Showing papers on "Ciphertext published in 2019"

Probabilistic encryption & how to play mental poker keeping secret all partial information

Abstract: This paper proposes an Encryption Scheme that possess the following property : An adversary, who knows the encryption algorithm and is given the cyphertext, cannot obtain any information about the clear-text. Any implementation of a Public Key Cryptosystem, as proposed by Diffie and Hellman in [8], should possess this property. Our Encryption Scheme follows the ideas in the number theoretic implementations of a Public Key Cryptosystem due to Rivest, Shamir and Adleman [13], and Rabin [12].

An Improved RNS Variant of the BFV Homomorphic Encryption Scheme

Abstract: We present an optimized variant of the Brakerski/Fan-Vercauteren (BFV) homomorphic encryption scheme and its efficient implementation in PALISADE. Our algorithmic improvements focus on optimizing decryption and homomorphic multiplication in the Residue Number System (RNS), using the Chinese Remainder Theorem (CRT) to represent and manipulate the large coefficients in the ciphertext polynomials. These improvements are based on our original general-purpose techniques for CRT basis extension and scaling that can be applied to many other lattice-based cryptographic primitives. Our variant is simpler and significantly more efficient than the RNS variant proposed by Bajard et al. both in terms of noise growth and the computational complexity of the underlying CRT basis extension and scaling procedures.

Lightweight Fine-Grained Search Over Encrypted Data in Fog Computing

Abstract: Fog computing, as an extension of cloud computing, outsources the encrypted sensitive data to multiple fog nodes on the edge of Internet of Things (IoT) to decrease latency and network congestion. However, the existing ciphertext retrieval schemes rarely focus on the fog computing environment and most of them still impose high computational and storage overhead on resource-limited end users. In this paper, we first present a Lightweight Fine-Grained ciphertexts Search (LFGS) system in fog computing by extending Ciphertext-Policy Attribute-Based Encryption (CP-ABE) and Searchable Encryption (SE) technologies, which can achieve fine-grained access control and keyword search simultaneously. The LFGS can shift partial computational and storage overhead from end users to chosen fog nodes. Furthermore, the basic LFGS system is improved to support conjunctive keyword search and attribute update to avoid returning irrelevant search results and illegal accesses. The formal security analysis shows that the LFGS system can resist Chosen-Keyword Attack (CKA) and Chosen-Plaintext Attack (CPA), and the simulation using a real-world dataset demonstrates that the LFGS system is efficient and feasible in practice.

Improving Attacks on Round-Reduced Speck32/64 Using Deep Learning

Abstract: This paper has four main contributions. First, we calculate the predicted difference distribution of Speck32/64 with one specific input difference under the Markov assumption completely for up to eight rounds and verify that this yields a globally fairly good model of the difference distribution of Speck32/64. Secondly, we show that contrary to conventional wisdom, machine learning can produce very powerful cryptographic distinguishers: for instance, in a simple low-data, chosen plaintext attack on nine rounds of Speck, we present distinguishers based on deep residual neural networks that achieve a mean key rank roughly five times lower than an analogous classical distinguisher using the full difference distribution table. Thirdly, we develop a highly selective key search policy based on a variant of Bayesian optimization which, together with our neural distinguishers, can be used to reduce the remaining security of 11-round Speck32/64 to roughly 38 bits. This is a significant improvement over previous literature. Lastly, we show that our neural distinguishers successfully use features of the ciphertext pair distribution that are invisible to all purely differential distinguishers even given unlimited data.

Privacy-Preserving Cloud-Based Road Condition Monitoring With Source Authentication in VANETs

Abstract: The connected vehicular ad hoc network (VANET) and cloud computing technology allows entities in VANET to enjoy the advantageous storage and computing services offered by some cloud service provider. However, the advantages do not come free, since their combination brings many new security and privacy requirements for VANET applications. In this paper, we investigate the cloud-based road condition monitoring (RCoM) scenario, where the authority needs to monitor real-time road conditions with the help of a cloud server so that it could make sound responses to emergency cases timely. When some bad road condition is detected, e.g., some geologic hazard or accident happens, vehicles on site are able to report such information to a cloud server engaged by the authority. We focus on addressing three key issues in RCoM. First, the vehicles have to be authorized by some roadside unit before generating a road condition report in the domain and uploading it to the cloud server. Second, to guarantee the privacy against the cloud server, the road condition information should be reported in ciphertext format, which requires that the cloud server should be able to distinguish the reported data from different vehicles in ciphertext format for the same place without compromising their confidentiality. Third, the cloud server and authority should be able to validate the report source, i.e., to check whether the road conditions are reported by legitimate vehicles. To address these issues, we present an efficient RCoM scheme, analyze its efficiency theoretically, and demonstrate the practicality through experiments.

