A Method for Securely Comparing Integers using Binary Trees

2009

Secure Multiparty Computation (SMC) has gained tremendous importance with the growth of the Internet and E-commerce, where mutually untrusted parties need to jointly compute a function of their private inputs. However, SMC protocols usually have very high computational complexities, rendering them practically unusable. In this paper, we tackle the problem of comparing two input values in a secure distributed fashion. We propose efficient secure comparison protocols for both the homomorphic encryption and secret sharing schemes. We also give experimental results to show their practical relevance.

International Journal of Applied Cryptography, 2014

When processing data in the encrypted domain, homomorphic encryption can be used to enable linear operations on encrypted data. Integer division of encrypted data however requires an additional protocol between the client and the server and will be relatively expensive. We present new solutions for dividing encrypted data in the semi-honest model using homomorphic encryption and additive blinding, having low computational and communication complexity. In most of our protocols we assume the divisor is publicly known. The division result is not only computed exactly, but may also be approximated leading to further improved performance. The idea of approximating the result of an integer division is extended to similar results for secure comparison, secure minimum, and secure maximum in the client-server model, yielding new efficient protocols with demonstrated application in biometrics. The exact minimum protocol is shown to outperform existing approaches. . He is also affiliated as a Senior Researcher with the Multimedia Signal Processing group of Delft University of Technology, and has specialised in applications of cryptography. This paper is a revised and expanded version of a paper entitled 'Encrypted integer division' presented at IEEE Workshop on Information Forensics and Security, Seattle, December 2010.

2015

The cloud computing providers need to offer security warranties. As we all know, one of the critical points is the confidentiality and access to customer data which, these days, is migrated and managed in cloud environments. In this sense, one solution is based on encrypting data before its upload in cloud. But this approach sets a limit regarding data processing. In this article we present a practical application of the homomorphic encryption schemes, namely the problem of finding maximum/minimum from a collection of encrypted integers. First, we present our algorithm that can be run directly in cloud without the need for an intermediate data exchange with the client. Second, our experimental results show the time resources necessary to evaluate the proposed algorithm.

2020

In this paper, we address the problem of privately evaluating a decision tree on private data. This scenario consists of a server holding a private decision tree model and a client interested in classifying its private attribute vector using the server’s private model. The goal of the computation is to obtain the classification while preserving the privacy of both—the decision tree and the client input. After the computation, the client learns the classification result and nothing else, and the server learns nothing. Existing privacy-preserving protocols that address this problem use or combine different generic secure multiparty computation approaches resulting in several interactions between the client and the server. Our goal is to design and implement a novel client-server protocol that delegates the complete tree evaluation to the server while preserving privacy and reducing the overhead. The idea is to use fully (somewhat) homomorphic encryption and evaluate the tree on cipher...

Fully Homomorphic Encryption has become a hot research topic in light of the privacy concerns related to the emerging cloud computing paradigm. Existing fully homomorphic schemes are not truly practical due to their high computational complexities and huge message expansions. Targeting the construction of a homomorphic encryption scheme that is implementable for at least certain class of applications, this paper proposes a Somewhat Homomorphic public key encryption scheme, which can be viewed as a variant of the scheme devised by Van Dijk et.al, extended to larger message space. The proposed scheme is compact, semantically secure with significantly smaller public key, and is capable of encrypting integer plaintexts rather than single bits, with comparatively lower message expansion and computational complexities.

Theory of Cryptography

We present a public-key encryption scheme with the following properties. Given a branching program P and an encryption c of an input x, it is possible to efficiently compute a succinct ciphertext c from which P (x) can be efficiently decoded using the secret key. The size of c depends polynomially on the size of x and the length of P , but does not further depend on the size of P. As interesting special cases, one can efficiently evaluate finite automata, decision trees, and OBDDs on encrypted data, where the size of the resulting ciphertext c does not depend on the size of the object being evaluated. These are the first general representation models for which such a feasibility result is shown. Our main construction generalizes the approach of Kushilevitz and Ostrovsky (FOCS 1997) for constructing single-server Private Information Retrieval protocols. We also show how to strengthen the above so that c does not contain additional information about P (other than P (x) for some x) even if the public key and the ciphertext c are maliciously formed. This yields a two-message secure protocol for evaluating a length-bounded branching program P held by a server on an input x held by a client. A distinctive feature of this protocol is that it hides the size of the server's input P from the client. In particular, the client's work is independent of the size of P .

