how ideal lattices unlocked fully homomorphic encryption
play

How Ideal Lattices unlocked Fully Homomorphic Encryption Francisco - PowerPoint PPT Presentation

Jul 15, 2023 •125 likes •718 views

How Ideal Lattices unlocked Fully Homomorphic Encryption Francisco Jos e VIAL PRADO December 10, 2014 Ph.D. advisor : Louis GOUBIN Introduction Gentrys IL scheme Other FHE schemes Open questions This talk Introduction Gentrys

  1. How Ideal Lattices unlocked Fully Homomorphic Encryption Francisco Jos´ e VIAL PRADO December 10, 2014 Ph.D. advisor : Louis GOUBIN

  2. Introduction Gentry’s IL scheme Other FHE schemes Open questions This talk Introduction Gentry’s Ideal Lattices scheme Further advances, others schemes and open problems Francisco Jos´ e VIAL PRADO How Ideal Lattices unlocked FHE

  3. Introduction Gentry’s IL scheme Other FHE schemes Open questions Fully Homomorphic Encryption Question : “Is it possible to compute blindfolded?” Francisco Jos´ e VIAL PRADO How Ideal Lattices unlocked FHE

  4. Introduction Gentry’s IL scheme Other FHE schemes Open questions Fully Homomorphic Encryption Question : “Is it possible to compute blindfolded?” Example : A public-key cryptosystem E verifying : ∀ a , b ∈ P ( E ), a + b = D E (E E ( a ) + E E ( b )) , a × b = D E (E E ( a ) × E E ( b )) . Francisco Jos´ e VIAL PRADO How Ideal Lattices unlocked FHE

  5. Introduction Gentry’s IL scheme Other FHE schemes Open questions Formal definition Def. 1 : A homomorphic scheme is a public-key scheme E with four PPT algorithms : KeyGen : λ �→ ( sk , pk ); Enc : ( m , pk ) �→ c ; Dec : ( c , sk ) �→ m ; Eval :( C , c 1 , . . . , c n , pk ) �→ m . Francisco Jos´ e VIAL PRADO How Ideal Lattices unlocked FHE

  6. Introduction Gentry’s IL scheme Other FHE schemes Open questions Formal definition Def. 1 : A homomorphic scheme is a public-key scheme E with four PPT algorithms : KeyGen : λ �→ ( sk , pk ); Enc : ( m , pk ) �→ c ; Dec : ( c , sk ) �→ m ; Eval :( C , c 1 , . . . , c n , pk ) �→ m . Def. 2 : A homomorphic scheme is correct for a set of circuits C if, for every circuit in C , ψ ← Eval ( C , ψ 1 , . . . , ψ n , pk ) ⇒ Dec ( ψ, sk ) = C ( π 1 , . . . , π n ) where ψ i = Enc ( π i , pk ) , i = 1 , . . . , n . Francisco Jos´ e VIAL PRADO How Ideal Lattices unlocked FHE

  7. Introduction Gentry’s IL scheme Other FHE schemes Open questions A Fully Homomorphic Scheme is a homomorphic scheme that is correct for all circuits. Francisco Jos´ e VIAL PRADO How Ideal Lattices unlocked FHE

  8. Introduction Gentry’s IL scheme Other FHE schemes Open questions Starting point Let I be an ideal of some ring R , m ∈ R the message. Francisco Jos´ e VIAL PRADO How Ideal Lattices unlocked FHE

  9. Introduction Gentry’s IL scheme Other FHE schemes Open questions Starting point Let I be an ideal of some ring R , m ∈ R the message. Encryption : Enc ( m ) = m + xI for some x ∈ R . Francisco Jos´ e VIAL PRADO How Ideal Lattices unlocked FHE

  10. Introduction Gentry’s IL scheme Other FHE schemes Open questions Search an ideal I that allows Random sampling from α + I , α ∈ R . Francisco Jos´ e VIAL PRADO How Ideal Lattices unlocked FHE

  11. Introduction Gentry’s IL scheme Other FHE schemes Open questions Search an ideal I that allows Random sampling from α + I , α ∈ R . Noise annihilation m + xI �→ m . Francisco Jos´ e VIAL PRADO How Ideal Lattices unlocked FHE

  12. Introduction Gentry’s IL scheme Other FHE schemes Open questions Search an ideal I that allows Random sampling from α + I , α ∈ R . Noise annihilation m + xI �→ m . And strong security properties. Francisco Jos´ e VIAL PRADO How Ideal Lattices unlocked FHE

