research-article

(Leveled) fully homomorphic encryption without bootstrapping

Authors:

Zvika Brakerski,

Craig Gentry,

Vinod VaikuntanathanAuthors Info & Claims

ITCS '12: Proceedings of the 3rd Innovations in Theoretical Computer Science Conference

Pages 309 - 325

https://doi.org/10.1145/2090236.2090262

Published: 08 January 2012 Publication History

Get Access

Abstract

We present a novel approach to fully homomorphic encryption (FHE) that dramatically improves performance and bases security on weaker assumptions. A central conceptual contribution in our work is a new way of constructing leveled fully homomorphic encryption schemes (capable of evaluating arbitrary polynomial-size circuits), without Gentry's bootstrapping procedure.

Specifically, we offer a choice of FHE schemes based on the learning with error (LWE) or ring-LWE (RLWE) problems that have 2^λ security against known attacks. For RLWE, we have:

• A leveled FHE scheme that can evaluate L-level arithmetic circuits with Õ(λ · L³) per-gate computation -- i.e., computation quasi-linear in the security parameter. Security is based on RLWE for an approximation factor exponential in L. This construction does not use the bootstrapping procedure.

• A leveled FHE scheme that uses bootstrapping as an optimization, where the per-gate computation (which includes the bootstrapping procedure) is Õ(λ²), independent of L. Security is based on the hardness of RLWE for quasi-polynomial factors (as opposed to the sub-exponential factors needed in previous schemes).

We obtain similar results to the above for LWE, but with worse performance.

Based on the Ring LWE assumption, we introduce a number of further optimizations to our schemes. As an example, for circuits of large width -- e.g., where a constant fraction of levels have width at least λ -- we can reduce the per-gate computation of the bootstrapped version to Õ(λ), independent of L, by batching the bootstrapping operation. Previous FHE schemes all required Ω(λ^3.5) computation per gate.

At the core of our construction is a much more effective approach for managing the noise level of lattice-based ciphertexts as homomorphic operations are performed, using some new techniques recently introduced by Brakerski and Vaikuntanathan (FOCS 2011).

References

[1]

Benny Applebaum, David Cash, Chris Peikert, and Amit Sahai. Fast cryptographic primitives and circular-secure encryption based on hard learning problems. In CRYPTO, volume 5677 of Lecture Notes in Computer Science, pages 595--618. Springer, 2009.

Abstract

References

Cited By

Index Terms

Recommendations

(Leveled) Fully Homomorphic Encryption without Bootstrapping

Fully Homomorphic Encryption Beyond IND-CCA1 Security: Integrity Through Verifiability

Fully Homomorphic Encryption with Auxiliary Inputs

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations