Professional Documents
Culture Documents
Papertoberefered
Papertoberefered
net/publication/281101830
CITATIONS READS
8 2,260
3 authors:
SEE PROFILE
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Luan Cardoso Santos on 17 November 2017.
Abstract— New researches in the field of homomorphic In this work, we show that, for research purposes, a modest
encryption schemes have made it possible to implement a variety domestic computer can be used to implement and execute FHE
of schemes using different techniques and programming schemes, which are deemed too complex and slow for real-
languages. In this paper we describe the implementation of a world applications. The objective is also to produce public
DGHV scheme variant using Python and the GMPY2 library. available code that can be used and improved by other
This scheme was first proposed in 2010, by van Dijk et al, and researchers in their works.
later modified into two variants by Coron in 2011 and 2012,
which reduced the prohibitive size of the public keys, at the cost The current principal homomorphic cryptosystems are
of computational power. Besides that, this paper also present a shown in figure 1. On the branch of “Learning with errors”,
comparison of these implementations with the previous important works are the RLWE scheme proposed by
implementation of Coron’s first variant. Brakersky[6], and the BGV scheme[7]. On the branch of
Keywords— cryptography; homomorphism; post-quantum; lattices, the principal systems were the ones proposed by
python Gentry and Halevi[1]. Lastly, using as the underlying bases
integer arithmetic, we have the DGHV scheme[3], from which
I. INTRODUCTION Coron proposed two variants[2][3].
Modern cryptography is build up on hard-to-solve
problems, such as the factorization of integers and elliptic FHE
curves. With the rise of the quantum computer theory, and
specially the shor algorithm, the current “hard problems” may
not be adequate for the creation of cryptosystem in the future. LWE Integers Lattices
Figure 5: Time comparision on the encrypt primitive It is also viable to compare the execution times of our
previous python implementation of the second variation and
In the figures Figure 4 and Figure 5, the execution times for the one present here, shown in Table 4 and 5.
encrypt and decrypt, we see execution times very minor scale.
That’s one of the characteristics of a homomorphic encryption
scheme, especially regarding the decrypt primitive: It need to TABLE 4: EXECUTION TIME WITH “TOY” SECURITY
have low complexity to enable the scheme to evaluate
Primitive 1st Variation 2nd Variation
homomorphically its own decryption circuit, and generate less
KeyGen 0,6 s 0,6 s
noise on that operation than the amount removed by the
Encrypt
“refresh” of the cyphertext. Our implementation have behaved 0,002 s 0,02 s
within the expected parameters in these three primitives. On Decrypt 0,0001 s 0s
the other hand, we only have been able to execute those in the Expand 1,28103 s 0,02 s
Toy and Small testing instances, due to a memory overflown in
the machine used for tests. In Table 4, the execution times are those with the “Toy”
instance. This security parameter is considered insecure, and
has the function of being just a “test” instance, whose
execution times are useful for comparison and debugging. In
that table, we can observe similar times between both
implementations, with the exception of the expansion
primitive. In that case, the execution time of the first variation
is about 60 times longer. That fact is due to both the differences
between the variations and the overhead of the matrix in the
first implementation.
TABLE 5: EXECUTION TIME WITH “SMALL” SECURITY
Primitive 1st Variation 2nd Variation
KeyGen 10 s 3,6 s
Encrypt 0,01294 s 0,6 s
Figure 6: Time comparision on the expansion primitive Decrypt 0,002 s 0s
Expand 8,08505 s 1,9 s
The Expansion primitive had some difficulties in our
implementation, as shown in the Figure 66, the execution time
of this particular primitive is far too high in comparison to the The execution times shown in Table 5 were generated with
original implementation made by Coron. That occurred due to the “Small” parameters, created with the same propose as Toy,
the time access of the matrix, the generation of the random only for a functional analysis of the scheme, but with higher
numbers and characteristics intrinsic to the python language. parameters then Toy. It is possible to see a great difference in
the execution time of some primitives, for example, the
This variation of the scheme and this python execution time of the KeyGen primitive on the first variation is
implementation can be compared with other python more than two times bigger than the execution time on the
implementation of the second variation proposed by Coron. In second variation due to improvements added in the KeyGen,
the second variation the key size of the public key was reduced prosed by Coron.
even more, from a factor of complexity 𝒪̃ (λ7 ) to ̃𝒪 (λ5 ). That
reduction was gained at the cost of increasing the execution The encrypt primitive of the first variation is faster than the
time of the Recrypt primitive as Coron describe in his paper second variation due to the trade off on the processing-storage
[2]. In a simplistic way, was applied the concept of using a relation. The Expand primitive on the first variation is
pseudo random number generator to generate the necessary approximately four times slower than the second variation, for
values in execution time, only storing correction factors of the same reason previous explained.
