No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Homomorphic Image Processing Over Geometric Product Spaces and Finite P-Adic Arithmetic
... Barillas obtained a peformance 42 times faster and energy consumption 62 times lower than current state-of-the-art [41]. Hensel codes has also been recently used as an encoding component for experimental encryption schemes and related protocols [42]- [44]. ...
... International Journal of Information and Electronics Engineering, Vol. 10, No. 1, March 2020 III. ENCODING SCHEME Definition 5: The data encoding scheme is a tuple of three polynomial-time algorithms ( ) (44) such that 1. The is a probabilistic polynomial-time algorithm that takes as input and outputs a key secret ( ), where are -bit odd prime numbers uniformly generated from the set of all -bit prime numbers , and are arbitrarily selected from the set * + observing the condition , and a public modulus (∏ ) ...
Data encoding is widely used for a variety of reasons. Encoding schemes in general serve to convert one form of data to another in order to enhance the efficiency of data storage, transmission, computation and privacy, to name just a few. When it comes to privacy, data may be encoded to hide its meaning from direct access or encrypted to attain a certain security level. If the encoding scheme preserves additive and multiplicative homomorphisms, then operations on encoded data may be performed without prior decoding, which improves the utility of such mechanism. We introduce a probabilistic fully homomorphic encoding scheme that is practical as a stand-alone entry-level solution to data privacy or as an added component of existing encryption schemes, especially those that are deterministic. We demonstrate how the finite segment of p-adic numbers can be explored to derive probabilistic multiple secret Hensel codes which yields multiple layers of obscurity in an efficient way. Our encoding scheme is compact, ultra lightweight and suitable for applications ranging from edge to cloud computing. Without significant changes in its mathematical foundation, as a proposed continuation of this present work, further investigation can take place in order to confirm if the same encoding scheme can be extended to be a standalone secure instance of a fully homomorphic encryption scheme.
... To the best of our knowledge, there are currently very few cryptographicrelated constructions explicitly based on GA. We highlight a fully homomorphic encryption (FHE) scheme [36] that combines GA with number theoretic functions [37], and a somewhat homomorphic encryption (SWHE) scheme that yields a GA-based framework for image processing [38]. The closest construction to the key update we propose in this work, a rather limited version of it, was discussed in [39]. ...
In this work, we aim to address the challenge of expanding Blockchain Technologies (BT) by implementing a somewhat homomorphic encryption scheme that not only enables computation on encrypted data but also yields a key update protocol with which one can selectively reveal consolidated data from a blockchain application. Our constructions are meant to be compliant with the fundamental requirements of BT, including ownership control and non-repudiation. In isolation, BT and homomorphic encryption (HE) can both suffer from performance issues. Combining the two only escalates that risk. We rely on Clifford Geometric Algebra as the single algebraic structure for introducing efficient solutions for merging BT with HE. The target application considers a trusted environment with pre-screened parties which allows us to consider cryptographic solutions based on relaxed notions of security. Along with the detailed description of our constructions, we refer to a library written in Ruby language with which we implement our ideas.
... There are very few occurrences of GA applied to cryptography, especially for the case where it is used as the main algebraic structure of cryptographic solutions. Among them, we highlight a fully homomorphic encryption scheme [26] and cloud-based homomorphic image processing framework [27], which are heavily based on GA, although the solutions are merged with other branches of mathematics [28]. A protocol for sharing secret keys, which we will discuss later in this manuscript, expands ideas originally and briefly discussed in [29]. ...
... The application of GA as an approach towards fully homomorphic encryption is introduced in [30]. Based on similar ideas, a homomorphic image processing application based on GA is demonstrated in [31]. The experimental homomorphic primitives based on multivector objects enables the construction of additional protocols such as key exchange and key update, as discussed in [29]. ...
We propose general-purpose methods for data representation and data concealment via multivector decompositions and a small subset of functions in the three dimensional Clifford geometric algebra. We demonstrate mechanisms that can be explored for purposes from plain data manipulation to homomorphic data processing with multivectors. The wide variety of algebraic representations in Clifford geometric algebra allow us to explore concepts from integer, complex, vector and matrix arithmetic within a single, compact, flexible and yet powerful algebraic structure in order to propose novel homomorphisms. Our constructions can be incorporated into existing applications as add-ons as well as used to provide standalone data-centric algorithms. We implement our representation and concealment mechanisms in the Ruby programming language to demonstrate the ideas discussed in this work.
