Showing papers on "Homomorphic secret sharing published in 2012"

Fully homomorphic encryption with polylog overhead

Abstract: We show that homomorphic evaluation of (wide enough) arithmetic circuits can be accomplished with only polylogarithmic overhead. Namely, we present a construction of fully homomorphic encryption (FHE) schemes that for security parameter λ can evaluate any width-Ω(λ) circuit with t gates in time t· polylog(λ). To get low overhead, we use the recent batch homomorphic evaluation techniques of Smart-Vercauteren and Brakerski-Gentry-Vaikuntanathan, who showed that homomorphic operations can be applied to "packed" ciphertexts that encrypt vectors of plaintext elements. In this work, we introduce permuting/routing techniques to move plaintext elements across these vectors efficiently. Hence, we are able to implement general arithmetic circuit in a batched fashion without ever needing to "unpack" the plaintext vectors. We also introduce some other optimizations that can speed up homomorphic evaluation in certain cases. For example, we show how to use the Frobenius map to raise plaintext elements to powers of p at the "cost" of a linear operation.

Better bootstrapping in fully homomorphic encryption

Abstract: Gentry's bootstrapping technique is currently the only known method of obtaining a "pure" fully homomorphic encryption (FHE) schemes, and it may offers performance advantages even in cases that do not require pure FHE (e.g., when using the noise-control technique of Brakerski-Gentry-Vaikuntanathan). The main bottleneck in bootstrapping is the need to evaluate homomorphically the reduction of one integer modulo another. This is typically done by emulating a binary modular reduction circuit, using bit operations on binary representation of integers. We present a simpler approach that bypasses the homomorphic modular-reduction bottleneck to some extent, by working with a modulus very close to a power of two. Our method is easier to describe and implement than the generic binary circuit approach, and we expect it to be faster in practice (although we did not implement it yet). In some cases it also allows us to store the encryption of the secret key as a single ciphertext, thus reducing the size of the public key. We also show how to combine our new method with the SIMD homomorphic computation techniques of Smart-Vercauteren and Gentry-Halevi-Smart, to get a bootstrapping method that works in time quasi-linear in the security parameter. This last part requires extending the techniques from prior work to handle arithmetic not only over fields, but also over some rings. (Specifically, our method uses arithmetic modulo a power of two, rather than over characteristic-two fields.)

Targeted malleability: homomorphic encryption for restricted computations

Abstract: We put forward the notion of targeted malleability: given a homomorphic encryption scheme, in various scenarios we would like to restrict the homomorphic computations one can perform on encrypted data. We introduce a precise framework, generalizing the foundational notion of non-malleability introduced by Dolev, Dwork, and Naor (SICOMP '00), ensuring that the malleability of a scheme is targeted only at a specific set of "allowable" functions.In this setting we are mainly interested in the efficiency of such schemes as a function of the number of repeated homomorphic operations. Whereas constructing a scheme whose ciphertext grows linearly with the number of such operations is straightforward, obtaining more realistic (or merely non-trivial) length guarantees is significantly more challenging.We present two constructions that transform any homomorphic encryption scheme into one that offers targeted malleability. Our constructions rely on standard cryptographic tools and on succinct non-interactive arguments, which are currently known to exist in the standard model based on variants of the knowledge-of-exponent assumption. The two constructions offer somewhat different efficiency guarantees, each of which may be preferable depending on the underlying building blocks.

Method for protecting data used in cloud computing with homomorphic encryption

Abstract: A method for protection of cloud computing includes homomorphic encryption of data. Partially or fully homomorphic encryption allows for data within the cloud to be processed without decryption. A partially or fully homomorphic encryption is provided. The proposed scheme can be used with both an algebraic and analytical approaches. A cloud service is implemented on a server. A client encrypts data using fully homomorphic encryption and sends it to the server. The cloud server performs computations without decryption of the data and returns the encrypted calculation result to the client. The client decrypts the result, and the result coincides with the result of the same calculation performed on the initial plaintext data.

