TFHE: Fast Fully Homomorphic Encryption Over the Torus

This work describes a fast fully homomorphic encryption scheme over the torus (TFHE) that revisits, generalizes and improves the fully homomorphic encryption (FHE) based on GSW and its ring variants. The simplest FHE schemes consist in bootstrapped binary gates. In this gate bootstrapping mode, we s...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Journal of cryptology Ročník 33; číslo 1; s. 34 - 91
Hlavní autoři: Chillotti, Ilaria, Gama, Nicolas, Georgieva, Mariya, Izabachène, Malika
Médium: Journal Article
Jazyk:angličtina
Vydáno: New York Springer US 01.01.2020
Springer Nature B.V
Springer Verlag
Témata:
Algorithms
Arithmetic
Coding and Information Theory
Combinatorics
Communications Engineering
Computational Mathematics and Numerical Analysis
Computer Science
Cryptography and Security
Encryption
Gates (circuits)
Lookup tables
Mathematical analysis
Mathematical functions
Multiplication
Networks
Parameters
Probability Theory and Stochastic Processes
Security
Toruses
Bootstrapping
Fully homomorphic encryption
Boolean circuit
Lattices
GSW
LWE
Deterministic automata
ISSN:0933-2790, 1432-1378
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:This work describes a fast fully homomorphic encryption scheme over the torus (TFHE) that revisits, generalizes and improves the fully homomorphic encryption (FHE) based on GSW and its ring variants. The simplest FHE schemes consist in bootstrapped binary gates. In this gate bootstrapping mode, we show that the scheme FHEW of Ducas and Micciancio (Eurocrypt, 2015 ) can be expressed only in terms of external product between a GSW and an LWE ciphertext. As a consequence of this result and of other optimizations, we decrease the running time of their bootstrapping from 690 to 13 ms single core, using 16 MB bootstrapping key instead of 1 GB, and preserving the security parameter. In leveled homomorphic mode, we propose two methods to manipulate packed data, in order to decrease the ciphertext expansion and to optimize the evaluation of lookup tables and arbitrary functions in RingGSW -based homomorphic schemes. We also extend the automata logic, introduced in Gama et al. (Eurocrypt, 2016 ), to the efficient leveled evaluation of weighted automata, and present a new homomorphic counter called TBSR , that supports all the elementary operations that occur in a multiplication. These improvements speed up the evaluation of most arithmetic functions in a packed leveled mode, with a noise overhead that remains additive. We finally present a new circuit bootstrapping that converts LWE ciphertexts into low-noise RingGSW ciphertexts in just 137 ms, which makes the leveled mode of TFHE composable and which is fast enough to speed up arithmetic functions, compared to the gate bootstrapping approach. Finally, we provide an alternative practical analysis of LWE based schemes, which directly relates the security parameter to the error rate of LWE and the entropy of the LWE secret key, and we propose concrete parameter sets and timing comparison for all our constructions.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:0933-2790
1432-1378
DOI:10.1007/s00145-019-09319-x