Homomorphic encryption (HE), which enables computation on ciphertexts without any leakage, rise as a most promising solution for privacy-preserving data processing including secure machine learning and secure out-sourcing computation. Despite the extensive applicability of HE, the current constructions are sometimes considered as impractical due to its inefficiency. In this work, we propose improvements on the linear transformation in bootstrapping, a technique allowing the infinite number of operation for HE, and homomorphic discrete Fourier transformation (DFT) using batch homomorphic encryption. We observe that the multiplication of a sparse diagonal matrix and a ciphertext of a vector can be done within O(1) homomorphic computations. This observation induces the faster algorithm for linear transformation in bootstrapping and homomorphic DFT. To achieve this, we use Cooley-Tukey matrix factorization and construct a new recursive factorization of the linear transformation in bootstrapping. Our method with radix r only requires O(r logr n) constant vector multiplication and O( √r logr n) rotations by consuming O(logr n) depth when the input vector size is n. The previous method used in HEAAN library, a library that implements a homomorphic encryption for approximate computation, requires O(n) and O(√ n) respectively. To show the performance improvement, we implement our method on top of HEAAN library. Our implementation, along with further few techniques, of these algorithms show the significant improvements compared to the previous algorithm. New homomorphic DFT with length 214 only takes about 8 seconds which is about 150 times faster result than the previous method. Furthermore, the bootstrapping takes about 2 minutes for C32768 plaintext space with 8 bit precision, which takes 26 hours with same bit precision using the previous method.
Legacy encryption systems depend on sharing a key (public or private) among the peers involved in exchanging an encrypted message. However, this approach poses privacy concerns. The users or service providers with the key have exclusive rights on the data. Especially with popular cloud services, the control over the privacy of the sensitive data is lost. Even when the keys are not shared, the encrypted material is shared with a third party that does not necessarily need to access the content. Indeed, Homomorphic Encryption (HE), a special kind of encryption scheme, can address these concerns as it allows any third party to operate on the encrypted data without decrypting it in advance. Although this extremely useful feature of the HE scheme has been known for over 30 years, the first plausible and achievableFully Homomorphic Encryption (FHE) scheme, which allows any computable function to perform on the encrypted data, was introduced by Craig Gentry in 2009. Even though this was a major achievement, different implementations so far demonstrated that FHE still needs to be improved significantly to be practical on every platform. Therefore, this survey focuses on HE and FHE schemes. First, we present the basics of HE and the details of the well-known Partially Homomorphic Encryption (PHE) and Somewhat Homomorphic Encryption (SWHE), which are important pillars of achieving FHE. Then, the main FHE families, which have become the base for the other follow-up FHE schemes are presented.Furthermore, the implementations and new improvements in Gentry-type FHE schemes are also surveyed. Finally, further research directions are discussed. We believe this survey can give a clear knowledge and foundation to researchers and practitioners interested in knowing, applying, as well as extending the state of the art HE, PHE, SWHE, and FHE systems.
As is well known, the common elementary functions defined over the real numbers can be generalized to act not only over the complex number field but also over the skew (non-commuting) field of the quaternions. In this paper, we detail a number of elementary functions extended to act over the skew field of Clifford multivectors, in both two and three dimensions. Complex numbers, quaternions and Cartesian vectors can be described by the various components within a Clifford multivector and from our results we are able to demonstrate new inter-relationships between these algebraic systems. One key relationship that we discover is that a complex number raised to a vector power produces a quaternion thus combining these systems within a single equation. We also find a single formula that produces the square root, amplitude and inverse of a multivector over one, two and three dimensions. Finally, comparing the functions over different dimension we observe that provides a particularly versatile algebraic framework.
Recent years have seen increasing popularity of storing and managing personal multimedia data using online services. Preserving confidentiality of online personal data while offering efficient functionalities thus becomes an important and pressing research issue. In this paper, we study the problem of content-based search of image data archived online while preserving content confidentiality. The problem has different settings from those typically considered in the secure computation literature, as it deals with data in rank-ordered search, and has a different security-efficiency requirement. Secure computation techniques, such as homomorphic encryption, can potentially be used in this application, at a cost of high computational and communication complexity. Alternatively, efficient techniques based on randomizing visual feature and search indexes have been proposed recently to enable similarity comparison between encrypted images. This paper focuses on comparing these two major paradigms of techniques, namely, homomorphic encryption-based techniques and feature/index randomization-based techniques, for confidentiality-preserving image search. We develop novel and systematic metrics to quantitatively evaluate security strength in this unique type of data and applications. We compare these two paradigms of techniques in terms of their search performance, security strength, and computational efficiency. The insights obtained through this paper and comparison will help design practical algorithms appropriate for privacy-aware cloud multimedia systems.