nGraph-HE: a graph compiler for deep learning on homomorphically encrypted data

Abstract: Homomorphic encryption (HE)---the ability to perform computation on encrypted data---is an attractive remedy to increasing concerns about data privacy in deep learning (DL). However, building DL models that operate on ciphertext is currently labor-intensive and requires simultaneous expertise in DL, cryptography, and software engineering. DL frameworks and recent advances in graph compilers have greatly accelerated the training and deployment of DL models to various computing platforms. We introduce nGraph-HE, an extension of nGraph, Intel's DL graph compiler, which enables deployment of trained models with popular frameworks such as TensorFlow while simply treating HE as another hardware target. Our graph-compiler approach enables HE-aware optimizations- implemented at compile-time, such as constant folding and HE-SIMD packing, and at run-time, such as special value plaintext bypass. Furthermore, nGraph-HE integrates with DL frameworks such as TensorFlow, enabling data scientists to benchmark DL models with minimal overhead.

Towards Deep Neural Network Training on Encrypted Data

Abstract: While deep learning is a valuable tool for solving many tough problems in computer vision, the success of deep learning models is typically determined by: (i) availability of sufficient training data, (ii) access to extensive computational resources, and (iii) expertise in selecting the right model and hyperparameters for the selected task. Often, the availability of data is the hard part due to compliance, legal, and privacy constraints. Cryptographic techniques such as fully homomorphic encryption (FHE) offer a potential solution by enabling processing on encrypted data. While prior work has been done on using FHE for inferencing, training a deep neural network in the encrypted domain is an extremely challenging task due to the computational complexity of the operations involved. In this paper, we evaluate the feasibility of training neural networks on encrypted data in a completely non-interactive way. Our proposed system uses the open-source FHE toolkit HElib to implement a Stochastic Gradient Descent (SGD)-based training of a neural network. We show that encrypted training can be made more computationally efficient by (i) simplifying the network with minimal degradation of accuracy, (ii) choosing appropriate data representation and resolution, and (iii) packing the data elements within the ciphertext in a smart way so as to minimize the number of operations and facilitate parallelization of FHE computations. Based on the above optimizations, we demonstrate that it is possible to achieve more than 50x speed up while training a fully-connected neural network on the MNIST dataset while achieving reasonable accuracy (96%). Though the cost of training a complex deep learning model from scratch on encrypted data is still very high, this work establishes a solid baseline and paves the way for relatively simpler tasks such as fine-tuning of deep learning models based on encrypted data to be implemented in the near future.

New Framework of Reversible Data Hiding in Encrypted JPEG Bitstreams

Abstract: This paper proposes a novel framework of reversible data hiding in encrypted JPEG bitstream. We first provide a JPEG encryption algorithm to encipher a JPEG image to a smaller size and keep the format compliant to JPEG decoders. After an image owner uploads the encrypted JPEG bitstreams to cloud storage, the server embeds additional messages into the ciphertext to construct a marked encrypted JPEG bitstream. During data hiding, we propose a combined embedding algorithm including two stages, the Huffman code mapping and the ordered histogram shifting. The embedding procedure is reversible. When an authorized user requires a downloading operation, the server extracts additional messages from the marked encrypted JPEG bitstream and recovers the original encrypted bitstream losslessly. After downloading, the user obtains the original JPEG bitstream by a direct decryption. The proposed framework outperforms previous works on reversible data hiding in encrypted images. First, since the tasks of data embedding/extraction and bitstream recovery are all accomplished by the server, the image owner and the authorized user are required to implement no extra operations except JPEG encryption or decryption. Second, the embedding payload is larger than state-of-the-art works.

