[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/3474366.3486924acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

Bootstrapping in FHEW-like Cryptosystems

Published: 15 November 2021 Publication History

Abstract

FHEW and TFHE are fully homomorphic encryption (FHE) cryptosystems that can evaluate arbitrary Boolean circuits on encrypted data by bootstrapping after each gate evaluation. The FHEW cryptosystem was originally designed based on standard (Ring, circular secure) LWE assumptions, and its initial implementation was able to run bootstrapping in less than 1 second. The TFHE cryptosystem used somewhat stronger assumptions, such as (Ring, circular secure) LWE over the torus with binary secret distribution, and applied several other optimizations to reduce the bootstrapping runtime to less than 0.1 second. Up to now, the gap between the underlying security assumptions prevented a fair comparison of the cryptosystems for the same security settings.
We present a unified framework that includes the original and extended variants of both FHEW and TFHE cryptosystems, and implement it in the open-source PALISADE lattice cryptography library using modular arithmetic. Our analysis shows that the main distinction between the cryptosystems is the bootstrapping procedure used: Alperin-Sherif--Peikert (AP) for FHEW vs. Gama--Izabachene--Nguyen--Xie (GINX) for TFHE. All other algorithmic optimizations in TFHE equally apply to both cryptosystems. The GINX bootstrapping method makes essential the use of binary secrets, and cannot be directly applied to other secret distributions. In the process of comparing the two schemes, we present a simple, lightweight method to extend GINX bootstrapping (e.g., as employed by TFHE) to ternary uniform and Gaussian secret distributions, which are included in the HE community security standard. Our comparison of the AP and GINX bootstrapping methods for different secret distributions suggests that the TFHE/GINX cryptosystem provides better performance for binary and ternary secrets while FHEW/AP is faster for Gaussian secrets. We make a recommendation to consider the variants of FHEW and TFHE cryptosystems based on ternary and Gaussian secrets for standardization by the HE community.