1 / Geometric Algebra.- 1-1. Axioms, Definitions and Identities.- 1-2. Vector Spaces, Pseudoscalars and Projections.- 1-3. Frames and Matrices.- 1-4. Alternating Forms and Determinants.- 1-5. Geometric Algebras of PseudoEuclidean Spaces.- 2 / Differentiation.- 2-1. Differentiation by Vectors.- 2-2. Multivector Derivative, Differential and Adjoints.- 2-3. Factorization and Simplicial Derivatives.- 3 / Linear and Multilinear Functions.- 3-1. Linear Transformations and Outermorphisms.- 3-2. Characteristic Multivectors and the Cayley-Hamilton Theorem.- 3-3. Eigenblades and Invariant Spaces.- 3-4. Symmetric and Skew-symmetric Transformations.- 3-5. Normal and Orthogonal Transformations.- 3-6. Canonical Forms for General Linear Transformations.- 3-7. Metric Tensors and Isometries.- 3-8. Isometries and Spinors of PseudoEuclidean Spaces.- 3-9. Linear Multivector Functions.- 3-10. Tensors.- 4 / Calculus on Vector Manifolds.- 4-1. Vector Manifolds.- 4-2. Projection, Shape and Curl.- 4-3. Intrinsic Derivatives and Lie Brackets.- 4-4. Curl and Pseudoscalar.- 4-5. Transformations of Vector Manifolds.- 4-6. Computation of Induced Transformations.- 4-7. Complex Numbers and Conformal Transformations.- 5 / Differential Geometry of Vector Manifolds.- 5-1. Curl and Curvature.- 5-2. Hypersurfaces in Euclidean Space.- 5-3. Related Geometries.- 5-4. Parallelism and Projectively Related Geometries.- 5-5. Conformally Related Geometries.- 5-6. Induced Geometries.- 6 / The Method of Mobiles.- 6-1. Frames and Coordinates.- 6-2. Mobiles and Curvature 230.- 6-3. Curves and Comoving Frames.- 6-4. The Calculus of Differential Forms.- 7 / Directed Integration Theory.- 7-1. Directed Integrals.- 7-2. Derivatives from Integrals.- 7-3. The Fundamental Theorem of Calculus.- 7-4. Antiderivatives, Analytic Functions and Complex Variables.- 7-5. Changing Integration Variables.- 7-6. Inverse and Implicit Functions.- 7-7. Winding Numbers.- 7-8. The Gauss-Bonnet Theorem.- 8 / Lie Groups and Lie Algebras.- 8-1. General Theory.- 8-2. Computation.- 8-3. Classification.- References.
Since the introduction of the notion of privacy homomorphism by Rivest et al. in the late 1970s, the design of efficient and secure encryption schemes allowing the performance of general computations in the encrypted domain has been one of the holy grails of the cryptographic community. Despite numerous partial answers, the problem of designing such a powerful primitive has remained open until the theoretical breakthrough of the fully homomorphic encryption (FHE) scheme published by Gentry in the late 2000s. Since then, progress has been fast-paced, and it can now be reasonably said that practical homomorphic encryption-based computing will become a reality in the near future.
This paper concerns the quantization of a rigid body in the framework of 'covariant quantum mechanics' on a curved spacetime with absolute time. We consider the configuration space of n classical particles as the n-fold product of the configuration space of one particle. Then, we impose a rigid constraint and the resulting space is dealt with as a configuration space of a single abstract 'particle'. This classical framework turns out to be suitable for the formulation of covariant quantum mechanics according to this scheme. Thus, we quantize such a 'particle' accordingly. This scheme can model, e.g., the quantum dynamics of extremely cold molecules. We provide a new mathematical interpretation of two-valued wavefunctions on SO(3) in terms of single-valued sections of a new non-trivial quantum bundle. These results have clear analogies with spin.
MAGMA is a new software system for computational algebra, number theory and geometry whose design is centred on the concept of algebraic structure (magma). The use of algebraic structure as a design paradigm provides a natural strong typing mechanism. Further, structures and their morphisms appear in the language as first class objects. Standard mathematical notions are used for the basic data types. The result is a powerful, clean language which deals with objects in a mathematically rigorous manner. The conceptual and implementation ideas behind MAGMA will be examined in this paper. This conceptual base differs significantly from those underlying other computer algebra systems.
We describe two improvements to Gentry’s fully homomorphic scheme based on ideal lattices and its analysis: we provide a more
aggressive analysis of one of the hardness assumptions (the one related to the Sparse Subset Sum Problem) and we introduce
a probabilistic decryption algorithm that can be implemented with an algebraic circuit of low multiplicative degree. Combined
together, these improvements lead to a faster fully homomorphic scheme, with a Õ(λ
3.5) bit complexity per elementary binary add/mult gate, where λ is the security parameter. These improvements also apply to the fully homomorphic schemes of Smart and Vercauteren [PKC’2010]
and van Dijk et al. [Eurocrypt’2010].
Keywordsfully homomorphic encryption-ideal lattices-SSSP
This paper proposes an encryption scheme and exploits a new additive homomorphism based on Elliptic Curve ElGamal (EC-ElGamal) for sharing secret images over unsecured channel. The proposed scheme enables shorter key comparing with those schemes based on RSA or ElGamal which achieve the same security level. It has a lower computation overhead in image decryption in contrast with the method using other additively homomorphic property in EC-ElGamal. Elliptic curve parameters are selected to resist the Pohlig–Hellman, Pollard's-rho, and Isomorphism attacks. Experimental results and analysis show that the proposed method has superior performance to RSA and ElGamal.