A Secure Cloud Storage Framework With Access Control Based on Blockchain

Abstract: Now more and more data are being outsourced to cloud services. In order to ensure data security and privacy, data are usually stored on the cloud server in the form of ciphertext. When a user requests access to the encrypted data, an access key distributed by a third party is needed. However, if the third party is dishonest, the security of the system will be threatened. Faced with this problem, in this paper, we propose a new secure cloud storage framework with access control by using the Ethereum blockchain technology. Our new scheme is a combination of Ethereum blockchain and ciphertext-policy attribute-based encryption (CP-ABE). The proposed cloud storage framework is decentralized, that is, there is no trusted third party in the system. Our scheme has three main features. First, as the Ethereum blockchain technology is used, the data owner can store ciphertext of data through smart contracts in a blockchain network. Second, the data owner can set valid access periods for data usage so that the ciphertext can only be decrypted during valid access periods. Finally, as the creation and invocation of each smart contract can be stored in the blockchain, thus, the function of the trace is achieved. The analysis of the security and experiment shows that our scheme is feasible.

A Secure and Fast Image Encryption Scheme based on Double Chaotic S-Boxes

Abstract: In order to improve the security and efficiency of image encryption systems comprehensively, a novel chaotic S-box based image encryption scheme is proposed. Firstly, a new compound chaotic system, Sine-Tent map, is proposed to widen the chaotic range and improve the chaotic performance of 1D discrete chaotic maps. As a result, the new compound chaotic system is more suitable for cryptosystem. Secondly, an efficient and simple method for generating S-boxes is proposed, which can greatly improve the efficiency of S-box production. Thirdly, a novel double S-box based image encryption algorithm is proposed. By introducing equivalent key sequences {r, t} related with image ciphertext, the proposed cryptosystem can resist the four classical types of attacks, which is an advantage over other S-box based encryption schemes. Furthermore, it enhanced the resistance of the system to differential analysis attack by two rounds of forward and backward confusion-diffusion operation with double S-boxes. The simulation results and security analysis verify the effectiveness of the proposed scheme. The new scheme has obvious efficiency advantages, which means that it has better application potential in real-time image encryption.

NormaChain: A Blockchain-Based Normalized Autonomous Transaction Settlement System for IoT-Based E-Commerce

Abstract: Internet of Things (IoT)-based E-commerce is a new business model that relies on autonomous transaction management on IoT-devices. The management system toward IoT-based E-commerce demands autonomy, lightweight, and legitimacy. As blockchain is an innovative technology that is competent in governing the decentralized network, we adopt it to design the autonomous transaction management system on IoT E-commerce. However, current blockchain solutions, most namely cryptocurrencies, have fatal drawbacks of nonsupervisability and huge computational overhead, and hence cannot be directly applied on IoT-based E-commerce. In this paper, we propose NormaChain, a blockchain-based normalized autonomous transaction settlement system for IoT-based E-commerce. By designing a special three-layer sharding blockchain network, we can significantly increase transaction efficiency and system scalability. Additionally, by designing an innovative decentralized public key searchable encryption scheme (decentralized public key encryption with keyword search (PEKS) scheme), we can uncover illegal and criminal transactions and achieve crime traceability. Our new decentralized PEKS scheme cryptographically eliminates the dependence of a trusted central authority in the original PEKS scheme and instead expands it to a fully decentralized governance, which distributes the supervision power equally among all parties. More importantly, by proving NormaChain is secure against chosen ciphertext attacks and against the stealing of the secret key, we show that NormaChain prevents a legitimate user’s privacy from being violated by banks, supervisors or malicious adversaries. Finally, we deliver the NormaChain system with design details and full implementations. Experiments show that the average transaction-per-second on IoT devices is around 113, and the supervision accuracy is 100% when proper target illegal keywords are provided.

Attribute-Based Storage Supporting Secure Deduplication of Encrypted Data in Cloud

Abstract: Attribute-based encryption (ABE) has been widely used in cloud computing where a data provider outsources his/her encrypted data to a cloud service provider, and can share the data with users possessing specific credentials (or attributes). However, the standard ABE system does not support secure deduplication, which is crucial for eliminating duplicate copies of identical data in order to save storage space and network bandwidth. In this paper, we present an attribute-based storage system with secure deduplication in a hybrid cloud setting, where a private cloud is responsible for duplicate detection and a public cloud manages the storage. Compared with the prior data deduplication systems, our system has two advantages. First, it can be used to confidentially share data with users by specifying access policies rather than sharing decryption keys. Second, it achieves the standard notion of semantic security for data confidentiality while existing systems only achieve it by defining a weaker security notion. In addition, we put forth a methodology to modify a ciphertext over one access policy into ciphertexts of the same plaintext but under other access policies without revealing the underlying plaintext.