  13. Introduction Gentry’s IL scheme Other FHE schemes Open questions Ideals + lattices = Ideal lattices Let R = Z [ X ] / ( X n + 1) where n is a power of 2, and consider the mapping α : R → Z n , α ( v 0 + v 1 X + · · · + v n − 1 X n − 1 ) = ( v 0 , v 1 , · · · , v n − 1 ) Let I = ( P ( X )) be a principal ideal of R : Francisco Jos´ e VIAL PRADO How Ideal Lattices unlocked FHE

  14. Introduction Gentry’s IL scheme Other FHE schemes Open questions Ideals + lattices = Ideal lattices Let R = Z [ X ] / ( X n + 1) where n is a power of 2, and consider the mapping α : R → Z n , α ( v 0 + v 1 X + · · · + v n − 1 X n − 1 ) = ( v 0 , v 1 , · · · , v n − 1 ) Let I = ( P ( X )) be a principal ideal of R : An ideal lattice is the image of a principal ideal of R by α , i.e. L = α ( I ). Francisco Jos´ e VIAL PRADO How Ideal Lattices unlocked FHE

  15. Introduction Gentry’s IL scheme Other FHE schemes Open questions Ideals + lattices = Ideal lattices Let R = Z [ X ] / ( X n + 1) where n is a power of 2, and consider the mapping α : R → Z n , α ( v 0 + v 1 X + · · · + v n − 1 X n − 1 ) = ( v 0 , v 1 , · · · , v n − 1 ) Let I = ( P ( X )) be a principal ideal of R : An ideal lattice is the image of a principal ideal of R by α , i.e. L = α ( I ). For instance, if n = 3, α ((2 + X )) is generated by � α (2 + X ) , α ( X (2 + X )) , α ( X 2 (2 + X )) � . Francisco Jos´ e VIAL PRADO How Ideal Lattices unlocked FHE

  16. Introduction Gentry’s IL scheme Other FHE schemes Open questions Ideals + lattices = Ideal lattices Let R = Z [ X ] / ( X n + 1) where n is a power of 2, and consider the mapping α : R → Z n , α ( v 0 + v 1 X + · · · + v n − 1 X n − 1 ) = ( v 0 , v 1 , · · · , v n − 1 ) Let I = ( P ( X )) be a principal ideal of R : An ideal lattice is the image of a principal ideal of R by α , i.e. L = α ( I ). For instance, if n = 3, α ((2 + X )) is generated by � α (2 + X ) , α ( X (2 + X )) , α ( X 2 (2 + X )) � .   2 0 − 1  . I.e., the columns of 1 2 0  0 1 2 Francisco Jos´ e VIAL PRADO How Ideal Lattices unlocked FHE

  17. Introduction Gentry’s IL scheme Other FHE schemes Open questions Operations in an ideal lattice Let L be an ideal lattice with base B L = { b 1 , . . . , b n } . Define    x i b i ∈ R n ; x i ∈ [ − 1 / 2 , 1 / 2)  � P ( B L ) =  .  i ≤ n Francisco Jos´ e VIAL PRADO How Ideal Lattices unlocked FHE

  18. Introduction Gentry’s IL scheme Other FHE schemes Open questions Operations in an ideal lattice Let L be an ideal lattice with base B L = { b 1 , . . . , b n } . Define    x i b i ∈ R n ; x i ∈ [ − 1 / 2 , 1 / 2)  � P ( B L ) =  .  i ≤ n Base reduction in Z n : x mod B L = x − B L ⌊ B − 1 L x ⌉ ∈ P ( B L ) Francisco Jos´ e VIAL PRADO How Ideal Lattices unlocked FHE

  19. Introduction Gentry’s IL scheme Other FHE schemes Open questions Operations in an ideal lattice Let L be an ideal lattice with base B L = { b 1 , . . . , b n } . Define    x i b i ∈ R n ; x i ∈ [ − 1 / 2 , 1 / 2)  � P ( B L ) =  .  i ≤ n Base reduction in Z n : x mod B L = x − B L ⌊ B − 1 L x ⌉ ∈ P ( B L ) Addition in Z n : ( x , y ) �→ x + y Francisco Jos´ e VIAL PRADO How Ideal Lattices unlocked FHE

  20. Introduction Gentry’s IL scheme Other FHE schemes Open questions Operations in an ideal lattice Let L be an ideal lattice with base B L = { b 1 , . . . , b n } . Define    x i b i ∈ R n ; x i ∈ [ − 1 / 2 , 1 / 2)  � P ( B L ) =  .  i ≤ n Base reduction in Z n : x mod B L = x − B L ⌊ B − 1 L x ⌉ ∈ P ( B L ) Addition in Z n : ( x , y ) �→ x + y Product in Z n : ( x , y ) �→ α ( x ( X ) × y ( X )) Francisco Jos´ e VIAL PRADO How Ideal Lattices unlocked FHE

