TY - GEN
T1 - On constructing homomorphic encryption schemes from coding theory
AU - Armknecht, Frederik
AU - Augot, Daniel
AU - Perret, Ludovic
AU - Sadeghi, Ahmad Reza
PY - 2011/12/23
Y1 - 2011/12/23
N2 - We introduce a generic construction principle for homomorphic encryption schemes based on coding theory These possess several non-standard positive features. First, they are not restricted to linear homomorphism but allow for evaluating multivariate polynomials up to a fixed (but arbitrary) degree μ on encrypted field elements. Second, they can be instantiated with various error correcting codes, even for codes with poor correcting capabilities. Third, depending on the deployed code, one can achieve very efficient schemes. As a concrete example, we present an instantiation based on Reed-Muller codes where for μ = 2 and μ = 3 and security levels between 80 and 128 bits, all operations take less than a second (after some pre-computation). However, our analysis reveals also limitations on this approach. For structural reasons, such schemes cannot be public-key, allow for a limited number of fresh encryptions only, and cannot be combined with the bootstrapping technique. We argue why such schemes are nonetheless useful in certain application scenarios and discuss possible directions on how to overcome these issues.
AB - We introduce a generic construction principle for homomorphic encryption schemes based on coding theory These possess several non-standard positive features. First, they are not restricted to linear homomorphism but allow for evaluating multivariate polynomials up to a fixed (but arbitrary) degree μ on encrypted field elements. Second, they can be instantiated with various error correcting codes, even for codes with poor correcting capabilities. Third, depending on the deployed code, one can achieve very efficient schemes. As a concrete example, we present an instantiation based on Reed-Muller codes where for μ = 2 and μ = 3 and security levels between 80 and 128 bits, all operations take less than a second (after some pre-computation). However, our analysis reveals also limitations on this approach. For structural reasons, such schemes cannot be public-key, allow for a limited number of fresh encryptions only, and cannot be combined with the bootstrapping technique. We argue why such schemes are nonetheless useful in certain application scenarios and discuss possible directions on how to overcome these issues.
KW - Coding Theory
KW - Efficiency
KW - Homomorphic Encryption
KW - Provable Security
U2 - 10.1007/978-3-642-25516-8_3
DO - 10.1007/978-3-642-25516-8_3
M3 - Conference contribution
AN - SCOPUS:83755161822
SN - 9783642255151
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 23
EP - 40
BT - Cryptography and Coding - 13th IMA International Conference, IMACC 2011, Proceedings
T2 - 13th IMA International Conference on Cryptography and Coding, IMACC 2011
Y2 - 12 December 2011 through 15 December 2011
ER -