On Fully Homomorphic Encryption

Abstract: Fully homomorphic encryption is an encryption scheme where a party can receive encrypted data and perform arbitrary operations on this data efficiently. The data remains encrypted throughout, but the operations can be done regardless, without having to know the decryption key. Such a scheme would be very advantageous, for example in ensuring the privacy of data that is sent to a third-party service. This is in contrast with schemes like Paillier where you can not perform a multiplication of encrypted data without decrypting the data first, or ElGamal where you can not perform an addition of encrypted data without decrypting the data first. This thesis acts as a survey of the most recent fully homomorphic encryption schemes. We study some of the latest fully homomorphic encryption schemes, make an analysis of them and make a comparison. These schemes have some elements in common: 1. An efficient lattice-based cryptosystem, with security based on the hardness of well-known lattice problems. 2. An evaluation function with definitions for $c_{add}$ and $c_{mult}$, such that the noise does not rapidly increase. 3. Techniques to make the scheme fully homomorphic with this evaluation function. Whenever possible, we rewrite the main results of these schemes in a more detailed and readable format. Apart from Gentry's scheme, the schemes that we choose to discuss are very new. The earliest one was published in October 2011, while some are still only available as eprints. We hope this work can help readers be up to date with the field of fully homomorphic encryption, paving way to further advances in the field.

Ideal Hierarchical Secret Sharing Schemes

Abstract: Hierarchical secret sharing is among the most natural generalizations of threshold secret sharing, and it has attracted a lot of attention since the invention of secret sharing until nowadays. Several constructions of ideal hierarchical secret sharing schemes have been proposed, but it was not known what access structures admit such a scheme. We solve this problem by providing a natural definition for the family of the hierarchical access structures and, more importantly, by presenting a complete characterization of the ideal hierarchical access structures, that is, the ones admitting an ideal secret sharing scheme. Our characterization is based on the well-known connection between ideal secret sharing schemes and matroids and, more specifically, on the connection between ideal multipartite secret sharing schemes and integer polymatroids. In particular, we prove that every hierarchical matroid port admits an ideal linear secret sharing scheme over every large enough finite field. Finally, we use our results to present a new proof for the existing characterization of the ideal weighted threshold access structures.

Ideal Multipartite Secret Sharing Schemes

Abstract: Multipartite secret sharing schemes are those having a multipartite access structure, in which the set of participants is divided into several parts and all participants in the same part play an equivalent role. In this work, the characterization of ideal multipartite access structures is studied with all generality. Our results are based on the well-known connections between ideal secret sharing schemes and matroids and on the introduction of a new combinatorial tool in secret sharing, integer polymatroids . Our results can be summarized as follows. First, we present a characterization of multipartite matroid ports in terms of integer polymatroids. As a consequence of this characterization, a necessary condition for a multipartite access structure to be ideal is obtained. Second, we use representations of integer polymatroids by collections of vector subspaces to characterize the representable multipartite matroids. In this way we obtain a sufficient condition for a multipartite access structure to be ideal, and also a unified framework to study the open problems about the efficiency of the constructions of ideal multipartite secret sharing schemes. Finally, we apply our general results to obtain a complete characterization of ideal tripartite access structures, which was until now an open problem.

Delegatable homomorphic encryption with applications to secure outsourcing of computation

Abstract: We propose a new cryptographic primitive called Delegatable Homomorphic Encryption (DHE). This allows a Trusted Authority to control/delegate the evaluation of circuits over encrypted data to untrusted workers/evaluators by issuing tokens. This primitive can be both seen as a public-key counterpart to Verifiable Computation, where input generation and output verification are performed by different entities, or as a generalisation of Fully Homomorphic Encryption enabling control over computations on encrypted data. Our primitive comes with a series of extra features: 1) there is a one-time setup procedure for all circuits; 2) senders do not need to be aware of the functions which will be evaluated on the encrypted data, nor do they need to register keys; 3) tokens are independent of senders and receiver; and 4) receivers are able to verify the correctness of computation given short auxiliary information on the input data and the function, independently of the complexity of the computed circuit. We give a modular construction of such a DHE scheme from three components: Fully Homomorphic Encryption (FHE), Functional Encryption (FE), and a (customised) MAC. As a stepping stone, we first define Verifiable Functional Encryption (VFE), and then show how one can build a secure DHE scheme from a VFE and an FHE scheme. We also show how to build the required VFE from a standard FE together with a MAC scheme. All our results hold in the standard model. Finally, we show how one can build a verifiable computation (VC) scheme generically from a DHE. As a corollary, we get the first VC scheme which remains verifiable even if the attacker can observe verification results.