B-series are a fundamental tool in practical and theoretical aspects of numerical integrators for ordinary differential equations. A composition law for B-series permits an elegant derivation of order conditions, and a substitution law gives much insight into modified differential equations of backward error analysis. These two laws give rise to algebraic structures (groups and Hopf algebras of trees) that have recently received much attention also in the non-numerical literature. This article emphasizes these algebraic structures and presents interesting relationships among them.
Homomorphic Encryption provides one of the most promising means to delegate computation to the cloud while retaining data confidentiality. We present a plaintext recovery attack against fully homomorphic schemes which have a polynomial time distinguisher for a given fixed plaintext, and rely on the capability of homomorphically compare a pair of encrypted integer values. We improve by a constant factor the computational complexity of an exhaustive search strategy, which is linear in the recovered plaintext value, and show that it significantly increases the number of recoverable plaintexts. We successfully validate our attack against two noise-free fully homomorphic encryption schemes, which fulfill the mentioned requisite and were claimed to be secure against plaintext recovery attacks.
Millions of private images are generated in various digital devices every day. The consequent massive computational workload makes people turn to cloud computing platforms for their economical computation resources. Meanwhile, the privacy concerns over the sensitive information contained in outsourced image data arise in public. In fact, once uploaded to cloud, the security and privacy of the image content can only presume upon the reliability of the cloud service providers. Lack of assuring security and privacy guarantees becomes the main barrier to further deployment of cloud-based image processing systems. This paper studies the design targets and technical challenges lie in constructing cloud-based privacy-preserving image processing system. We explore various image processing tasks, including image feature detection, digital watermarking, content-based image search. The state-of-the-art techniques, including secure multiparty computation, and homomorphic encryption are investigated. A detailed taxonomy of the problem statement and the corresponding solutions is provided
In a homomorphic signature scheme, a user Alice signs some large dataset x using her secret signing key and uploads the signed data to an untrusted remote server. The server can then run some computation y=f(x) over the signed data and homomorphically derive a short signature σ[subscript f,y] certifying that y is the correct output of the computation f. Anybody can verify the tuple (f, y, σ[subscript f,y]) using Alice's public verification key and become convinced of this fact without having to retrieve the entire underlying data. In this work, we construct the first leveled fully homomorphic signature} schemes that can evaluate arbitrary {circuits} over signed data. Only the maximal {depth} d of the circuits needs to be fixed a-priori at setup, and the size of the evaluated signature grows polynomially in d, but is otherwise independent of the circuit size or the data size. Our solution is based on the (sub-exponential) hardness of the small integer solution (SIS) problem in standard lattices and satisfies full (adaptive) security. In the standard model, we get a scheme with large public parameters whose size exceeds the total size of a dataset. In the random-oracle model, we get a scheme with short public parameters. In both cases, the schemes can be used to sign many different datasets. The complexity of verifying a signature for a computation f is at least as large as that of computing f, but can be amortized when verifying the same computation over many different datasets. Furthermore, the signatures can be made context-hiding so as not to reveal anything about the data beyond the outcome of the computation. These results offer a significant improvement in capabilities and assumptions over the best prior homomorphic signature schemes, which were limited to evaluating polynomials of constant degree. As a building block of independent interest, we introduce a new notion called homomorphic trapdoor functions (HTDF) which conceptually unites homomorphic encryption and signatures. We construct HTDFs by relying on the techniques developed by Gentry et al. (CRYPTO '13) and Boneh et al. (EUROCRYPT '14) in the contexts of fully homomorphic and attribute-based encryptions.
This volume is an outgrowth of the 1995 Summer School on Theoretical Physics of the Canadian Association of Physicists (CAP), held in Banff, Alberta, in the Canadian Rockies, from July 30 to August 12,1995. The chapters, based on lectures given at the School, are designed to be tutorial in nature, and many include exercises to assist the learning process. Most lecturers gave three or four fifty-minute lectures aimed at relative novices in the field. More emphasis is therefore placed on pedagogy and establishing comprehension than on erudition and superior scholarship. Of course, new and exciting results are presented in applications of Clifford algebras, but in a coherent and user-friendly way to the nonspecialist. The subject area of the volume is Clifford algebra and its applications. Through the geometric language of the Clifford-algebra approach, many concepts in physics are clarified, united, and extended in new and sometimes surprising directions. In particular, the approach eliminates the formal gaps that traditionally separate clas sical, quantum, and relativistic physics. It thereby makes the study of physics more efficient and the research more penetrating, and it suggests resolutions to a major physics problem of the twentieth century, namely how to unite quantum theory and gravity. The term "geometric algebra" was used by Clifford himself, and David Hestenes has suggested its use in order to emphasize its wide applicability, and b& cause the developments by Clifford were themselves based heavily on previous work by Grassmann, Hamilton, Rodrigues, Gauss, and others.