IACR Cryptol. ePrint Arch., 2021

Homomorphic Encryption (HE), first constructed in 2009, is a class of encryption schemes that enables computation over encrypted data. Variants of HE in the context of multiple parties have led to the development of two different lines of HE schemes-Multi-Party Homomorphic Encryption (MPHE) and Multi-Key Homomorphic Encryption (MKHE). These primitives cater to different applications and each approach has its own pros and cons. At a high level, MPHE schemes tend to be much more efficient but require the set of computing parties to be fixed throughout the entire operation, frequently a limiting assumption. On the other hand, MKHE schemes tend to have poor scaling (quadratic) with the number of parties but allow us to add new parties to the joint computation anytime since they support computation between ciphertexts under different keys. In this work, we formalize a new variant of HE called Multi-Group Homomorphic Encryption (MGHE). Stated informally, an MGHE scheme provides a seamless integration between MPHE and MKHE, and combines the best of both these primitives. In an MGHE scheme, a group of parties generates a public key jointly which results in the compact ciphertexts and efficient homomorphic operations, similar to MPHE. However, unlike MPHE, it also supports computations on encrypted data under different keys, a property enjoyed by MKHE schemes. We provide a concrete construction of such an MGHE scheme from the BFV scheme. The public key generation procedure of our scheme is fully non-interactive so that the set of computing parties does not have to be determined and no information about other parties is needed in advance of individual key generation. At the heart of our construction is a novel refactoring of the relinearization key to avoid interaction as typically needed. We also implement our scheme and demonstrate that the this generalization does not incur any additional overhead and in fact, can be more performant than existing MPHE and MKHE schemes.

The trend towards delegating data processing and management to a remote party raises major concerns related to privacy violations for both end-users and service providers. These concerns have attracted the attention of the research community, and several techniques have been proposed to protect against malicious parties by providing secure communication protocols. Most of the proposed techniques, however, require the involvement of a third party, and this by itself can be viewed as another security concern. In this paper, we present a survey of different techniques that aim at secure applications, services, and routing protocols. We exhibit practical and popular systems/models and highlight the lack of privacy and confidentiality support in them. Furthermore, to avoid security breaches, we propose adopting an innovative approach that depends on data sorted, managed, and processed in encrypted form at the remote servers. To realize such an approach, the encryption cryptosystem must support both addition and multiplication over encrypted data. Finally, we highlight some novel tracks helping in the construction of a fully secure protocol based on the fully homomorphic encryption schemes.

Programming and Computer Software, 2019

Modern algorithms for symmetric and asymmetric encryptions are not suitable to provide security of data that needs data processing. They cannot perform calculations over encrypted data without first decrypting it when risks are high. Residue Number System (RNS) as a homomorphic encryption allows ensuring the confidentiality of the stored information and performing calculations over encrypted data without preliminary decoding but with unacceptable time and resource consumption. An important operation for encrypted data processing is a number comparison. In RNS, it consists of two steps: the computation of the positional characteristic of the number in RNS representation and comparison of its positional characteristics in the positional number system. In this paper, we propose a new efficient method to compute the positional characteristic based on the approximate method. The approximate method as a tool to compare numbers does not require resource-consuming non-modular operations that are replaced by fast bit right shift operations and taking the least significant bits. We prove that in case when the dynamic range of RNS is an odd number, the size of the operands is reduced by the size of the module. If one of the RNS moduli is a power of two, then the size of the operands is less than the dynamic range. We simulate proposed method in the ISE Design Suite environment on the FPGA Xilinx Spartan-6 SP605 and show that it gains 31% in time and 37% in the area on average with respect to the known approximate method. It makes our method efficient for hardware implementation of cryptographic primitives constructed over a prime finite field.

The trend towards delegating data processing and management to a remote party raises major concerns related to privacy violations for both end-users and service providers. These concerns have attracted the attention of the research community, and several techniques have been proposed to protect against malicious parties by providing secure communication protocols. Most of the proposed techniques, however, require the involvement of a third party, and this by itself can be viewed as another security concern. These security breaches can be avoided by following an innovative approach that depends on data sorted, managed, and stored in encrypted form at the remote servers. To realize such an approach, the encryption cryptosystem must support both addition and multiplication over encrypted data. This cryptosystem can be effective in protecting data and supporting the construction of programs that can process encrypted input and produce encrypted output. In fact, the latter programs do not decrypt the input, and therefore, they can be run by an un-trusted party without revealing their data and internal states. Furthermore, such programs prove to be practical in situations where we need to outsource private computations, especially in the context of cloud computing. Homomorphic cryptosystems are perfectly aligned with these objectives as they support homomorphic schemes that allow a blind processing of encrypted data without the need to decrypt them. In this paper we rely on homomorphic encryption schemes to secure applications, services and routing protocols. We design several circuits that allow for the blind processing and management of data such that malicious parties are denied access to sensitive information.