CP-ABSE: A Ciphertext-Policy Attribute-Based Searchable Encryption Scheme

Abstract: Searchable encryption provides an effective mechanism that achieves secure search over encrypted data. A popular application model of searchable encryption is that a data owner stores encrypted data to a server and the server can effectively perform keyword-based search over encrypted data according to a query trapdoor submitted by a data user, where the owner’s data and the user’s queries are kept secret in the server. Recently, many searchable encryptions have been proposed to achieve better security and performance, provide secure data updatable feature ( dynamics ), and search results verifiable capability ( verifiability ). However, most of the existing works endow the data user an unlimited search capacities and do not consider a data user’s search permissions. In practical application, granting search privileges for data users is a very important measure to enforce data access control. In this paper, we propose an attribute-based searchable encryption scheme by leveraging the ciphertext-policy attribute-based encryption technique. Our scheme allows the data owner to conduct a fine-grained search authorization for a data user. The main idea is that a data owner encrypts an index keyword under a specified access policy, if and only if, a data user’s attributes satisfy the access policy, the data user can perform search over the encrypted index keyword. We provide the detailed correctness analyses, performance analyses, and security proofs for our scheme. The extensive experiments demonstrate that our proposed scheme outperforms the similar work CP-ABKS proposed by Zheng on many aspects.

An Efficient Attribute-Based Encryption Scheme With Policy Update and File Update in Cloud Computing

Abstract: Recently, more and more users and enterprises have entrusted data storage and platform construction to proxy cloud service provider (PCSP) through cloud technology. Under this background, the attribute-based encryption (ABE) mechanism is an alternative to fill the drawbacks of the traditional encryption through flexible fine-grained access policy and collusion prevention. However, there exist some security issues when the access policy and file need to be updated in practical applications. And the ABE has the problems of excessive computation and storage costs. In this article, an efficient ciphertext-policy ABE scheme with policy update and file update is proposed in cloud computing. The ciphertext components generated by first encryption can be shared when the policy update and file update happens. It reduces the storage and communication costs of the client, and the computational cost of the PCSP. Moreover, the proposed scheme is proved to be secure under the assumption of decision q-parallel bilinear Diffie–Hellman exponent (BDHE). Finally, experimental simulation shows that the proposed scheme is highly efficient in terms of policy update and file update.

Efficient and privacy-preserving traceable attribute-based encryption in blockchain

Abstract: Attribute-based encryption, especially ciphertext-policy attribute-based encryption, plays an important role in the data sharing. In the process of data sharing, the secret key does not contain the specific information of users, who may share his secret key with other users for benefits without being discovered. In addition, the attribute authority can generate the secret key from any attribute set. If the secret key is abused, it is difficult to judge whether the abused private key comes from users or the attribute authority. Besides, the access control structure usually leaks sensitive information in a distributed network, and the efficiency of attribute-based encryption is a bottleneck of its applications. Fortunately, blockchain technology can guarantee the integrity and non-repudiation of data. In view of the above issues, an efficient and privacy-preserving traceable attribute-based encryption scheme is proposed. In the proposed scheme, blockchain technologies are used to guarantee both integrity and non-repudiation of data, and the ciphertext can be quickly generated by using the pre-encryption technology. Moreover, attributes are hidden in anonymous access control structures by using the attribute bloom filter. When a secret key is abused, the source of the abused secret key can be audited. Security and performance analysis show that the proposed scheme is secure and efficient.

Privacy Protection and Data Security in Cloud Computing: A Survey, Challenges, and Solutions

Abstract: Privacy and security are the most important issues to the popularity of cloud computing service. In recent years, there are many research schemes of cloud computing privacy protection based on access control, attribute-based encryption (ABE), trust and reputation, but they are scattered and lack unified logic. In this paper, we systematically review and analyze relevant research achievements. First, we discuss the architecture, concepts and several shortcomings of cloud computing, and propose a framework of privacy protection; second, we discuss and analyze basic ABE, KP-ABE (key policy attribute-based encryption), CP-ABE (ciphertext policy attribute-based encryption), access structure, revocation mechanism, multi-authority, fine-grained, trace mechanism, proxy re-encryption (PRE), hierarchical encryption, searchable encryption (SE), trust, reputation, extension of tradition access control and hierarchical key; third, we propose the research challenge and future direction of the privacy protection in the cloud computing; finally, we point out corresponding privacy protection laws to make up for the technical deficiencies.