Performance evaluation of Smart Grid data aggregation via homomorphic encryption

Abstract: Homomorphic encryption allows arithmetic operations to be performed on ciphertext and gives the same result as if the same arithmetic operation is done on the plaintext. Homomorphic encryption has been touted as one of the promising methods to be employed in Smart Grid (SG) to provide data privacy which is one of the main security concerns in SG. In addition to data privacy, real-time data flow is crucial in SG to provide on-time detection and recovery of possible failures. In this paper, we investigate the overhead of using homomorphic encryption in SG in terms of bandwidth and end-to-end data delay when providing data privacy. Specifically, we compare the latency and data size of end-to-end (ETE) and hop-by-hop (HBH) homomorphic encryption within a network of Smart Meters (SMs). In HBH encryption, at each intermediate node, the received encrypted data from downstream nodes are decrypted first before the aggregation, and then the result is encrypted again for transmission to upstream nodes. On the other hand, the intermediate node in ETE encryption only performs aggregation on ciphertexts for transmission to upstream nodes. We implemented secure data aggregation using Paillier cryptosystem and tested it under various conditions. The experiment results have shown that even though HBH homomorphic encryption has additional computational overhead at intermediate nodes, surprisingly it provides comparable latency and fixed data size passing through the network compared to ETE homomorphic encryption.

Verifiable quantum (k, n)-threshold secret sharing

Abstract: In a conventional quantum (k, n) threshold scheme, a trusted party shares a quantum secret with n agents such that any k or more agents can cooperate to recover the original secret, while fewer than k agents obtain no information about the secret. Is the reconstructed quantum secret same with the original one? Or is the dishonest agent willing to provide a true share during the secret reconstruction? In this paper we reexamine the security of quantum (k, n) threshold schemes and show how to construct a verifiable quantum (k, n) threshold scheme by combining a qubit authentication process. The novelty of ours is that it can provide a mechanism for checking whether the reconstructed quantum secret is same with the original one. This mechanism can also attain the goal of checking whether the dishonest agent provides a false quantum share during the secret reconstruction such that the secret quantum state cannot be recovered correctly.

An Efficient Homomorphic Encryption Protocol for Multi-User Systems.

Abstract: The homomorphic encryption problem has been an open one for three decades. Recently, Gentry has proposed a full solution. Subsequent works have made improvements on it. However, the time complexities of these algorithms are still too high for practical use. For example, Gentry’s homomorphic encryption scheme takes more than 900 seconds to add two 32 bit numbers, and more than 67000 seconds to multiply them. In this paper, we develop a non-circuit based symmetric-key homomorphic encryption scheme. It is proven that the security of our encryption scheme is equivalent to the large integer factorization problem, and it can withstand an attack with up to lnpoly chosen plaintexts for any predetermined , where is the security parameter. Multiplication, encryption, and decryption are almost linear in , and addition is linear in . Performance analyses show that our algorithm runs multiplication in 108 milliseconds and addition in a tenth of a millisecond for = 1024 and = 16. We further consider practical multiple-user data-centric applications. Existing homomorphic encryption schemes only consider one master key. To allow multiple users to retrieve data from a server, all users need to have the same key. In this paper, we propose to transform the master encryption key into different user keys and develop a protocol to support correct and secure communication between the users and the server using different user keys. In order to prevent collusion between some user and the server to derive the master key, one or more key agents can be added to mediate the interaction.

Multi-drive cooperation to generate an encryption key

Abstract: A system, method, and computer-readable storage medium for protecting a set of storage devices using a secret sharing scheme. The data of each storage device is encrypted with a key, and the key is encrypted based on a shared secret and a device-specific value. Each storage device stores a share and its encrypted key, and if a number of storage devices above a threshold are available, then the shared secret can be reconstructed from the shares and used to decrypt the encrypted keys. Otherwise, the secret cannot be reconstructed if less than the threshold number of storage devices are accessible, and then data on the storage devices will be unreadable.

Security limitations of using secret sharing for data outsourcing

Abstract: Three recently proposed schemes use secret sharing to support privacy-preserving data outsourcing. Each secret in the database is split into n shares, which are distributed to independent data servers. A trusted client can use any k shares to reconstruct the secret. These schemes claim to offer security even when k or more servers collude, as long as certain information such as the finite field prime is known only to the client. We present a concrete attack that refutes this claim by demonstrating that security is lost in all three schemes when k or more servers collude. Our attack runs on commodity hardware and recovers a 8192-bit prime and all secret values in less than an hour for k=8.