For the medical X-ray image with low brightness, low contrast and noise, we proposed an image enhancement algorithm which based on wavelet domain homomorphic filtering and contrast limited adaptive histogram equalization (CLAHE). Firstly, the image is decomposed by wavelet transformation, the image is decomposed into low-frequency and high-frequency coefficients of 1st layer of wavelet domain. Then the low frequency coefficients are processed by an improved homomorphic filter, and then linear amplified. The high frequency coefficients are processed by wavelet threshold shrinkage, and then the wavelet reconstruction is performed. Finally, the contrast limited adaptive histogram equalization (CLAHE) is used to modify the image's histogram, and the processing of the image is completed. The quality of image enhancement is carried on the subjective and objective evaluation, and compared with some other enhancement algorithms. Experimental results show that the algorithm can effectively enhance the texture detail of medical X-ray images, increasing the brightness and contrast, suppress noise, better than the general traditional enhancement algorithms.
With the wide adoption of cloud computing paradigm, it is important to develop appropriate techniques to protect client data privacy in the cloud. Encryption is one of the major techniques that could be used to achieve this goal. However, data encryption at the rest alone is insufficient for secure cloud computation environments. There is also the need for efficient techniques to carry out computation over encrypted data. Fully homomorphic encryption (FHE) and garbled circuits are naturally used to process encrypted data without leaking any information about the data. However, existing FHE schemes are inefficient for processing large amount of data in cloud and garbled circuits are one time programs and cannot be reused. Based on quaternion/octonion algebra and Jordan algebra over finite rings , this paper designs efficient fully homomorphic symmetric key encryption (FHE) schemes without bootstrapping (that is, noise-free FHE schemes) that are secure in the weak ciphertext-only security model assuming the hardness of solving multivariate quadratic equation systems and solving univariate high degree polynomial equation systems in . The FHE scheme designed in this paper is sufficient for privacy preserving computation in cloud.
In a homomorphic signature scheme, a user Alice signs some large dataset x using her secret signing key and uploads the signed data to an untrusted remote server. The server can then run some computation y=f(x) over the signed data and homomorphically derive a short signature σf,y certifying that y is the correct output of the computation f. Anybody can verify the tuple (f, y, σf,y) using Alice's public verification key and become convinced of this fact without having to retrieve the entire underlying data. In this work, we construct the first leveled fully homomorphic signature} schemes that can evaluate arbitrary {circuits} over signed data. Only the maximal {depth} d of the circuits needs to be fixed a-priori at setup, and the size of the evaluated signature grows polynomially in d, but is otherwise independent of the circuit size or the data size. Our solution is based on the (sub-exponential) hardness of the small integer solution (SIS) problem in standard lattices and satisfies full (adaptive) security. In the standard model, we get a scheme with large public parameters whose size exceeds the total size of a dataset. In the random-oracle model, we get a scheme with short public parameters. In both cases, the schemes can be used to sign many different datasets. The complexity of verifying a signature for a computation f is at least as large as that of computing f, but can be amortized when verifying the same computation over many different datasets. Furthermore, the signatures can be made context-hiding so as not to reveal anything about the data beyond the outcome of the computation.
These results offer a significant improvement in capabilities and assumptions over the best prior homomorphic signature schemes, which were limited to evaluating polynomials of constant degree.
As a building block of independent interest, we introduce a new notion called homomorphic trapdoor functions (HTDF) which conceptually unites homomorphic encryption and signatures. We construct HTDFs by relying on the techniques developed by Gentry et al. (CRYPTO '13) and Boneh et al. (EUROCRYPT '14) in the contexts of fully homomorphic and attribute-based encryptions.
We describe a comparatively simple fully homomorphic encryption (FHE) scheme based on the learning with errors (LWE) problem. In previous LWE-based FHE schemes, multiplication is a complicated and expensive step involving “relinearization”. In this work, we propose a new technique for building FHE schemes that we call the approximate eigenvector method. In our scheme, for the most part, homomorphic addition and multiplication are just matrix addition and multiplication. This makes our scheme both asymptotically faster and (we believe) easier to understand.
In previous schemes, the homomorphic evaluator needs to obtain the user’s “evaluation key”, which consists of a chain of encrypted secret keys. Our scheme has no evaluation key. The evaluator can do homomorphic operations without knowing the user’s public key at all, except for some basic parameters. This fact helps us construct the first identity-based FHE scheme. Using similar techniques, we show how to compile a recent attribute-based encryption scheme for circuits by Gorbunov et al. into an attribute-based FHE scheme that permits data encrypted under the same index to be processed homomorphically.