  21. Introduction Gentry’s IL scheme Other FHE schemes Open questions Gentry’s solution J , B pk Let J be an ideal lattice, generated by two bases B sk J . P ⊆ { 0 , 1 } n , pk = { B pk J } , sk = { B sk J } Let Samp ( π ) be a (bounded) random algorithm that samples from π + 2 Z n . Francisco Jos´ e VIAL PRADO How Ideal Lattices unlocked FHE

  22. Introduction Gentry’s IL scheme Other FHE schemes Open questions Gentry’s solution Francisco Jos´ e VIAL PRADO How Ideal Lattices unlocked FHE

  23. Introduction Gentry’s IL scheme Other FHE schemes Open questions Gentry’s solution Encryption : π Samp � − − − − → � π +2 � e Francisco Jos´ e VIAL PRADO How Ideal Lattices unlocked FHE

  24. Introduction Gentry’s IL scheme Other FHE schemes Open questions Gentry’s solution Encryption : mod B pk π Samp � J � − − − − → � π +2 � − − − − − − → � π +2 � e + i . e Francisco Jos´ e VIAL PRADO How Ideal Lattices unlocked FHE

  25. Introduction Gentry’s IL scheme Other FHE schemes Open questions Gentry’s solution Encryption : mod B pk π Samp � J � − − − − → � π +2 � − − − − − − → � π +2 � e + i . e Decryption : mod B sk � → � � J i ′ ψ − − − − − − ψ − Francisco Jos´ e VIAL PRADO How Ideal Lattices unlocked FHE

  26. Introduction Gentry’s IL scheme Other FHE schemes Open questions Gentry’s solution Encryption : mod B pk π Samp � J � − − − − → � π +2 � − − − − − − → � π +2 � e + i . e Decryption : mod B sk mod 2 � → � � � i ′ − � J i ′ 2 e ′ . ψ − − − − − − ψ − − − − → � π − Francisco Jos´ e VIAL PRADO How Ideal Lattices unlocked FHE

  27. Introduction Gentry’s IL scheme Other FHE schemes Open questions Homomorphic properties e + i , ψ ′ = � π ′ + 2 � e ′ + i ′ π + 2 � ψ = � Francisco Jos´ e VIAL PRADO How Ideal Lattices unlocked FHE

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Fully Homomorphic Encryption from the ground up Daniele Micciancio (UC San Diego) Eurocrypt

Fully Homomorphic Encryption from the ground up Daniele Micciancio (UC San Diego) Eurocrypt

Fully Homomorphic Encryption from the ground up Daniele Micciancio (UC San Diego) Eurocrypt 2019 (Fully Homomorphic) Encryption Encryption: used to protect data at rest or in transit Enc( m ) Enc( m ) Enc( m ) Fully Homomorphic

2.2k views • 39 slides
References Gentry, C., A fully homomorphic encryption scheme , Ph.D. Thesis, 1 Standford

References Gentry, C., A fully homomorphic encryption scheme , Ph.D. Thesis, 1 Standford

References Gentry, C., A fully homomorphic encryption scheme , Ph.D. Thesis, 1 Standford University, 2009. http://crypto.stanford.edu/craig/craig-thesis.pdf Fully Homomorphic Encryption Gentry, C., Computing arbitrary functions of encrypted

233 views • 7 slides
Fully Homomorphic Encryption Francisco Vial-Prado ASCrypto - LatinCrypt 19 IMFD Chile, Ecole

Fully Homomorphic Encryption Francisco Vial-Prado ASCrypto - LatinCrypt 19 IMFD Chile, Ecole

Fully Homomorphic Encryption Francisco Vial-Prado ASCrypto - LatinCrypt 19 IMFD Chile, Ecole Polytechnique, Universit e Paris-Saclay Applied Cryptography @ ProtonMail Generic homomorphic encryption Gentrys blueprint Second generation

1.07k views • 63 slides
CCA-Secure Keyed-Fully Homomorphic Encryption Junzuo Lai, Robert H. Deng, Changshe Ma, Kouichi

CCA-Secure Keyed-Fully Homomorphic Encryption Junzuo Lai, Robert H. Deng, Changshe Ma, Kouichi

Introduction CCA-Secure Keyed-Fully Homomorphic Encryption Junzuo Lai, Robert H. Deng, Changshe Ma, Kouichi Sakurai and Jian Weng 1 / 26 Introduction Outline Background Related Work CCA-Secure Keyed-Fully Homomorphic Encryption Conclusion