A High Capacity Multi-Level Approach for Reversible Data Hiding in Encrypted Images

Abstract: This paper proposes a novel method of reversible data hiding in encrypted images (RDH-EI). We first provide an RDH-EI approach using single-level embedding, in which three parties are involved, including an image owner, a data hider, and a recipient. The image owner encrypts an original image into a ciphertext image. After dividing the original image into blocks, the owner pseudo-randomly permutes all blocks by a permutation key. With an encryption key, the image owner further encrypts the contents of all blocks using a stream cipher algorithm, during which pixels inside each block share the same stream bytes. Once the encrypted image is uploaded onto the server, a data hider embeds additional messages into the ciphertext. The data hider divides the encrypted image into blocks and selects peak pixels from each block using an embedding key. With the peak pixels, the data hider embeds an additional message using histogram shifting inside each block. On the receiver side, a recipient extracts the hidden message using the embedding key, and losslessly recover the original image with the permutation key and the encryption key. Based on the single-level algorithm, we further construct a multi-level approach. The embedding process is iteratively used to generate the marked encrypted images. Compared with state-of-the-art works, the proposed method achieves a better embedding efficiency and an error-free recovery.

Fixed-time synchronization control of memristive MAM neural networks with mixed delays and application in chaotic secure communication

Abstract: In this paper, the fixed-time synchronization control problem of memristive multidirectional associative memory neural networks (MMAMNNs) is considered. Based on the nonlinear and chaos characteristics of memristor, a chaotic model is constructed. And then, utilizing the Lyapunov stability theory, two appropriate controllers are constructed and different activation functions are used. This control method ensures that drive system and response system can achieve synchronization within a fixed time. So, compared with previous studies, it has more practical value. In addition, we present a fixed-time synchronization chaotic encryption method, the chaos characteristic of the model is used to encrypt plaintext, and the decryption of ciphertext is realized based on the synchronization control theories. Finally, several numerical simulations are given to demonstrate the validity of the theories and the chaotic secure communication scheme.

A new image encryption algorithm with nonlinear-diffusion based on Multiple coupled map lattices

Abstract: This paper proposes a new spatiotemporal chaos system named Multiple coupled map lattices (MCML). The proposed spatiotemporal chaos system has outstanding cryptographic features, which is very suitable for encryption algorithms. Based on this system, this paper proposes a new image encryption algorithm. The proposed algorithm employs the strategy of nonlinear-diffusion for the first time, and simultaneously performs shuffling and diffusion. The ciphertext value of each pixel in the diffusion phase depends on a chaotic interference value, a pixel value of the plain image, and two values of the ciphered image non-adjacent to it. This strategy reduces the correlation between adjacent pixels of the plain image as well as the correlation between the R, G and B components of color image. Theoretical analysis and experimental results prove the high efficiency and security of the proposed algorithm.

Lattice-Based Public Key Cryptosystem for Internet of Things Environment: Challenges and Solutions

Abstract: Due to its widespread popularity and usage in many applications (smart transport, energy management, ${e}$ -healthcare, smart ecosystem, and so on), the Internet of Things (IoT) has become popular among end users over the last few years. However, with an exponential increase in the usage of IoT technologies, we have been witnessing an increase in the number of cyber attacks on the IoT environment. An adversary can capture the private key shared between users and devices and can launch various attacks, such as IoT ransomware, Mirai botnet, man-in-the-middle, denial of service, chosen plaintext, and chosen ciphertext. To mitigate these security attacks on the IoT environment, the traditional public key cryptographic primitives are inadequate because of their high computational and communication costs. Therefore, lattice-based public-key cryptosystem (LB-PKC) is a promising technique for secure communication. We discuss the taxonomy of two major problems, namely, the shortest path and the closest path problems with respect to the applicability of lattice-based cryptographic primitives for IoT devices. Moreover, we also discuss various LB-PKC techniques, such as NTRU, learning with errors (LWEs), and ring-LWE (R-LWE) which are often used to solve shortest path and lattice NP-hard problems in a polynomial time. We further classify the R-LWE into three categories, namely identity-based encryption, homomorphic encryption, and secure authentication key exchange. We describe the operations and algorithms adopted in each of these encryption mechanisms. Finally, we discuss the challenges, open issues, and future directions for applying LB-PKC in the IoT environment.