Figure 1 shows an example of visual transparency. The image could arise from a number of different physical causes. For example, a square of tissue paper could be in front of a dark grey circle; or a circular shadow could be cast on a plane containing a light grey square; or a dark circular filter could be lying on top of a light grey square. Although the physics is uncertain, one can perceive the image as a combination of two more primitive images. Figure 1 We use the term "transparency" to cover the general case of such image combination, including what would be called "translucency" in ordinary language. Many physical phenomena can produce transparency. For example, dark filters, specular reflections, puffs of smoke, gauze curtains, and cast shadows, all combine with patterns behind them in a transparent manner. When an image has been formed by the combination of two primitive images, then it is usually more parsimonious to describe the image in terms of that combination; thus it is advantageous for a visual system to parse the image into the primitive images along with a combination rule. This parsimony does not depend on assigning a unique physical interpretation to the primitive images; figure 1 can be parsed into a circle and a square, even in the absence of a decision about the underlying physics.
A historical review of spinors is given together with a construction of spinor spaces as minimal left ideals of Clifford algebras. Spinor spaces of euclidean spaces over reals have a natural linear structure over reals, complex numbers or quaternions. Clifford algebras have involutions which induce bilinear forms or scalar products on spinor spaces. The automorphism groups of these scalar products of spinors are determined and also classified.
We present a new tensoring technique for LWE-based fully homomorphic encryption. While in all previous works, the ciphertext noise grows quadratically (B → B
2·poly(n)) with every multiplication (before “refreshing”), our noise only grows linearly (B → B·poly(n)).
We use this technique to construct a scale-invariant fully homomorphic encryption scheme, whose properties only depend on the ratio between the modulus q and the initial noise level B, and not on their absolute values.
Our scheme has a number of advantages over previous candidates: It uses the same modulus throughout the evaluation process (no need for “modulus switching”), and this modulus can take arbitrary form. In addition, security can be classically reduced from the worst-case hardness of the GapSVP problem (with quasi-polynomial approximation factor), whereas previous constructions could only exhibit a quantum reduction from GapSVP.
We show that an encryption scheme cannot have a simple decryption function and be homomorphic at the same time, even with added noise. Specifically, if a scheme can homomorphically evaluate the majority function, then its decryption cannot be weakly-learnable (in particular, linear), even if the probability of decryption error is high. (In contrast, without homomorphism, such schemes do exist and are presumed secure, e.g. based on LPN.)
An immediate corollary is that known schemes that are based on the hardness of decoding in the presence of low hamming-weight noise cannot be fully homomorphic. This applies to known schemes such as LPN-based symmetric or public key encryption.
Using these techniques, we show that the recent candidate fully homomorphic encryption, suggested by Bogdanov and Lee (ePrint ’11, henceforth BL), is insecure. In fact, we show two attacks on the BL scheme: One that uses homomorphism, and another that directly attacks a component of the scheme.
We show that (leveled) fully homomorphic encryption (FHE) can be based on the hardness of O(n1.5+ε)-approximation for lattice problems (such as GapSVP) under quantum reductions for any ε 〉 0 (or O(n2+ε)-approximation under classical reductions). This matches the best known hardness for "regular" (non-homomorphic) lattice based public-key encryption up to the ε factor. A number of previous methods had hit a roadblock at quasipolynomial approximation. (As usual, a circular security assumption can be used to achieve a non-leveled FHE scheme.)
Our approach consists of three main ideas: Noise-bounded sequential evaluation of high fan-in operations; Circuit sequentialization using Barrington's Theorem; and finally, successive dimension-modulus reduction.
In a finite-segment p-adic number system one of the difficult problems is concerned with converting Hensel codes back into rational numbers. An algorithm for this conversion is proposed which is based on a sophisticated table look-up procedure.
A finite number system for doing exact computer arithmetic, due to Krishnamurthy, Rao, and Subramanian, is described. For each rational numbera/b, with |a| and |b| suitably bounded, the firstr digits of the (infinite)p-adic expansion ofa/b are used as a coded representation fora/b (the Hensel code). Arithmetic operations on the Hensel codes produce Hensel codes for the exact results of the arithmetic operations.
In this book, Professor Lounesto offers a unique introduction to Clifford algebras and spinors. The initial chapters could be read by undergraduates; vectors, complex numbers and quaternions are introduced with an eye on Clifford algebras. The next chapters will also interest physicists, and include treatments of the quantum mechanics of the electron, electromagnetism and special relativity with a flavour of Clifford algebras. This book also gives the first comprehensive survey of recent research on Clifford algebras. A new classification of spinors is introduced, based on bilinear covariants of physical observables. This reveals a new class of spinors, residing between the Weyl, Majorana and Dirac spinors. Scalar products of spinors are classified by involutory anti-automorphisms of Clifford algebras. This leads to the chessboard of automorphism groups of scalar products of spinors. On the analytic side, Brauer-Wall groups and Witt rings are discussed, and Caucy's integral formula is generalized to higher dimensions.