686 views • 26 slides
Algorithms for Breakthrough STOC 2009 Gentry multiquadratic number fields cryptosystem Fully

Algorithms for Breakthrough STOC 2009 Gentry multiquadratic number fields cryptosystem Fully

1 2 Algorithms for Breakthrough STOC 2009 Gentry multiquadratic number fields cryptosystem Fully homomorphic encryption using ideal lattices D. J. Bernstein was broken several years later, under reasonable assumptions. Jens Bauch,

2.01k views • 183 slides
CHIMERA: Combining Ring-LWE-based Fully Homomorphic Encryption Schemes Mariya Georgieva 1 , 2 1

CHIMERA: Combining Ring-LWE-based Fully Homomorphic Encryption Schemes Mariya Georgieva 1 , 2 1

CHIMERA: Combining Ring-LWE-based Fully Homomorphic Encryption Schemes Mariya Georgieva 1 , 2 1 2 Joint work with: C. Boura, N. Gama, D. Jetchev 1 / 30 Homomorphic encryption Given ( c 1 , c 2 , . . . , c k ) = ( E ( m 1 ) , E ( m 2 ) , . . .

497 views • 48 slides
Symmetric Encryption Scheme adapted to Fully Homomorphic Encryption Scheme: New Criteria for

Symmetric Encryption Scheme adapted to Fully Homomorphic Encryption Scheme: New Criteria for

Symmetric Encryption Scheme adapted to Fully Homomorphic Encryption Scheme: New Criteria for Boolean functions Pierrick M AUX cole normale suprieure, INRIA, CNRS, PSL Boolean Functions and their Applications (BFA) Os, Norway Tuesday

1.23k views • 101 slides
Homomorphic Encryption Lecture 18 And some applications Homomorphic Encryption Homomorphic

Homomorphic Encryption Lecture 18 And some applications Homomorphic Encryption Homomorphic

Homomorphic Encryption Lecture 18 And some applications Homomorphic Encryption Homomorphic Encryption Group Homomorphism: Two groups G and G are homomorphic if there exists a function (homomorphism) f:G G such that for all x,y G,

1.79k views • 165 slides
Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption

Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption

Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption Standardization Consortium HomomorphicEncryption.org 0.1 Presenters Roger A. Hallman (SPAWAR Systems Center Pacific; Thayer School of

1.36k views • 91 slides
Fully Homomorphic Encryption Lecture 21 Recall Learning With Errors -s = A b A r A

Fully Homomorphic Encryption Lecture 21 Recall Learning With Errors -s = A b A r A

Fully Homomorphic Encryption Lecture 21 Recall Learning With Errors -s = A b A r A b e 1 LWE (decision version): (A,A s + e ) (A, r ), where A random m n , s uniform, e has small entries from a matrix in A Z q

514 views • 12 slides
Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages Zvika

Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages Zvika

Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages Zvika Brakerski Vinod Vaikuntanathan (Weizmann) (University of Toronto) CRYPTO 2011 Outsourcing Computation x Function x f f ( x ) medical records

520 views • 15 slides
Cryptography from Rings Chris Peikert University of Michigan HEAT Summer School 13 Oct 2015 1

Cryptography from Rings Chris Peikert University of Michigan HEAT Summer School 13 Oct 2015 1

Cryptography from Rings Chris Peikert University of Michigan HEAT Summer School 13 Oct 2015 1 / 13 Agenda 1 Polynomial rings, ideal lattices and Ring-LWE 2 Basic Ring-LWE encryption 3 Fully homomorphic encryption Selected bibliography:

840 views • 64 slides
Lattice Cryptography: Towards Fully Homomorphic Encryption Lecture 20 Recall Learning With

Lattice Cryptography: Towards Fully Homomorphic Encryption Lecture 20 Recall Learning With

Lattice Cryptography: Towards Fully Homomorphic Encryption Lecture 20 Recall Learning With Errors s where = + A b A r b A e LWE (decision version): (A,A s + e ) (A, r ), where A random m n , s uniform, e has

345 views • 15 slides
Fully Homomorphic Encryption over the Integers with Shorter Public Keys Jean-S ebastien Coron,

Fully Homomorphic Encryption over the Integers with Shorter Public Keys Jean-S ebastien Coron,

Introduction Previous work Our contribution Conclusion Fully Homomorphic Encryption over the Integers with Shorter Public Keys Jean-S ebastien Coron, Avradip Mandal, David Naccache and Mehdi Tibouchi University of Luxembourg & ENS

864 views • 60 slides
Fully Homomorphic Encryption without Modulus Switching from Classical GapSVP Zvika Brakerski

