Skip to main content
SpringerLink
Log in

Bootstrapping Fully Homomorphic Encryption with Ring Plaintexts Within Polynomial Noise

  • Conference paper
  • First Online:
Provable Security (ProvSec 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10592))

Included in the following conference series:

Abstract

Despite a great deal of progress in resent years, efficiency of fully homomorphic encryption (FHE) is still a major concern. Specifically, the bootstrapping procedure is the most costly part of a FHE scheme. FHE schemes with ring element plaintexts, such as the ring-LWE based BGV scheme, are the most efficient ones, since they can not only encrypt a ring element instead of a single bit in one ciphertext, but also support CRT-based ciphertext packing techniques. Thanks to homomorphic operations in a SIMD fashion (Single Instruction Multiple Data), the ring-LWE BGV scheme can achieve a nearly optimal homomorphic evaluation. However, the BGV scheme, as implemented in HElib, can only bootstrap within super-polynomial noise so far. Note that such a noise rate for a ring-LWE based scheme is less safe and more costly, because one has to choose larger dimensions to ensure security. On the other hand, existing polynomial noise bootstrapping techniques can only be applied to FHE schemes with bit plaintexts. In this paper, we provide a polynomial noise bootstrapping method for the BGV scheme with ring plaintexts. Specifically, our bootstrapping method allows users to choose any plaintext modulus \(p>1\) and any modulus polynomial \(\varPhi (X)\) for the BGV scheme. Our bootstrapping method incurs only polynomial error \(O(n^3)\cdot B\) for lattice dimension n and noise bound B comparing to \((B\cdot poly(n))^{\tilde{O}(\log (n))}\) for previous best methods. Concretely, to achieve 70 bit security, the dimension of the lattice that we use is no more than \(2^{12}\), while previous methods in HElib need about \(2^{14}\) to \(2^{16}\).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    We notice that in the original paper of the BGV FHE scheme (also, the GSW FHE scheme later on), the authors did provide methods for bootstrapping their SWHE scheme. For convenience, in this paper we call the BGV scheme (GSW scheme) when we refer to the SWHE scheme in their original paper.

  2. 2.

    Actually, we can set \(Q=\kappa ^{\tau }\) for some integer \(\tau \) and small integer \(\kappa \) which is coprime with p. The choice of \(\kappa \) causes a compromise between noise accumulation and efficiency.

  3. 3.

    Actually, the distribution of z is different with that in BGV scheme, but this do not influence the key switching algorithm.

  4. 4.

    Without loss of generality, one can always use modulus switching to gain level-0 BGV ciphertexts before bootstrapping. So for simplicity, we write \(q_l\) as q and omit all the level tag l.

References

  1. Albrecht, M.R.: On dual lattice attacks against small-secret LWE and parameter choices in HElib and SEAL. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 103–129. Springer, Cham (2017). doi:10.1007/978-3-319-56614-6_4

    Chapter  Google Scholar 

  2. Albrecht, M.R., Player, R., Scott, S.: On the concrete hardness of learning with errors. J. Math. Cryptol. 9(3), 169–203 (2015). http://www.degruyter.com/view/j/jmc.2015.9.issue-3/jmc-2015-0016/jmc-2015-0016.xml

    Article  MathSciNet  MATH  Google Scholar 

  3. Alperin-Sheriff, J., Peikert, C.: Practical bootstrapping in quasilinear time. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 1–20. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40041-4_1

    Chapter  Google Scholar 

  4. Alperin-Sheriff, J., Peikert, C.: Faster bootstrapping with polynomial error. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 297–314. Springer, Heidelberg (2014). doi:10.1007/978-3-662-44371-2_17

    Chapter  Google Scholar 

  5. Brakerski, Z.: Fully homomorphic encryption without modulus switching from classical GapSVP. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 868–886. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32009-5_50

    Chapter  Google Scholar 

  6. Brakerski, Z., Gentry, C., Halevi, S.: Packed ciphertexts in LWE-based homomorphic encryption. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 1–13. Springer, Heidelberg (2013). doi:10.1007/978-3-642-36362-7_1

    Chapter  Google Scholar 

  7. Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (Leveled) fully homomorphic encryption without bootstrapping. In: Proceedings of the 3rd Innovations in Theoretical Computer Science Conference, pp. 309–325. ACM (2012)

    Google Scholar 

  8. Brakerski, Z., Vaikuntanathan, V.: Efficient fully homomorphic encryption from (standard) LWE. In: Annual Symposium on Foundations of Computer Science, 2011(2), pp. 97–106 (2011)

