Highlights d Fast homomorphic encryption enables secure and practical genotype imputations d Secure methods require comparable resources as nonsecure methods d Accuracy of secure methods can be improved using population specific panels
The dual attack is one of the most efficient attack algorithms for learning with errors (LWE) problem. Recently, an efficient variant of the dual attack for sparse and small secret LWE was reported by Albrecht (Eurocrypt 2017), which forces some LWE-based cryptosystems, especially fully homomorphic encryptions (FHE), to change parameters. In this paper, we propose a new hybrid of dual and meet-in-themiddle (MITM) attack, which outperforms the improved variant on the same LWE parameter regime. To this end, we adapt the MITM attack for NTRU due to Odlyzko to LWE and give a rigorous analysis for it. The performance of our MITM attack depends on the relative size of error and modulus, and hence, for a large modulus LWE samples, our MITM attack works well for quite large error. We then combine our MITM attack with Albrecht's observation that understands the dual attack as a dimension-error tradeoff, which finally yields our hybrid attack. We also implement a sage module that estimates the attack complexity of our algorithm upon LWE-estimator, and our attack shows significant performance improvement for the LWE parameter for FHE. For example, for the LWE problem with dimension n = 2 15 , modulus q = 2 628 , and ternary secret key with Hamming weight 64 which is one parameter set used for HEAAN bootstrapping (Eurocrypt 2018), our attack takes 2 112.5 operations and 2 70.6 bit memory, while the previous best attack requires 2 127.2 operations as reported by the LWE-estimator. INDEX TERMS Cryptanalysis, fully homomorphic encryption, learning with errors, meet-in-the-middle.
Background: One of three tasks in a secure genome analysis competition called iDASH 2018 was to develop a solution for privacy-preserving GWAS computation based on homomorphic encryption. The scenario is that a data holder encrypts a number of individual records, each of which consists of several phenotype and genotype data, and provide the encrypted data to an untrusted server. Then, the server performs a GWAS algorithm based on homomorphic encryption without the decryption key and outputs the result in encrypted state so that there is no information leakage on the sensitive data to the server. Methods: We develop a privacy-preserving semi-parallel GWAS algorithm by applying an approximate homomorphic encryption scheme HEAAN. Fisher scoring and semi-parallel GWAS algorithms are modified to be efficiently computed over homomorphically encrypted data with several optimization methodologies; substitute matrix inversion by an adjoint matrix, avoid computing a superfluous matrix of super-large size, and transform the algorithm into an approximate version. Results: Our modified semi-parallel GWAS algorithm based on homomorphic encryption which achieves 128-bit security takes 30-40 minutes for 245 samples containing 10,000-15,000 SNPs. Compared to the true p-value from the original semi-parallel GWAS algorithm, the F 1 score of our p-value result is over 0.99. Conclusions: Privacy-preserving semi-parallel GWAS computation can be efficiently done based on homomorphic encryption with sufficiently high accuracy compared to the semi-parallel GWAS computation in unencrypted state.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.