Fully Homomorphic Encryption without Modulus Switching from Classical GapSVP Zvika Brakerski

Fully Homomorphic Encryption without Modulus Switching from Classical GapSVP Zvika Brakerski Stanford University CRYPTO 2012 Outsourcing Computation () Email, web- search, navigation, social networking Search query,

380 views • 21 slides
A Simple Framework for Noise-Free Construction of Fully Homomorphic Encryption from a Special

A Simple Framework for Noise-Free Construction of Fully Homomorphic Encryption from a Special

A Simple Framework for Noise-Free Construction of Fully Homomorphic Encryption from a Special Class of Non-Commutative Groups Koji Nuida National Institute of Advanced Industrial Science and Technology (AIST), Japan (Japan Science and

1.24k views • 57 slides
Consumption, Credit, and the Missing Young Daniel Cooper, Boston Fed Olga Gorbachev, University of

Consumption, Credit, and the Missing Young Daniel Cooper, Boston Fed Olga Gorbachev, University of

FDIC Consumer Research Symposium Consumption, Credit, and the Missing Young Daniel Cooper, Boston Fed Olga Gorbachev, University of Delaware Mar a Jos e Luengo-Prado, Boston Fed The views in this paper are our own and not necessarily the

389 views • 12 slides
Vignette Games Nina Freeman @hentaiphd The Code Liberation Foundation Lecture 1: Storytelling

Vignette Games Nina Freeman @hentaiphd The Code Liberation Foundation Lecture 1: Storytelling

The Code Liberation Foundation Lecture 1: Storytelling with Twine Vignette Games Nina Freeman @hentaiphd The Code Liberation Foundation Lecture 1: Storytelling with Twine Vignette In literature, poetry, and film, a vignette is a brief,

307 views • 14 slides
Facts about Modern American Poetry 1. Often a single poem is written to contain a multiple of

Facts about Modern American Poetry 1. Often a single poem is written to contain a multiple of

English III: American Lit. Modernism: Monday, 01.30.17 Facts about Modern American Poetry 1. Often a single poem is written to contain a multiple of interpretations. 2. A single image can help the poet present a complex idea. For example,

69 views • 3 slides
Enhancing MI Training with Kinesthetic Learning Motivational Interviewing (MI) is a

Enhancing MI Training with Kinesthetic Learning Motivational Interviewing (MI) is a

Enhancing MI Training with Kinesthetic Learning Motivational Interviewing (MI) is a person-centered, guiding method of communication and counseling to elicit and strengthen motivation for change. OARS OPEN QUESTIONS: Ahh AFFIRM:

1.1k views • 71 slides
WORKSHOPS FOR WARRIORS Presentation for The Aerospace & Defense Forum July 26, 2016

WORKSHOPS FOR WARRIORS Presentation for The Aerospace & Defense Forum July 26, 2016

The Aerospace & Defense Forum San Diego Chapter July 26, 2016 WORKSHOPS FOR WARRIORS Presentation for The Aerospace & Defense Forum July 26, 2016 Presented by Hernn Luis y Prado Workshops for Warriors is rebuilding Americas

92 views • 7 slides
Levelwise Clustering under a Maximum SSE Constraint Jeroen De Knijf Bart Goethals and Adriana

Levelwise Clustering under a Maximum SSE Constraint Jeroen De Knijf Bart Goethals and Adriana

Introduction Algorithm Experimental Results Conclusion Levelwise Clustering under a Maximum SSE Constraint Jeroen De Knijf Bart Goethals and Adriana Prado ADReM Computer Science and Mathematic Department Antwerp University Jeroen De

294 views • 12 slides
Learning to Groove with Inverse Sequence Transformations Jon Gillick, Adam Roberts, Jesse Engel,

Learning to Groove with Inverse Sequence Transformations Jon Gillick, Adam Roberts, Jesse Engel,

Learning to Groove with Inverse Sequence Transformations Jon Gillick, Adam Roberts, Jesse Engel, Douglas Eck, David Bamman contact: jongillick@berkeley.edu Google AI / Magenta Questions How well can we model drum performances with

384 views • 12 slides
Building Open Source Projects in Government Esri Ecosystems Lyzi Diamond FOSS4G 2014 | Portland,

Building Open Source Projects in Government Esri Ecosystems Lyzi Diamond FOSS4G 2014 | Portland,

Building Open Source Projects in Government Esri Ecosystems Lyzi Diamond FOSS4G 2014 | Portland, OR | September 10, 2014 Road designed by Juan Pablo Bravo from the thenounproject.com This talk is about building open source web applications

403 views • 37 slides

More recommend