    Google Scholar 

  9. Brakerski, Z., Vaikuntanathan, V.: Fully homomorphic encryption from ring-LWE and security for key dependent messages. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 505–524. Springer, Heidelberg (2011). doi:10.1007/978-3-642-22792-9_29

    Chapter  Google Scholar 

  10. Brakerski, Z., Vaikuntanathan, V.: Lattice-based FHE as secure as PKE. In: Proceedings of the 5th Conference on Innovations in Theoretical Computer Science, pp. 1–12. ACM (2014)

    Google Scholar 

  11. Chen, H., Lauter, K.E., Stange, K.E.: Attacks on search RLWE. IACR Cryptology ePrint Archive 2015, 971 (2015). http://eprint.iacr.org/2015/971

  12. Chen, H., Lauter, K.E., Stange, K.E.: Vulnerable galois RLWE families and improved attacks. IACR Cryptology ePrint Archive 2016, 193 (2016). http://eprint.iacr.org/2016/193

  13. Chen, Y., Nguyen, P.Q.: BKZ 2.0: better lattice security estimates. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 1–20. Springer, Heidelberg (2011). doi:10.1007/978-3-642-25385-0_1

    Chapter  Google Scholar 

  14. Cheon, J.H., Coron, J.-S., Kim, J., Lee, M.S., Lepoint, T., Tibouchi, M., Yun, A.: Batch fully homomorphic encryption over the integers. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 315–335. Springer, Heidelberg (2013). doi:10.1007/978-3-642-38348-9_20

    Chapter  Google Scholar 

  15. Chillotti, I., Gama, N., Georgieva, M., Izabachène, M.: Faster fully homomorphic encryption: Bootstrapping in less than 0.1 seconds. In: Advances in Cryptology - ASIACRYPT 2016–22nd International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam, December 4–8, 2016, Proceedings, Part I, pp. 3–33 (2016). https://doi.org/10.1007/978-3-662-53887-6_1

  16. Chillotti, I., Gama, N., Georgieva, M., Izabachène, M.: Improving TFHE: faster packed homomorphic operations and efficient circuit bootstrapping. IACR Cryptology ePrint Archive 2017, 430 (2017). http://eprint.iacr.org/2017/430

  17. Coron, J.-S., Mandal, A., Naccache, D., Tibouchi, M.: Fully homomorphic encryption over the integers with shorter public keys. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 487–504. Springer, Heidelberg (2011). doi:10.1007/978-3-642-22792-9_28

    Chapter  Google Scholar 

  18. Coron, J.-S., Naccache, D., Tibouchi, M.: Public key compression and modulus switching for fully homomorphic encryption over the integers. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 446–464. Springer, Heidelberg (2012). doi:10.1007/978-3-642-29011-4_27

    Chapter  Google Scholar 

  19. Crockett, E., Peikert, C.: \(\Lambda \) \(o\) \(\lambda \): Functional lattice cryptography. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016, pp. 993–1005 (2016). http://doi.acm.org/10.1145/2976749.2978402

  20. Damgård, I., Pastro, V., Smart, N., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 643–662. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32009-5_38

    Chapter  Google Scholar 

  21. Doröz, Y., Hu, Y., Sunar, B.: Homomorphic AES evaluation using the modified scheme. Des. Codes Crypt. 80(2), 333–358 (2016). http://dx.doi.org/10.1007/s10623-015-0095-1

    Article  MathSciNet  MATH  Google Scholar 

  22. Ducas, L., Micciancio, D.: FHEW: bootstrapping homomorphic encryption in less than a second. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 617–640. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46800-5_24

    Google Scholar 

  23. Eisenträger, K., Hallgren, S., Lauter, K.: Weak instances of PLWE. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 183–194. Springer, Cham (2014). doi:10.1007/978-3-319-13051-4_11

    Chapter  Google Scholar 

  24. Elias, Y., Lauter, K.E., Ozman, E., Stange, K.E.: Provably weak instances of Ring-LWE. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 63–92. Springer, Heidelberg (2015). doi:10.1007/978-3-662-47989-6_4

    Chapter  Google Scholar 

  25. Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC, vol. 9, pp. 169–178 (2009)

    Google Scholar 

  26. Gentry, C., Halevi, S., Peikert, C., Smart, N.P.: Field switching in BGV-style homomorphic encryption. J. Comput. Secur. 21(5), 663–684 (2013)

    Article  MATH  Google Scholar 

  27. Gentry, C., Halevi, S., Smart, N.P.: Better bootstrapping in fully homomorphic encryption. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 1–16. Springer, Heidelberg (2012). doi:10.1007/978-3-642-30057-8_1