References

[1]
2020. PALISADE Lattice Cryptography Library (release 1.10.3). https://palisade- crypto.org/.
[2]
Martin Albrecht, Melissa Chase, Hao Chen, and et al. 2018. Homomorphic Encryp- tion Security Standard. Technical Report. Homomorphic Encryption.org, Toronto, Canada.
[3]
Martin Albrecht, Samuel Scott, and Rachel Player. 2015. On the concrete hardness of Learning with Errors. Journal of Mathematical Cryptology 9, 3 (10 2015), 169--203. https://doi.org/10.1515/jmc-2015-0016
[4]
Jacob Alperin-Sheriff and Chris Peikert. 2014. Faster Bootstrapping with Polyno- mial Error. In CRYPTO 2014 (Lecture Notes in Computer Science, Vol. 8616). 297--314. https://doi.org/10.1007/978-3-662-44371-2_17
[5]
Sebastian Angel, Hao Chen, Kim Laine, and Srinath T. V. Setty. 2018. PIR with Compressed Queries and Amortized Query Processing. In 2018 IEEE Symposium on Security and Privacy. 962--979. https://doi.org/10.1109/SP.2018.00062
[6]
Jean-François Biasse and Luis Ruiz. 2015. FHEW with Efficient Multibit Boot- strapping. In LATINCRYPT 2015 (Lecture Notes in Computer Science, Vol. 9230). 119--135. https://doi.org/10.1007/978-3-319-22174-8_7
[7]
Marcelo Blatt, Alexander Gusev, Yuriy Polyakov, and Shafi Goldwasser. 2020. Secure large-scale genome-wide association studies using homomorphic encryp- tion. Proceedings of the National Academy of Sciences 117, 21 (2020), 11608--11613. https://doi.org/10.1073/pnas.1918257117
[8]
Guillaume Bonnoron, Léo Ducas, and Max Fillinger. 2018. Large FHE Gates from Tensored Homomorphic Accumulator. In AFRICACRYPT 2018 (Lecture Notes in Computer Science, Vol. 10831). 217--251.
[9]
Zvika Brakerski, Craig Gentry, and Vinod Vaikuntanathan. 2014. (Leveled) Fully Homomorphic Encryption without Bootstrapping. TOCT 6, 3 (2014), 13:1--13:36.
[10]
Zvika Brakerski and Vinod Vaikuntanathan. 2014. Lattice-based FHE as secure as PKE. In ITCS'14. 1--12. https://doi.org/10.1145/2554797.2554799
[11]
Hao Chen, Kim Laine, and Peter Rindal. 2017. Fast Private Set Intersection from Homomorphic Encryption. In CCS 2017. ACM, 1243--1255.
[12]
Jung Hee Cheon, Andrey Kim, Miran Kim, and Yong Soo Song. 2017. Homomorphic Encryption for Arithmetic of Approximate Numbers. In ASIACRYPT (1) (Lecture Notes in Computer Science, Vol. 10624). Springer, 409--437.
[13]
Ilaria Chillotti, Nicolas Gama, Mariya Georgieva, and Malika Izabachène. 2016. Faster Fully Homomorphic Encryption: Bootstrapping in Less Than 0.1 Seconds. In ASIACRYPT (1) (Lecture Notes in Computer Science, Vol. 10031). 3--33.
[14]
Ilaria Chillotti, Nicolas Gama, Mariya Georgieva, and Malika Izabachène. 2017. Faster Packed Homomorphic Operations and Efficient Circuit Bootstrapping for TFHE. In ASIACRYPT 2017 (Lecture Notes in Computer Science, Vol. 10624). 377--408. https://doi.org/10.1007/978-3-319-70694-8_14
[15]
Ilaria Chillotti, Nicolas Gama, Mariya Georgieva, and Malika Izabachène. August 2016. TFHE: Fast Fully Homomorphic Encryption Library. https://tfhe.github.io/tfhe/.
[16]
Ilaria Chillotti, Nicolas Gama, Mariya Georgieva, and Malika Izabachène. 2020. TFHE: Fast Fully Homomorphic Encryption Over the Torus. Journal of Cryptology 33 (2020), 34--91. https://doi.org/10.1007/s00145-019-09319-x
[17]
Benjamin R. Curtis and Rachel Player. 2019. On the Feasibility and Impact of Standardising Sparse-Secret LWE Parameter Sets for Homomorphic Encryption. In WAHC'19. 1--10. https://doi.org/10.1145/3338469.3358940
[18]
Léo Ducas and Daniele Micciancio. 2015. FHEW: Bootstrapping Homomorphic Encryption in Less Than a Second. In EUROCRYPT (1) (Lecture Notes in Computer Science, Vol. 9056). Springer, 617--640.
[19]
Leo Ducas and Daniele Micciancio. May 2017. FHEW: A Fully Homomorphic Encryption library. https://github.com/lducas/FHEW.
[20]
Thomas Espitau, Antoine Joux, and Natalia Kharchenko. 2020. On a hybrid approach to solve binary-LWE. Cryptology ePrint Archive, Report 2020/515.
[21]
Junfeng Fan and Frederik Vercauteren. 2012. Somewhat Practical Fully Homomorphic Encryption. IACR Cryptology ePrint Archive 2012 (2012), 144.
[22]
Nicolas Gama, Malika Izabachène, Phong Q. Nguyen, and Xiang Xie. 2016. Structural Lattice Reduction: Generalized Worst-Case to Average-Case Reductions and Homomorphic Cryptosystems. In EUROCRYPT 2016 (Lecture Notes in Computer Science, Vol. 9666). 528--558. https://doi.org/10.1007/978-3-662-49896-5_19
[23]
Craig Gentry. 2009. Fully homomorphic encryption using ideal lattices. In STOC. ACM, 169--178.
[24]
Craig Gentry, Shai Halevi, and Nigel P. Smart. 2012. Fully Homomorphic Encryp- tion with Polylog Overhead. In EUROCRYPT (Lecture Notes in Computer Science, Vol. 7237). Springer, 465--482.
[25]
Craig Gentry, Amit Sahai, and Brent Waters. 2013. Homomorphic Encryp- tion from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based. In CRYPTO (1) (Lecture Notes in Computer Science, Vol. 8042). Springer, 75--92.
[26]
Shai Halevi and Victor Shoup. 2013. Design and Implementation of a Homomorphic-Encryption Library. https://shaih.github.io/pubs/he-library.pdf.
[27]
Shai Halevi and Victor Shoup. 2015. Bootstrapping for HElib. In EUROCRYPT 2015 (Lecture Notes in Computer Science, Vol. 9056). 641--670.
[28]
Kyoohyung Han, Seungwan Hong, Jung Hee Cheon, and Daejun Park. 2019. Logistic Regression on Homomorphic Encrypted Data at Scale. In AAAI 2019. 9466--9471. https://doi.org/10.1609/aaai.v33i01.33019466
[29]
Vadim Lyubashevsky, Chris Peikert, and Oded Regev. 2013. On Ideal Lattices and Learning with Errors over Rings. J. ACM 60, 6 (2013), 43:1--43:35. https: //doi.org/10.1145/2535925
[30]
Daniele Micciancio. 2018. On the Hardness of Learning With Errors with Binary Secrets. Theory Comput. 14, 1 (2018), 1--17.
[31]
Daniele Micciancio. 2019. Fully Homomorphic Encryption from the ground up. (2019). https://youtu.be/TySXpV86958x Invited Talk, Eurocrypt 2019.
[32]
Daniele Micciancio and Chris Peikert. 2013. Hardness of SIS and LWE with Small Parameters. In CRYPTO (1) (Lecture Notes in Computer Science, Vol. 8042). 21--39.
[33]
Daniele Micciancio and Jessica Sorrell. 2018. Ring Packing and Amortized FHEW Bootstrapping. In ICALP 2018 (LIPIcs, Vol. 107). 100:1--100:14.
[34]
Oded Regev. 2009. On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56, 6 (2009), 34:1--34:40.
[35]
SEAL 2020. Microsoft SEAL (release 3.5). https://github.com/Microsoft/SEAL. Microsoft Research, Redmond, WA.
[36]
Nigel P. Smart and Frederik Vercauteren. 2014. Fully homomorphic SIMD operations. Des. Codes Cryptogr. 71, 1 (2014), 57--81.
[37]
Yongha Son and Jung Hee Cheon. 2019. Revisiting the Hybrid Attack on Sparse Secret LWE and Application to HE Parameters. In WAHC'19. 11--20

Cited By

View all
  • (2024)Non-interactive Private Multivariate Function Evaluation using Homomorphic Table LookupIACR Communications in Cryptology10.62056/andkmp-3yOnline publication date: 7-Oct-2024
  • (2024)LMKCDEY Revisited: Speeding Up Blind Rotation with Signed Evaluation KeysMathematics10.3390/math1218290912:18(2909)Online publication date: 18-Sep-2024
  • (2024)Privacy Preserving Function Evaluation Using Lookup Tables with Word-Wise FHEIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences10.1587/transfun.2023EAP1114E107.A:8(1163-1177)Online publication date: 1-Aug-2024
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences
WAHC '21: Proceedings of the 9th on Workshop on Encrypted Computing & Applied Homomorphic Cryptography
November 2021
75 pages
ISBN:9781450386562
DOI:10.1145/3474366
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 November 2021

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. bootstrapping
  2. fhew
  3. fully homomorphic encryption
  4. software implementation
  5. tfhe

Qualifiers

  • Research-article

Conference

CCS '21
Sponsor:

Acceptance Rates

Overall Acceptance Rate 6 of 17 submissions, 35%

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)110
  • Downloads (Last 6 weeks)11
Reflects downloads up to 01 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2024)Non-interactive Private Multivariate Function Evaluation using Homomorphic Table LookupIACR Communications in Cryptology10.62056/andkmp-3yOnline publication date: 7-Oct-2024
  • (2024)LMKCDEY Revisited: Speeding Up Blind Rotation with Signed Evaluation KeysMathematics10.3390/math1218290912:18(2909)Online publication date: 18-Sep-2024
  • (2024)Privacy Preserving Function Evaluation Using Lookup Tables with Word-Wise FHEIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences10.1587/transfun.2023EAP1114E107.A:8(1163-1177)Online publication date: 1-Aug-2024
  • (2024)Efficient Homomorphic Evaluation of Arbitrary Uni/Bivariate Integer Functions and Their ApplicationsIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences10.1587/transfun.2023CIP0010E107.A:3(234-247)Online publication date: 1-Mar-2024
  • (2024)Efficient FHE-based Privacy-Enhanced Neural Network for Trustworthy AI-as-a-ServiceIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.3353536(1-18)Online publication date: 2024
  • (2024)General Bootstrapping Approach for RLWE-Based Homomorphic EncryptionIEEE Transactions on Computers10.1109/TC.2023.331840573:1(86-96)Online publication date: 1-Jan-2024
  • (2024)Platform Design for Privacy-Preserving Federated Learning using Homomorphic Encryption : Wild-and-Crazy-Idea Paper2024 Forum on Specification & Design Languages (FDL)10.1109/FDL63219.2024.10673864(1-5)Online publication date: 4-Sep-2024
  • (2024)Overflow-Detectable Floating-Point Fully Homomorphic EncryptionIEEE Access10.1109/ACCESS.2024.335173812(6160-6180)Online publication date: 2024
  • (2024)Integrating fully homomorphic encryption to enhance the security of blockchain applicationsFuture Generation Computer Systems10.1016/j.future.2024.07.015161(467-477)Online publication date: Dec-2024
  • (2024)F-FHEW: High-Precision Approximate Homomorphic Encryption with Batch BootstrappingInformation Security and Privacy10.1007/978-981-97-5025-2_7(121-140)Online publication date: 16-Jul-2024
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media