A Chaos-Based Image Encryption Technique Utilizing Hilbert Curves and H-Fractals

Abstract: Image encryption is the most direct and effective technical means for protecting the security of image information. Based on the space filling property of the Hilbert curve and the infinite property of the H-geometric fractal, a new image encryption technique is proposed, which combines the pseudo-randomness of a hyperchaotic system and the sensitivity to initial values. First, the hash value of a plaintext image is calculated using the secure hash algorithm 3 (SHA-3) as the initial value of the piece-wise linear chaotic map (PWLCM) and Rossler chaotic systems, which associates the key with the plaintext. In addition, the chaotic sequences that are generated by the chaotic systems are used to scramble the global pixel positions and the pixel values of the images, thereby disturbing the distribution of the pixel positions and the pixel values. Second, the Hilbert curve and H-fractal are alternately used to scramble the local pixel positions and diffuse the pixel values twice. Finally, the ciphertext feedback is used to further enhance the confusion and diffusion characteristics of the algorithm in order to achieve higher security. The experimental results and security analysis show that the encryption technique has enough key space to resist exhaustive attacks and can effectively resist statistical attacks, differential attacks, noise attacks, and cropping attacks. It can be used for military, judicial, and other privacy-related digital images secure storage and network security transmissions.

Enhancement of a Lightweight Attribute-Based Encryption Scheme for the Internet of Things

Abstract: In this paper, we present the enhancement of a lightweight key-policy attribute-based encryption (KP-ABE) scheme designed for the Internet of Things (IoT). The KP-ABE scheme was claimed to achieve ciphertext indistinguishability under chosen-plaintext attack in the selective-set model but we show that the KP-ABE scheme is insecure even in the weaker security notion, namely, one-way encryption under the same attack and model. In particular, we show that an attacker can decrypt a ciphertext which does not satisfy the policy imposed on his decryption key. Subsequently, we propose an efficient fix to the KP-ABE scheme as well as extending it to be a hierarchical KP-ABE (H-KP-ABE) scheme that can support role delegation in IoT applications. An example of applying our H-KP-ABE on an IoT-connected healthcare system is given to highlight the benefit of the delegation feature. Lastly, using the NIST curves secp192k1 and secp256k1, we benchmark the fixed (hierarchical) KP-ABE scheme on an Android phone and the result shows that the scheme is still the fastest in the literature.

The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation Of Bluetooth BR/EDR

Abstract: We present an attack on the encryption key negotiation protocol of Bluetooth BR/EDR. The attack allows a third party, without knowledge of any secret material (such as link and encryption keys), to make two (or more) victims agree on an encryption key with only 1 byte (8 bits) of entropy. Such low entropy enables the attacker to easily brute force the negotiated encryption keys, decrypt the eavesdropped ciphertext, and inject valid encrypted messages (in real-time). The attack is stealthy because the encryption key negotiation is transparent to the Bluetooth users. The attack is standard-compliant because all Bluetooth BR/EDR versions require to support encryption keys with entropy between 1 and 16 bytes and do not secure the key negotiation protocol. As a result, the attacker completely breaks Bluetooth BR/EDR security without being detected. We call our attack Key Negotiation Of Bluetooth (KNOB) attack. The attack targets the firmware of the Bluetooth chip because the firmware (Bluetooth controller) implements all the security features of Bluetooth BR/EDR. As a standard-compliant attack, it is expected to be effective on any firmware that follows the specification and on any device using a vulnerable firmware. We describe how to perform the KNOB attack, and we implement it. We evaluate our implementation on more than 14 Bluetooth chips from popular manufacturers such as Intel, Broadcom, Apple, and Qualcomm. Our results demonstrate that all tested devices are vulnerable to the KNOB attack. We discuss countermeasures to fix the Bluetooth specification and its implementation.

Improved Bootstrapping for Approximate Homomorphic Encryption

Abstract: Since Cheon et al. introduced a homomorphic encryption scheme for approximate arithmetic (Asiacrypt ’17), it has been recognized as suitable for important real-life usecases of homomorphic encryption, including training of machine learning models over encrypted data. A follow up work by Cheon et al. (Eurocrypt ’18) described an approximate bootstrapping procedure for the scheme. In this work, we improve upon the previous bootstrapping result. We improve the amortized bootstrapping time per plaintext slot by two orders of magnitude, from \(\sim \)1 s to \(\sim \)0.01 s. To achieve this result, we adopt a smart level-collapsing technique for evaluating DFT-like linear transforms on a ciphertext. Also, we replace the Taylor approximation of the sine function with a more accurate and numerically stable Chebyshev approximation, and design a modified version of the Paterson-Stockmeyer algorithm for fast evaluation of Chebyshev polynomials over encrypted data.