目前大部分内容都是从维基百科翻译过来的,之后会根据调查情况进行丰富。
基本概念同态加密(Homomorphic encryption)是一种能够支持密文上计算的加密方案,解密密文上计算的结果与明文上直接计算的结果相同。
安全云计算服务的不同实体之间的安全协作,诸如汇率计算、税收等其他安全系统、安全投票系统、防冲突散列函数、 应用安全外包计算(source outsourced computation ),如私有集安全(psi ),私有信息保留全同态加密全同态加密(fully homomorphic encryption FHE )是一种支持任意计算密文的密码系统。 FHE方法可以通过编程接收加密输入并生成加密格式的输出结果来实现任意功能。 此外,这些操作可以在不信任的另一方不恢复与输入和中间状态相对应的明文的情况下执行。 FHE有望在云环境中广泛应用。
现有的同态加密系统thebrakerski-gentry-vaikuntanathancryptosystem (3358 www.Sina.com/(1) ) ) (基于Brakerski-Vaikuntanathan的方案)2. brakerski’s scale-invariantcryptosystem [3].then tru-basedcryptostostem andvaikuntanathan (http://www.Sina.com/(4).the gentry-sahai-waterscryptosystem ) http://ww.Sina.com/(5) ) fan-vercauterencryptosystem (http://www.Sina.com/(6).the cheon-Kim-Kim-songcryptosystem ) http://www.Sina.sina 这些密码学方案的显著特点是在进行同型计算的过程中噪声的增加速度慢。
Craig Gentry, Shai Halevi和Nigel Smart提出的优化方案[ 810 ]实现了最理想的渐进复杂度: 在安全参数k k k下对加密数据执行tt次操作的复杂度仅为tpolylog(k ) t )的cdotpolylog(k ) tpolylog(k ) .这些优化是智能的这些第二代密码系统的很多优点也被移植到整数上的密码系统中[ 12,11 ]
Zvika Brakerski和Vinod Vaikuntanathan发现,对于特定类型的电路,GSW方法的噪声增长速度更慢。 因此,具有更好的性能和更强的安全性[14]。 随后,Jacob Alperin-Sheriff和薄甜瓜Peikert利用这种电路提出了非常有效的bootstrapping技术[15]。 但是,由于这种类型电路看起来与加密技术不兼容,因此与Gentry-Happing技术不兼容
的第二代密码系统仍然遵循Gentry最初方案的基本思路,即在一定程度上构建能够处理密文噪声的同态密码方案,然后通过bootstrapping将其转换为完全同态方案。
实现同态加密方式实现开源库名的同态加密方式HElib [16]GHS优化的BGVPALISADE [17]BFV,BGVHEAAN [
18]CKKS including a bootstrapping algorithm [19]Microsoft SEAL [20]BFV, CKKSFHEW [21]Regev’s LWE cryptosystem with the bootstrapping techniques of Alperin-Sheriff and PeikertTFHE [22]Faster variant over the Torus with an intuitive API to evaluate boolean circuitsbootstrapping的实现: HElib 需要 5 – 10 分钟来 bootstrapping 一个包含1000个明文值的密文[23], FHEW 需要大概 1 2 frac{1}{2} 21 秒来 bootstrapping 一个未打包的单比特数据对应的密文[24], TFHE 需要 13 毫秒来评估已经自扩展的任意未打包单比特数据对应密文上的二进制门[25], HEAAN 需要 2 分钟来 bootstrapping一个以12比特精度打包的128比特明文对应的密文[19].
2014年底, 利用HElib实现的对AES加密电路的同态评估显示对于120个输入的评估时间只有4分多钟, 也就是说每个输入分摊的评估时间大约为2秒.
同态加密标准化: Homomorphic Encryption Standardization
同态加密的历史1978 年就有人提出了构造全同态加密方案的问题[26] (和RSA的提出同一年), 之后的30年, 对应的解决方案是否存在一直是个未知数, 在这段时间中出现的成果包括解决了对数深度电路问题的 Sander-Young-Yung 系统[27], 支持对不限数量的加法但是最多一次乘法操作进行评估的 Boneh-Goh-Nissim 密码系统[28], 以及支持对多项式大小分支程序进行评估的 Ishai-Paskin 密码系统[29].
References[1] Z. Brakerski, C. Gentry, and V. Vaikuntanathan. Fully Homomorphic Encryption without Bootstrapping. In ITCS 2012
[2] Z. Brakerski and V. Vaikuntanathan. Efficient Fully Homomorphic Encryption from (Standard) LWE. In FOCS 2011 (IEEE)
[3] Z. Brakerski. Fully Homomorphic Encryption without Modulus Switching from Classical GapSVP. In CRYPTO 2012 (Springer)
[4] A. Lopez-Alt, E. Tromer, and V. Vaikuntanathan. On-the-哭泣的冰棍 Multiparty Computation on the Cloud via Multikey Fully Homomorphic Encryption. In STOC 2012 (ACM)
[5] C. Gentry, A. Sahai, and B. Waters. Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based. In CRYPTO 2013 (Springer)
[6] Fan, Junfeng; Vercauteren, Frederik (2012). “Somewhat Practical Fully Homomorphic Encryption”.