Recently, a new image hiding method based on optical interference was proposed. The image is hidden in two pure phase masks. However, the silhouette of the encrypted image can be obtained by using just one of these two masks, which reduces the secrecy of the algorithm. A method for secrecy enhancement based on exchanging the same parts of two masks is proposed. This method can effectively remove the silhouette of the encrypted image constructed using just one mask. Simulations are carried out to demonstrate the validity of this method.
Let f(n) denote the number of factorizations of the natural number n into factors larger than 1 where the order of the factors does not count. We say n is “highly factorable” if f(m)<f(n) for all m < n. We prove that f(n)=n·L(n)−1+0(1) for n highly factorable, where . This result corrects the 1926 paper of Oppenheim where it is asserted that f(n)=n·L(n)−2+0(1). Some results on the multiplicative structure of highly factorable numbers are proved and a table of them up to 109 is provided. Of independent interest, a new lower bound is established for the function Ψ(x, y), the number of n≤x free of prime factors exceeding y.
We propose a fully homomorphic encryption scheme - i.e., a scheme that allows one to evaluate circuits over encrypted data without being able to decrypt. Our solution comes in three steps. First, we provide a general result - that, to construct an encryption scheme that permits evaluation of arbitrary circuits, it suffices to construct an encryption scheme that can evaluate (slightly augmented versions of) its own decryption circuit; we call a scheme that can evaluate its (augmented) decryption circuit bootstrappable. Next, we describe a public key encryption scheme using ideal lattices that is almost bootstrappable. Lattice-based cryptosystems typically have decryption algorithms with low circuit complexity, often dominated by an inner product computation that is in NC1. Also, ideal lattices provide both additive and multiplicative homomorphisms (modulo a public-key ideal in a polynomial ring that is represented as a lattice), as needed to evaluate general circuits. Unfortunately, our initial scheme is not quite bootstrap- pable - i.e., the depth that the scheme can correctly evalu- ate can be logarithmic in the lattice dimension, just like the depth of the decryption circuit, but the latter is greater than the former. In the final step, we show how to modify the scheme to reduce the depth of the decryption circuit, and thereby obtain a bootstrappable encryption scheme, with- out reducing the depth that the scheme can evaluate. Ab- stractly, we accomplish this by enabling the encrypter to start the decryption process, leaving less work for the de- crypter, much like the server leaves less work for the de- crypter in a server-aided cryptosystem. Categories and Subject Descriptors: E.3 (Data En-
Our main result is a reduction from worst-case lattice problems such as GapSVP and SIVP to a certain learning problem. This learning problem is a natural extension of the “learning from parity with error” problem to higher moduli. It can also be viewed as the problem of decoding from a random linear code. This, we believe, gives a strong indication that these problems are hard. Our reduction, however, is quantum. Hence, an efficient solution to the learning problem implies a quantum algorithm for GapSVP and SIVP. A main open question is whether this reduction can be made classical (i.e., nonquantum).
We also present a (classical) public-key cryptosystem whose security is based on the hardness of the learning problem. By the main result, its security is also based on the worst-case quantum hardness of GapSVP and SIVP. The new cryptosystem is much more efficient than previous lattice-based cryptosystems: the public key is of size Õ( n ² ) and encrypting a message increases its size by a factor of Õ( n ) (in previous cryptosystems these values are Õ( n ⁴ ) and Õ( n ² ), respectively). In fact, under the assumption that all parties share a random bit string of length Õ( n ² ), the size of the public key can be reduced to Õ( n ).
The “learning with errors” (LWE) problem is to distinguish random linear equations, which have been perturbed by a small amount of noise, from truly uniform ones. The problem has been shown to be as hard as worst-case lattice problems, and in recent years it has served as the foundation for a plethora of cryptographic applications. Unfortunately, these applications are rather inefficient due to an inherent quadratic overhead in the use of LWE. A main open question was whether LWE and its applications could be made truly efficient by exploiting extra algebraic structure, as was done for lattice-based hash functions (and related primitives).
We resolve this question in the affirmative by introducing an algebraic variant of LWE called ring-LWE, and proving that it too enjoys very strong hardness guarantees. Specifically, we show that the ring-LWE distribution is pseudorandom, assuming that worst-case problems on ideal lattices are hard for polynomial-time quantum algorithms. Applications include the first truly practical lattice-based public-key cryptosystem with an efficient security reduction; moreover, many of the other applications of LWE can be made much more efficient through the use of ring-LWE. Finally, the algebraic structure of ring-LWE might lead to new cryptographic applications previously not known to be based on LWE.
