Description
Fully Homomorphic Encryption is a powerful cryptographic construction, enabling to securely compute all functions on encrypted data, and decrypt the result of the function applied on the real data.<br/> This construction allows to securely delegate computation, which is a very important property with the increasing of the Cloud computing. Many client-server applications are appearing, all needing the computation delegating property of FHE, with different notions of security and cost. The client-server frameworks usually considered a client with small storage and computation possibilities and a cloud powerful for both. The client wants to delegate his computation with small computation and communication cost, which directly leads to Symmetric Encryption. As the frameworks considerate two types of encryption, we study the links and differences between them. Efficiency and security are not studied the same way, on one hand a SE scheme is evaluated relatively to its practical speed, storage cost and concrete cryptanalysis. On the other hand FHE is more a theoretic construction, evaluated relatively to its security assumptions and homomorphic capacities. To combine these two approaches, we need to study the different costs and efficiency implications from one type to the other. Our approach is to consider a particular family of FHE and adapt a SE scheme to build a framework efficient relatively to both metrics. Part of the study is to analyze the previous symmetric constructions relatively to this framework, more specifically figure out the error growth implied in the homomorphic decryption of the SE scheme. As minimizing this factor is not linked with SE efficiency, we have to considerate all kinds of SE constructions and find the properties suitable for FHE. First, with block-cipher constructions we can focus on the number of iterations, on the circuit depth and on the chaining mode used. Then stream-cipher constructions allow to study the error growth depending on the number of outputted bits. Finally the existent constructions of both families are not optimized nor totally suitable for our framework, leading us to the next step. This study enables us to compare the different alternatives and to conclude on properties to conserve or discard. We select some properties of known SE schemes behaving well with the FHE scheme consideration and study their compatibilities. Choosing the good characteristics for the SE-FHE framework gives us the starting point for a future optimal design.
Next sessions
-
Polytopes in the Fiat-Shamir with Aborts Paradigm
Speaker : Hugo Beguinet - ENS Paris / Thales
The Fiat-Shamir with Aborts paradigm (FSwA) uses rejection sampling to remove a secret’s dependency on a given source distribution. Recent results revealed that unlike the uniform distribution in the hypercube, both the continuous Gaussian and the uniform distribution within the hypersphere minimise the rejection rate and the size of the proof of knowledge. However, in practice both these[…]-
Cryptography
-
Asymmetric primitive
-
Mode and protocol
-
-
Post-quantum Group-based Cryptography
Speaker : Delaram Kahrobaei - The City University of New York