Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages

Brakerski, Zvika; Vaikuntanathan, Vinod

doi:10.1007/978-3-642-22792-9_29

Cited by 765 publications

(592 citation statements)

References 34 publications

(67 reference statements)

Supporting

Mentioning

587

Contrasting

Unclassified

Order By: Relevance

“…In this paper, we continue the line of work of [LMSV12,ZPS12] to present key recovery attacks for the schemes [BV11b,BV11a,GSW13,Bra12]. Our attacks can also be applied to the SHE scheme in [BGV12].…”

Section: Our Contributionsmentioning

confidence: 80%

“…The SHE scheme from [BGV12] is closely related to the SHE schemes from [BV11a,BV11b]. This implies that the attacks from Section 5.2 and 4.2 can be directly applied against the SHE scheme from [BGV12].…”

Section: Key Recovery Attack Against the Bgv12 Schemementioning

confidence: 98%

“…In this section, we describe a key recovery attack against the symmetric-key SHE scheme from [BV11a]. The attack also applies to the asymmetric-key SHE scheme.…”

Section: Key Recovery Attack Against the Bv11a Schemementioning

confidence: 99%

“…Depending on which instantiation is chosen (either LWE or RLWE), we can apply one of the key recovery attacks against [BV11b,BV11a] to the basic GLWE-based encryption scheme. which is (w− < v, s L > modq) mod 2.…”

Section: Setup(λ)mentioning

confidence: 99%

See 3 more Smart Citations

On Key Recovery Attacks Against Existing Somewhat Homomorphic Encryption Schemes

Chenal

Tang

2015

Progress in Cryptology - LATINCRYPT 2014

View full text Add to dashboard Cite

In this paper, we continue this line of research and show that most existing somewhat homomorphic encryption schemes are not IND-CCA1 secure. In fact, we show that these schemes suffer from key recovery attacks (stronger than a typical IND-CCA1 attack), which allow an adversary to recover the private keys through a number of decryption oracle queries. The schemes, that we study in detail, include those by Brakerski and Vaikuntanathan at Crypto 2011 and FOCS 2011, and that by Gentry, Sahai and Waters at Crypto 2013. We also develop a key recovery attack that applies to the somewhat homomorphic encryption scheme by van Dijk et al., and our attack is more efficient and conceptually simpler than the one developed by Zhang et al.. Our key recovery attacks also apply to the scheme by Brakerski, Gentry and Vaikuntanathan at ITCS 2012, and we also describe a key recovery attack for the scheme developed by Brakerski at Crypto 2012.

show abstract

Section: Our Contributionsmentioning

confidence: 80%

Section: Key Recovery Attack Against the Bgv12 Schemementioning

confidence: 98%

“…In this section, we describe a key recovery attack against the symmetric-key SHE scheme from [BV11a]. The attack also applies to the asymmetric-key SHE scheme.…”

Section: Key Recovery Attack Against the Bv11a Schemementioning

confidence: 99%

Section: Setup(λ)mentioning

confidence: 99%

See 2 more Smart Citations

On Key Recovery Attacks Against Existing Somewhat Homomorphic Encryption Schemes

Chenal

Tang

2015

Progress in Cryptology - LATINCRYPT 2014

View full text Add to dashboard Cite

show abstract

“…Starting with Gentry's mathematical breakthrough constructing the first plausible FHE scheme [22], [23], we have seen rapid development in the theory and implementation of homomorphic encryption (HE) schemes. HE schemes can now be based on a variety of cryptographic assumptions -approximate greatest common divisors [16], [18], learning with errors (LWE) [9], [10], [12], [25], and Ring-LWE (RLWE) [11], [24], [32].…”

Section: Introductionmentioning

confidence: 99%

SHIELD: Scalable Homomorphic Implementation of Encrypted Data-Classifiers

Khedr

Gulak

Vaikuntanathan

2016

IEEE Trans. Comput.

Self Cite

View full text Add to dashboard Cite

Abstract-Homomorphic encryption (HE) systems enable computations on encrypted data, without decrypting and without knowledge of the secret key. In this work, we describe an optimized Ring Learning With Errors (RLWE) based implementation of a variant of the HE system recently proposed by Gentry, Sahai and Waters (GSW). Although this system was widely believed to be less efficient than its contemporaries, we demonstrate quite the opposite behavior for a large class of applications. We first highlight and carefully exploit the algebraic features of the system to achieve significant speedup over the state-of-the-art HE implementation, namely the IBM homomorphic encryption library (HElib). We introduce several optimizations on top of our HE implementation, and use the resulting scheme to construct a homomorphic Bayesian spam filter, secure multiple keyword search, and a homomorphic evaluator for binary decision trees. Our results show a factor of 10× improvement in performance (under the same security settings and CPU platforms) compared to IBM HElib for these applications. Our system is built to be easily portable to GPUs (unlike IBM HElib) which results in an additional speedup of up to a factor of 103.5× to offer an overall speedup of 1035×.

show abstract

Cryptography for big data environments: Current status, challenges, and opportunities

Rabanal

Martı́nez

2020

Comp and Math Methods

View full text Add to dashboard Cite

Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages

Cited by 765 publications

References 34 publications

On Key Recovery Attacks Against Existing Somewhat Homomorphic Encryption Schemes

On Key Recovery Attacks Against Existing Somewhat Homomorphic Encryption Schemes

SHIELD: Scalable Homomorphic Implementation of Encrypted Data-Classifiers

Cryptography for big data environments: Current status, challenges, and opportunities

Contact Info

Product

Resources

About