An efficient and secure data sharing framework using homomorphic encryption in the cloud

Abstract: Due to cost-efficiency and less hands-on management, data owners are outsourcing their data to the cloud which can provide access to the data as a service. However, by outsourcing their data to the cloud, the data owners lose control over their data as the cloud provider becomes a third party. At first, encrypting the data by the owner and then exporting it to the cloud seems to be a good approach. However, there is a potential efficiency problem with the outsourced encrypted data when the data owner revokes some of the users' access privileges. An existing solution to this problem is based on symmetric key encryption scheme and so it is not secure when a revoked user rejoins the system with different access privileges to the same data record. In this paper, we propose an efficient and Secure Data Sharing (SDS) framework using homomorphic encryption and proxy re-encryption schemes that prevents the leakage of unauthorized data when a revoked user rejoins the system. Our framework is secure under the security definition of Secure Multi-Party Computation (SMC) and also is a generic approach - any additive homomorphic encryption and proxy re-encryption schemes can be used as the underlying sub-routines. In addition, we also modify our underlying Secure Data Sharing (SDS) framework and present a new solution based on the data distribution technique to prevent the information leakage in the case of collusion between a user and the Cloud Service Provider.

Visual secret sharing for general access structures by random grids

Abstract: Visual secret sharing (VSS) is a way to protect a secret image among a group of participants by using the notions of perfect ciphers and secret sharing. However, each share generated by conventional VSS is m times as big as the original secret image, where m is called pixel expansion. Random grid (RG) is an alternative approach to implement VSS without pixel expansion. However, reported RG-based VSS methods are threshold schemes. In this study, RG-based VSS for general access structures is presented. Secret image is encoded into n RGs while qualified sets can recover the secret visually and forbidden sets cannot. The proposed scheme is a generalisation of the threshold methods, where those reported RG-based schemes can be considered as the special cases of the proposed scheme. Experimental results are provided, demonstrating the effectiveness and advantages of the proposed scheme.

Socio-Rational Secret Sharing as a New Direction in Rational Cryptography

Abstract: Rational secret sharing was proposed by Halpern and Teague in [8]. The authors show that, in a setting with rational players, secret sharing and multiparty computation are only possible if the actual secret reconstruction round remains unknown to the players. All the subsequent works use a similar approach with different assumptions.

Reducing the Quantum Communication Cost of Quantum Secret Sharing

Abstract: We demonstrate a new construction for perfect quantum secret sharing (QSS) schemes based on imperfect “ramp” secret sharing combined with classical encryption, in which the individual parties' shares are split into quantum and classical components, allowing the former to be of lower dimension than the secret itself. We show that such schemes can be performed with smaller quantum components and lower overall quantum communication than required for existing methods. We further demonstrate that one may combine both imperfect quantum and imperfect classical secret sharing to produce an overall perfect QSS scheme, and that examples of such schemes (which we construct) can have the smallest quantum and classical share components possible for their access structures, something provably not achievable using perfect underlying schemes. Our construction has significant potential for being adapted to other QSS schemes based on stabilizer codes.

Image Steganography based on a Parameterized Canny Edge Detection Algorithm

Abstract: is the science of hiding digital information in such a way that no one can suspect its existence. Unlike cryptography which may arouse suspicions, steganography is a stealthy method that enables data communication in total secrecy. Steganography has many requirements, the foremost one is irrecoverability which refers to how hard it is for someone apart from the original communicating parties to detect and recover the hidden data out of the secret communication. A good strategy to guaranteeirrecoverability is to cover the secret data not usinga trivial method based on a predictable algorithm, but using a specific random pattern based on a mathematical algorithm. This paper proposes an image steganography technique based on theCanny edge detection algorithm.It is designed to hide secret data into a digital image within the pixels that make up the boundaries of objects detected in the image. More specifically, bits of the secret data replace the three LSBs of every color channel of the pixels detected by the Canny edge detection algorithm as part of the edges in the carrier image. Besides, the algorithm is parameterized by three parameters: The size of the Gaussian filter, a low threshold value, and a high threshold value. These parameters can yield to different outputs for the same input image and secret data. As a result, discovering the inner- workings of the algorithm would be considerably ambiguous, misguiding steganalysts from the exact location of the covert data. Experiments showed a simulation tool codenamed GhostBit, meant to cover and uncover secret data using the proposed algorithm. As future work, examining how other image processing techniques such as brightness and contrast adjustment can be taken advantage of in steganography with the purpose ofgiving the communicating parties more preferences tomanipulate their secret communication.

A novel and efficient multiparty quantum secret sharing scheme using entangled states

Abstract: We proposed a novel and efficient multiparty quantum secret sharing scheme using entangled state which in that the number of parties can be arbitrary large. The state which we used, has special properties that make our scheme simple and safe. The operations which are needed to recover secret message, are only exclusive-or addition and complement operation. Moreover it is shown that this scheme is secure against eavesdropping. Also this scheme provides the best quantum bit efficiency compared with some famous quantum secret sharing schemes.