Our main result is a reduction from worst-case lattice problems such as SVP and SIVP to a certain learning problem. This learning problem is a natural extension of the 'learning from parity with error' problem to higher moduli. It can also be viewed as the problem of decoding from a random linear code. This, we believe, gives a strong indication that these problems are hard. Our reduction, however, is quantum. Hence, an efficient solution to the learning problem implies a quantum algorithm for SVP and SIVP. A main open question is whether this reduction can be made classical.Using the main result, we obtain a public-key cryptosystem whose hardness is based on the worst-case quantum hardness of SVP and SIVP. Previous lattice-based public-key cryptosystems such as the one by Ajtai and Dwork were only based on unique-SVP, a special case of SVP. The new cryptosystem is much more efficient than previous cryptosystems: the public key is of size Õ(n2) and encrypting a message increases its size by Õ(n)(in previous cryptosystems these values are Õ(n4) and Õ(n2), respectively). In fact, under the assumption that all parties share a random bit string of length Õ(n2), the size of the public key can be reduced to Õ(n).
We construct a simple fully homomorphic encryption scheme, using only elementary modular arithmetic. We use Gentry’s technique to construct a fully homomorphic scheme from a “bootstrappable” somewhat homomorphic scheme. However, instead of using ideal lattices over a polynomial ring, our bootstrappable encryption scheme merely uses addition and multiplication over the integers. The main appeal of our scheme is the conceptual simplicity.
We reduce the security of our scheme to finding an approximate integer gcd – i.e., given a list of integers that are near-multiples of a hidden integer, output that hidden integer. We investigate the hardness of this task, building on earlier work of Howgrave-Graham.
We present a novel approach to fully homomorphic encryption (FHE) that dramatically improves performance and bases security on weaker assumptions. A central conceptual contribution in our work is a new way of constructing leveled, fully homomorphic encryption schemes (capable of evaluating arbitrary polynomial-size circuits of a-priori bounded depth), without Gentry’s bootstrapping procedure.
Specifically, we offer a choice of FHE schemes based on the learning with error (LWE) or Ring LWE (RLWE) problems that have 2 λ security against known attacks. We construct the following.
(1) A leveled FHE scheme that can evaluate depth-L arithmetic circuits (composed of fan-in 2 gates) using O(λ. L3) per-gate computation, quasilinear in the security parameter. Security is based on RLWE for an approximation factor exponential in L. This construction does not use the bootstrapping procedure.
(2) A leveled FHE scheme that can evaluate depth-L arithmetic circuits (composed of fan-in 2 gates) using O(λ2) per-gate computation, which is independent of L. Security is based on RLWE for quasipolynomial factors. This construction uses bootstrapping as an optimization.
We obtain similar results for LWE, but with worse performance. All previous (leveled) FHE schemes required a per-gate computation of Ω(λ3.5), and all of them relied on subexponential hardness assumptions.
We introduce a number of further optimizations to our scheme based on the Ring LWE assumption. As an example, for circuits of large width (e.g., where a constant fraction of levels have width Ω(λ)), we can reduce the per-gate computation of the bootstrapped version to O(λ), independent of L, by batching the bootstrapping operation. At the core of our construction is a new approach for managing the noise in lattice-based ciphertexts, significantly extending the techniques of Brakerski and Vaikuntanathan [2011b].
Since 1992, the U.S. Food and Drug Administration (FDA) has received reports of radiation-induced injuries to the skin in patients who had undergone fluoroscopically guided interventional procedures. The reports were investigated to determine the procedure- or equipment-related factors that may have contributed to the injury. The injuries ranged in severity from erythema to moist desquamation to tissue necrosis that required skin grafting. They occurred after a variety of interventional procedures that required extended periods of fluoroscopy compared with those of typical diagnostic procedures. Medical facilities and physicians should be aware of the magnitude of radiation doses to the skin that can result from the long exposure times required by complex interventional procedures. The FDA recommends several steps for reducing these injuries, including establishing protocols for each procedure, determining radiation dose rates for specific fluoroscopy systems and operating modes, and monitoring cumulative absorbed doses to areas of the skin.
Protecting images with an image watermark
- G W Braudaway
- F C Mintzer
G. W. Braudaway and F. C. Mintzer, "Protecting images with an
image watermark," Oct. 20 1998, uS Patent 5,825,892.
Notes on two fully homomorphic encryption schemes without bootstrapping
- Y Wang
Y. Wang, "Notes on two fully homomorphic encryption schemes
without bootstrapping." IACR Cryptology ePrint Archive, vol. 2015,
p. 519, 2015.
Encyclopedia of cryptography and security
- H C V Tilborg
- S Jajodia
- V S Vladimirov
- I V Volovich
- E I Zelenov
V. S. Vladimirov, I. V. Volovich, and E. I. Zelenov, p-adic Analysis
and Mathematical Physics. World Scientific, 1994.