The source code of both implementations are available for ACKNOWLEDGMENT
the scientific community in the GitHub website for further We want to express our sincere thank you to all the teachers
modifications and improvement [9][10]. of the Univem department of computer science, who helped us
VI. FUTURE WORKS during our undergrad course and in these works. We would
also like to thank CNPq (National council for scientific and
The continuity of this work will be the improvement of technological development), who gave us studentship and
python code, with the objective of gaining a more efficient allowed us to work on full time.
code. The knowledge accumulated in the creation of this script A special thanks goes to Prof. Dr. Fábio Dacêncio Pereira,
can also be used in the implementation of such primitives in our advisor teacher.
faster language, such as C. Another way to reach
improvements would be the use of code parallelism or the REFERENCES
Python-specific Numba library, as the experiments showed that
these could generate significant gains.
[1] GENTRY, C., e HALEVI, S., "Implementing Gentry's fully-
Currently there are undergrad students in our institution homomorphic encryption scheme," Advances in Cryptology-
working on porting said code to FPGAs and studying it’s use EUROCRYPT 2011, pp. 129-148, 2011.
as authentication on smart cards, being both areas fruitful for [2] CORON, J.S., MANDAL, A., NACCACHE, D. e TIBOUCHI, M.,
applications with cryptography. Besides the FPGA technology, Fully Homomorphic Encryption over the Integers with Shorter Public
research is being made to run an OpenCL or CUDA version of Keys. In P. Rogaway (Ed.), CRYPTO 2011, LNCS, vol. 6841, Springer,
pp. 487-504. Full version available at IACR eprint, 2011.
this code in a general-purpose computing, using a graphics
[3] CORON, Jean-Sébastien; NACCACHE, David; TIBOUCHI, Mehdi.
processing units (GPGPU). The use a “many-core” architecture Public key compression and modulus switching for fully homomorphic
could result in a significant improvement of the execution encryption over the integers. In: Advances in Cryptology–
times on the primitives. As an early result of that research, a EUROCRYPT 2012. Springer Berlin Heidelberg, 2012. p. 446-464.
parallel execution is proposed in the Figure 7where multiple [4] DIJK., M. VAN, GENTRY, C., HALEVI, S. e VAIKUNTANATHAN,
instances of the FHE algorithm runs independently on each V., Fully homomorphic encryption over the integers. In H. Gilbert (Ed.),
input bit. EUROCRYPT 2010, LNCS, vol. 6110, Springer, pp. 24-43, 2010.
[5] GENTRY, C.,A fully homomorphic encryption scheme. Ph.D. thesis,
Stanford University, 2009, Disponivel
em:http://crypto.stanford.edu/craig.
[6] BRAKERSKI, Zvika; VAIKUNTANATHAN, Vinod. Efficient fully
homomorphic encryption from (standard) LWE. SIAM Journal on
Computing, v. 43, n. 2, p. 831-871, 2014.
[7] BRAKERSKI, Zvika, Craig GENTRY, and Vinod
VAIKUNTANATHAN. "(Leveled) fully homomorphic encryption
without bootstrapping." Proceedings of the 3rd Innovations in
Theoretical Computer Science Conference. ACM, 2012.
[8] PAILLIER, Pascal. Public-key cryptosystems based on composite
degree residuosity classes. In: Advances in cryptology—
EUROCRYPT’99. Springer Berlin Heidelberg, 1999. p. 223-238.
[9] Python implementation of Fully Homomorphic Encryption over the
Integers with Shorter Public Keys. Available:
https://github.com/lCardosoSantos/Coron441
[10] Python implementation of the Public Key Compression and Modulus
Switching for Fully Homomorphic Encryption over the Integers.
Available: https://github.com/lCardosoSantos/Coron440
[11] BILAR, Guilherme. SANTOS, Luan Cardoso. "Implementação do
esquema totalmente homomórfico sobre inteiros de chave reduzida" In:
XIV Simpósio Brasileiro em Segurança da Informação e de Sistemas
Computacionais, Anais, p. 444- 453, 2014.