[7] Cheon, Jung Hee; Kim, Andrey; Kim, Miran; Song, Yongsoo (2017). “Homomorphic encryption for arithmetic of approximate numbers”. Takagi T., Peyrin T. (eds) Advances in Cryptology – ASIACRYPT 2017. ASIACRYPT 2017. Springer, Cham. pp. 409–437. doi:10.1007/978-3-319-70694-8_15.
[8] C. Gentry, S. Halevi, and N. P. Smart. Fully Homomorphic Encryption with Polylog Overhead. In EUROCRYPT 2012 (Springer)
[9] C. Gentry, S. Halevi, and N. P. Smart. Better Bootstrapping in Fully Homomorphic Encryption. In PKC 2012 (SpringeR)
[10] C. Gentry, S. Halevi, and N. P. Smart. Homomorphic Evaluation of the AES Circuit. In CRYPTO 2012 (Springer)
[11] Smart, Nigel P.; Vercauteren, Frederik (2014). “Fully Homomorphic SIMD Operations”. Designs, Codes and Cryptography. 71 (1): 57–81.
[12] Coron, Jean-Sébastien; Lepoint, Tancrède; Tibouchi, Mehdi (2013). “Batch Fully Homomorphic Encryption over the Integers”. Eurocrypt 2013.
[13] Coron, Jean-Sébastien; Lepoint, Tancrède; Tibouchi, Mehdi (2014). “Scale-Invariant Fully Homomorphic Encryption over the Integers”. Pkc 2014.
[14] Z. Brakerski and V. Vaikuntanathan. Lattice-Based FHE as Secure as PKE. In ITCS 2014
[15] J. Alperin-Sheriff and C. Peikert. Faster Bootstrapping with Polynomial Error. In CRYPTO 2014 (Springer)
[16] Shai Halevi; Victor Shoup. “HElib: An Implementation of homomorphic encryption”. Retrieved 31 December 2014.
[17] [palisade-crypto.org “PALISADE Lattice Cryptography Library”] Check |url= value (help). Retrieved 1 January 2019.
[18] Jung Hee Cheon; Kyoohyung Han; Andrey Kim; Miran Kim; Yongsoo Song. “Homomorphic Encryption for Arithmetic of Approximate Numbers”. Retrieved 15 May 2016.
[19] Jung Hee Cheon, Kyoohyung Han, Andrey Kim, Miran Kim and Yongsoo Song. Bootstrapping for Approximate Homomorphic Encryption. In EUROCRYPT 2018(springer).
[20] Microsoft Research. “Microsoft SEAL”. Retrieved 20 February 2019.
[21] Leo Ducas; Daniele Micciancio. “FHEW: A Fully Homomorphic Encryption library”. Retrieved 31 December 2014.
[22] Ilaria Chillotti; Nicolas Gama; Mariya Georgieva; Malika Izabachene. “Faster Fully Homomorphic Encryption: Bootstrapping in less than 0.1 Seconds”. Retrieved 31 December 2016.
[23] Halevi, Shai; Shoup, Victor. “Bootstrapping for HElib”. Cryptology ePrint archive. Retrieved 2 January 2015.
[24] Ducas, Léo; Micciancio, Daniele. “FHE Bootstrapping in less than a second”. Cryptology ePrint archive. Retrieved 2 January 2015.
[25] Chillotti, Ilaria; Gama, Nicolas; Georgieva, Mariya; Izabachene, Malika. “Improving TFHE: faster packed homomorphic operations and efficient circuit bootstrapping”. Cryptology ePrint archive. Retrieved 2 May 2017.
[26] R. L. Rivest, L. Adleman, and M. L. Dertouzos. On data banks and privacy homomorphisms. In Foundations of Secure Computation, 1978.
[27] Sander, Tomas; Young, Adam L.; Yung, Moti (1999). Non-Interactive CryptoComputing For NC1. Focs1991. pp. 554–566. doi:10.1109/SFFCS.1999.814630. ISBN 978-0-7695-0409-4.
[28] D. Boneh, E. Goh, and K. Nissim. Evaluating 2-DNF Formulas on Ciphertexts. In Theory of Cryptography Conference, 2005.
[29] Y. Ishai and A. Paskin. Evaluating branching programs on encrypted data. In Theory of Cryptography Conference, 2007.