With the increased need for data confidentiality in various applications of our daily life, homomorphic encryption (HE) has emerged as a promising cryptographic topic. HE enables to perform computations directly on encrypted data (ciphertexts) without decryption in advance. Since the results of calculations remain encrypted and can only be decrypted by the data owner, confidentiality is guaranteed and any third party can operate on ciphertexts without access to decrypted data (plaintexts). Applying a homomorphic cryptosystem in a real-world application depends on its resource efficiency. Several works compared different HE schemes and gave the stakes of this research field. However, the existing works either do not deal with recently proposed HE schemes (such as CKKS) or focus only on one type of HE. In this paper, we conduct an extensive comparison and evaluation of homomorphic cryptosystems’ performance based on their experimental results. The study covers all three families of HE...

International Journal of Computer Networks and Applications (IJCNA), 2022

Traditional encryption allows encrypted data to be decrypted before any computation could be performed on such data. This approach could compromise the security of the data when an untrusted party is involved in the computation. To be able to work on data in its encrypted form, a homomorphic encryption approach is recommended. Homomorphic encryption allows computation to be done on data that has been encrypted and yields the same results that would have been obtained if the computation had been performed on the unencrypted form of the data. Most of the Homomorphic encryption (HE) algorithms are deterministic. These deterministic algorithms produce the same ciphertext for a given data on different occasions. This could allow an adversary to easily predict a plaintext from a ciphertext. Probabilistic algorithms, however, resolve the aforementioned challenge of deterministic algorithms. A probabilistic encryption algorithm ensures different ciphertexts for the same plaintext on different occasions. Another challenge of most homomorphic encryption schemes is the way data is encrypted. Most algorithms encrypt data bit-by-bit (i.e. circuit-based). Circuit-based encryption makes the encryption and decryption complex, thereby increasing the running time. To reduce the running time, Non-Circuit based encryption and decryption are preferred. Here, numeric data need not be converted to binary before any encryption is done. To ensure a very secure, efficient but simpler HE scheme, the authors have offered a fully homomorphic encryption (FHE) scheme that is Probabilistic, Non-Circuit based, and uses symmetric keys. Results from the experiment conducted show that the proposed scheme is faster than Fully Homomorphic Encryption over the Integer (DGHV), A simple Fully Homomorphic Encryption Scheme Available in Cloud Computing (SDC), and Fully Homomorphic Encryption by Prime Modular Operation (SAM) schemes. The proposed scheme has a time complexity of O(log(n2)) and consumes less memory space. Even though HE schemes are naturally slow, the less memory space consumed by the proposed scheme and the time complexity of O (log(n2)), makes the proposed scheme suitable for real-life implementation such as auction, electronic voting, and in other applications that make use of private data.

ArXiv, 2015

The trend towards delegating data processing to a remote party raises major concerns related to privacy violations for both end-users and service providers. These concerns have attracted the attention of the research community, and several techniques have been proposed to protect against malicious parties by providing secure communication protocols. Most of the proposed techniques, however, require the involvement of a third party, and this by itself can be viewed as another security concern. These security breaches can be avoided by following a new approach that depends on data sorted, managed, and stored in encrypted form at the remote servers. To realize such an approach, the encryption cryptosystem must support algebraic operations over encrypted data. This cryptosystem can be effective in protecting data and supporting the construction of programs that can process encrypted input and produce encrypted output. In fact, the latter programs do not decrypt the input, and therefore,...

Cryptography, 2017

We introduce a robust framework that allows for cryptographically secure multiparty computations, such as distributed private value auctions. The security is guaranteed by two-sided authentication of all network connections, homomorphically encrypted bids, and the publication of zero-knowledge proofs of every computation. This also allows a non-participant verifier to verify the result of any such computation using only the information broadcasted on the network by each individual bidder. Building on previous work on such systems, we design and implement an extensible framework that puts the described ideas to practice. Apart from the actual implementation of the framework, our biggest contribution is the level of protection we are able to guarantee from attacks described in previous work. In order to provide guidance to users of the library, we analyze the use of zero knowledge proofs in ensuring the correct behavior of each node in a computation. We also describe the usage of the library to perform a private-value distributed auction, as well as the other challenges in implementing the protocol, such as auction registration and certificate distribution. Finally, we provide performance statistics on our implementation of the auction.