)mod n2
= g(m1+m2) . (r1 . r2) n mod n2
= E(m1 + m2)
E(m1) x E(m2) = E(m1 + m2)
14
How Paillier Cryptosystem Support Partially
Homomorphic ?
m1 = 30 and r1 = 23 and m2 = 25 and r2 = 34
c1 = E(m1) = 565230. 2377 mod 5929 and c2= E(m2) = 565225. 3477 mod 5929
c1 x c2 = E(m1) x E(m2)
= 565230. 2377 mod 5929 x 565225. 3477 mod 5929
= (565230. 2377) . (565225. 3477)mod 5929
= 5652(30+25) . (23 . 34)77 mod 5929 = 5652(55) . (782)77 mod 5929
= 2179
16
Applications
❑ Smart Metering Infrastructure privacy preservation
❑ E‐Voting
17
Applications (AMI Network)
❑ The AMI fulfill the two way communication that connect the utility to the consumer
❑ Multi-hop structure, smart meters usually communicate with each other through wireless
communication and they route each other message to the gateway.
18
Applications (AMI Network)
Three scenarios:
❑ Spatial Aggregation
❑ Temporal Aggregation
❑ Spatio‐Temporal Aggregation
19
Applications (AMI Network)
❑ Spatial Aggregation
20
Applications (AMI Network)
❑ Spatial Aggregation
21
Applications (AMI Network)
❑ Temporal Aggregation
22
Applications (AMI Network)
❑ Spatio‐Temporal Aggregation
23
Applications (AMI Network)
❑ Performance Analysis of Three schemes
24
References
[1] Michael O’Keeffe, “The Paillier Cryptosystem, A Look Into The Cryptosystem And Its Potential
Application”
[2] Erkin, Z., Tsudik, G. (2012). Private Computation of Spatial and Temporal Power Consumption with Smart
Meters. In: Bao, F., Samarati, P., Zhou, J. (eds) Applied Cryptography and Network Security. ACNS 2012.
Lecture Notes in Computer Science, vol 7341. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-
642-31284-7_33
[3] Mark A. Will, Ryan K.L. Ko, Chapter 5 - A guide to homomorphic encryption,Editor(s): Ryan Ko, Kim-Kwang
Raymond Choo,The Cloud Security Ecosystem,Syngress, 2015,
[4] Paillier, P. (1999). Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In: Stern, J.
(eds) Advances in Cryptology — EUROCRYPT ’99. EUROCRYPT 1999. Lecture Notes in Computer Science, vol
1592. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48910-X_16
25
26