    Chapter  Google Scholar 

  28. Gentry, C., Halevi, S., Smart, N.P.: Fully homomorphic encryption with polylog overhead. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 465–482. Springer, Heidelberg (2012). doi:10.1007/978-3-642-29011-4_28

    Chapter  Google Scholar 

  29. Gentry, C., Halevi, S., Smart, N.P.: Homomorphic evaluation of the AES circuit. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 850–867. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32009-5_49

    Chapter  Google Scholar 

  30. Gentry, C., Sahai, A., Waters, B.: Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 75–92. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40041-4_5

    Chapter  Google Scholar 

  31. Halevi, S., Shoup, V.: Algorithms in HElib. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 554–571. Springer, Heidelberg (2014). doi:10.1007/978-3-662-44371-2_31

    Chapter  Google Scholar 

  32. Halevi, S., Shoup, V.: Bootstrapping for HElib. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 641–670. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46800-5_25

    Google Scholar 

  33. Hiromasa, R., Abe, M., Okamoto, T.: Packing messages and optimizing bootstrapping in GSW-FHE. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 699–715. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46447-2_31

    Google Scholar 

  34. Lin, D.: Introduction to Algebra and Finite Fields. Higher Education Press, Beijing (2006)

    Google Scholar 

  35. Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. J. ACM (JACM) 60(6), 43 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  36. Lyubashevsky, V., Peikert, C., Regev, O.: A toolkit for ring-LWE cryptography. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 35–54. Springer, Heidelberg (2013). doi:10.1007/978-3-642-38348-9_3

    Chapter  Google Scholar 

  37. Orsini, E., van de Pol, J., Smart, N.P.: Bootstrapping BGV Ciphertexts with a Wider Choice of \(p\) and \(q\). In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 673–698. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46447-2_30

    Google Scholar 

  38. van de Pol, J., Smart, N.P.: Estimating key sizes for high dimensional lattice-based systems. In: Stam, M. (ed.) IMACC 2013. LNCS, vol. 8308, pp. 290–303. Springer, Heidelberg (2013). doi:10.1007/978-3-642-45239-0_17

    Chapter  Google Scholar 

  39. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM (JACM) 56(6), 34 (2009)

    Article  MathSciNet  MATH  Google Scholar 

  40. Smart, N.P., Vercauteren, F.: Fully homomorphic encryption with relatively small key and ciphertext sizes. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 420–443. Springer, Heidelberg (2010). doi:10.1007/978-3-642-13013-7_25

    Chapter  Google Scholar 

  41. Smart, N.P., Vercauteren, F.: Fully homomorphic SIMD operations. Des. Codes Crypt. 71(1), 57–81 (2014)

    Article  MATH  Google Scholar 

  42. van Dijk, M., Gentry, C., Halevi, S., Vaikuntanathan, V.: Fully homomorphic encryption over the integers. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 24–43. Springer, Heidelberg (2010). doi:10.1007/978-3-642-13190-5_2

    Chapter  Google Scholar 

Download references

Acknowledgements

We would like to thank the anonymous reviewers for their valuable comments. The work is supported by the National Natural Science Foundation of China (No.U1536205), the National Key Research and Development Program of China (No.2017YFB0802005,2017YFB0802504) and the National Basic Research Program of China (No.2013CB338003).

Author information

Authors and Affiliations

  1. Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing, China

    Long Chen & Zhenfeng Zhang

  2. University of Chinese Academy of Sciences, Beijing, China

    Long Chen & Zhenfeng Zhang

Authors
  1. Long Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhenfeng Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhenfeng Zhang .

Editor information

Editors and Affiliations

  1. NTT Laboratories, Tokyo, Japan

    Tatsuaki Okamoto

  2. Shaanxi Normal University, Xi’an, China

    Yong Yu

  3. Hong Kong Polytechnic University, Hong Kong, China

    Man Ho Au

  4. University of Wollongong, Wollongong, New South Wales, Australia

    Yannan Li

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Chen, L., Zhang, Z. (2017). Bootstrapping Fully Homomorphic Encryption with Ring Plaintexts Within Polynomial Noise. In: Okamoto, T., Yu, Y., Au, M., Li, Y. (eds) Provable Security. ProvSec 2017. Lecture Notes in Computer Science(), vol 10592. Springer, Cham. https://doi.org/10.1007/978-3-319-68637-0_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-68637-0_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-68636-3

  • Online ISBN: 978-3-319-68637-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation