No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
A New Approach Towards Fully Homomorphic Encryption Over Geometric Algebra
... When computations on the encrypted data are required, access control mechanisms are not enough. From the perspective of the client, Fully Homomorphic Encryption algorithms (FHE) [9][10][11][12] and Attribute-based Encryption algorithms (ABE) [13][14][15] have great application potential in cloud secure computation outsourcing, but their high computational complexities limit their practical applications, especially for resource-constrained devices. In addition, there are a large number of researches on the secure outsourcing algorithms for commonly-used and complex scientific computations (e.g., modular exponentiation [16,17], extended Euclidean [18], bilinear pairings [19][20][21], polynomial multiplication [22]). ...
... The complexity of the third attack is much greater than others. In order to pass all the verification, before attacking, the attacker has to make (n!) 4 brute-force guesses to get the 4n positions that the client verifies in Y 1 and Y 3 (lines [6][7][8][9][10][11][12][13][14][15][16][17]. Then, the cloud constructs two forged matrices Y 1 and Y 3 . ...
Computing the determinant of large matrix is a time-consuming task, which is appearing more and more widely in science and engineering problems in the era of big data. Fortunately, cloud computing can provide large storage and computation resources, and thus, act as an ideal platform to complete computation outsourced from resource-constrained devices. However, cloud computing also causes security issues. For example, the curious cloud may spy on user privacy through outsourced data. The malicious cloud violating computing scripts, as well as cloud hardware failure, will lead to incorrect results. Therefore, we propose a secure outsourcing algorithm to compute the determinant of large matrix under the malicious cloud mode in this paper. The algorithm protects the privacy of the original matrix by applying row/column permutation and other transformations to the matrix. To resist malicious cheating on the computation tasks, a new verification method is utilized in our algorithm. Unlike previous algorithms that require multiple rounds of verification, our verification requires only one round without trading off the cheating detectability, which greatly reduces the local computation burden. Both theoretical and experimental analysis demonstrate that our algorithm achieves a better efficiency on local users than previous ones on various dimensions of matrices, without sacrificing the security requirements in terms of privacy protection and cheating detectability.
... Since 1987, Goldreich and others have conducted in-depth research on MPC [2][3]. The research problems mainly include the following aspects: the Millionaire problem [1,[4][5][6][7], confidential computational geometry problem [8][9][10], confidential data mining problem [11][12][13], confidential statistical analysis [14][15], confidential set relationship judgment [16][17], etc. The models of MPC computing include semi-honest model and malicious model. ...
With the rapid development of the Internet and information technology, the problem of zero-trust networks has become increasingly prominent, and secure multi-party computation has become a research hotspot to solve the problem of zero-trust networks. The secure judgment of point and line relationship is an important research branch of secure computing set geometry. However, most of resent secure computing protocols of point and line relationship are designed in the semi-honest model and cannot resist malicious attacks. Therefore, this paper analyzes the possible malicious adversary behaviors and designs a secure protocol in the malicious model. In this paper, the Paillier cryptosystem, zero- knowledge proof, and cut-choose method are used to resist malicious behavior, and the real/ideal model paradigm method is used to prove the security of the protocol. Compared with the existing solutions, the malicious model protocol is still efficient and widely used in real applications.
... To the best of our knowledge, there are currently very few cryptographicrelated constructions explicitly based on GA. We highlight a fully homomorphic encryption (FHE) scheme [36] that combines GA with number theoretic functions [37], and a somewhat homomorphic encryption (SWHE) scheme that yields a GA-based framework for image processing [38]. The closest construction to the key update we propose in this work, a rather limited version of it, was discussed in [39]. ...
In this work, we aim to address the challenge of expanding Blockchain Technologies (BT) by implementing a somewhat homomorphic encryption scheme that not only enables computation on encrypted data but also yields a key update protocol with which one can selectively reveal consolidated data from a blockchain application. Our constructions are meant to be compliant with the fundamental requirements of BT, including ownership control and non-repudiation. In isolation, BT and homomorphic encryption (HE) can both suffer from performance issues. Combining the two only escalates that risk. We rely on Clifford Geometric Algebra as the single algebraic structure for introducing efficient solutions for merging BT with HE. The target application considers a trusted environment with pre-screened parties which allows us to consider cryptographic solutions based on relaxed notions of security. Along with the detailed description of our constructions, we refer to a library written in Ruby language with which we implement our ideas.
... There are very few occurrences of GA applied to cryptography, especially for the case where it is used as the main algebraic structure of cryptographic solutions. Among them, we highlight a fully homomorphic encryption scheme [26] and cloud-based homomorphic image processing framework [27], which are heavily based on GA, although the solutions are merged with other branches of mathematics [28]. A protocol for sharing secret keys, which we will discuss later in this manuscript, expands ideas originally and briefly discussed in [29]. ...
... Majumdar [21] also explored GA for data encoding using sub-symbolic codes in order to provide new methods for searching, indexing, clustering, translations and other data transformations. The application of GA as an approach towards fully homomorphic encryption is introduced in [30]. Based on similar ideas, a homomorphic image processing application based on GA is demonstrated in [31]. ...
We propose general-purpose methods for data representation and data concealment via multivector decompositions and a small subset of functions in the three dimensional Clifford geometric algebra. We demonstrate mechanisms that can be explored for purposes from plain data manipulation to homomorphic data processing with multivectors. The wide variety of algebraic representations in Clifford geometric algebra allow us to explore concepts from integer, complex, vector and matrix arithmetic within a single, compact, flexible and yet powerful algebraic structure in order to propose novel homomorphisms. Our constructions can be incorporated into existing applications as add-ons as well as used to provide standalone data-centric algorithms. We implement our representation and concealment mechanisms in the Ruby programming language to demonstrate the ideas discussed in this work.
Among several approaches to privacy-preserving cryptographic schemes, we have concentrated on noise-free homomorphic encryption. It is a symmetric key encryption that supports homomorphic operations on encrypted data. We present a fully homomorphic encryption (FHE) scheme based on sedenion algebra over finite Zn rings. The innovation of the scheme is the compression of a 16-dimensional vector for the application of Frobenius automorphism. For sedenion, we have p16 different possibilities that create a significant bijective mapping over the chosen 16-dimensional vector that adds permutation to our scheme. The security of this scheme is based on the assumption of the hardness of solving a multivariate quadratic equation system over finite Zn rings. The scheme results in 256n multivariate polynomial equations with 256 + 16n unknown variables for n messages. For this reason, the proposed scheme serves as a security basis for potentially post-quantum cryptosystems. Moreover, after sedenion, no newly constructed algebra loses its properties. This scheme would therefore apply as a whole to the following algebras, such as 32-dimensional trigintadunion.
Data encoding is widely used for a variety of reasons. Encoding schemes in general serve to convert one form of data to another in order to enhance the efficiency of data storage, transmission, computation and privacy, to name just a few. When it comes to privacy, data may be encoded to hide its meaning from direct access or encrypted to attain a certain security level. If the encoding scheme preserves additive and multiplicative homomorphisms, then operations on encoded data may be performed without prior decoding, which improves the utility of such mechanism. We introduce a probabilistic fully homomorphic encoding scheme that is practical as a stand-alone entry-level solution to data privacy or as an added component of existing encryption schemes, especially those that are deterministic. We demonstrate how the finite segment of p-adic numbers can be explored to derive probabilistic multiple secret Hensel codes which yields multiple layers of obscurity in an efficient way. Our encoding scheme is compact, ultra lightweight and suitable for applications ranging from edge to cloud computing. Without significant changes in its mathematical foundation, as a proposed continuation of this present work, further investigation can take place in order to confirm if the same encoding scheme can be extended to be a standalone secure instance of a fully homomorphic encryption scheme.
Legacy encryption systems depend on sharing a key (public or private) among the peers involved in exchanging an encrypted message. However, this approach poses privacy concerns. The users or service providers with the key have exclusive rights on the data. Especially with popular cloud services, the control over the privacy of the sensitive data is lost. Even when the keys are not shared, the encrypted material is shared with a third party that does not necessarily need to access the content. Indeed, Homomorphic Encryption (HE), a special kind of encryption scheme, can address these concerns as it allows any third party to operate on the encrypted data without decrypting it in advance. Although this extremely useful feature of the HE scheme has been known for over 30 years, the first plausible and achievableFully Homomorphic Encryption (FHE) scheme, which allows any computable function to perform on the encrypted data, was introduced by Craig Gentry in 2009. Even though this was a major achievement, different implementations so far demonstrated that FHE still needs to be improved significantly to be practical on every platform. Therefore, this survey focuses on HE and FHE schemes. First, we present the basics of HE and the details of the well-known Partially Homomorphic Encryption (PHE) and Somewhat Homomorphic Encryption (SWHE), which are important pillars of achieving FHE. Then, the main FHE families, which have become the base for the other follow-up FHE schemes are presented.Furthermore, the implementations and new improvements in Gentry-type FHE schemes are also surveyed. Finally, further research directions are discussed. We believe this survey can give a clear knowledge and foundation to researchers and practitioners interested in knowing, applying, as well as extending the state of the art HE, PHE, SWHE, and FHE systems.
In this paper, we revisit fully homomorphic encryption (FHE) based on GSW and its ring variants. We notice that the internal product of GSW can be replaced by a simpler external product between a GSW and an LWE ciphertext.
We show that the bootstrapping scheme FHEW of Ducas and Micciancio [11] can be expressed only in terms of this external product. As a result, we obtain a speed up from less than 1 s to less than 0.1 s. We also reduce the 1 GB bootstrapping key size to 24 MB, preserving the same security levels, and we improve the noise propagation overhead by replacing exact decomposition algorithms with approximate ones.
Moreover, our external product allows to explain the unique asymmetry in the noise propagation of GSW samples and makes it possible to evaluate deterministic automata homomorphically as in [13] in an efficient way with a noise overhead only linear in the length of the tested word.
Finally, we provide an alternative practical analysis of LWE based scheme, which directly relates the security parameter to the error rate of LWE and the entropy of the LWE secret key.
Capability of operating over encrypted data makes Fully Homomorphic Encryption (FHE) the Holy Grail for secure data processing applications. Though many applications need only secret keys, FHE has not been achieved properly through symmetric cryptography. Major hurdle is the need to refresh noisy ciphertexts which essentially requires public key and bootstrapping. We introduce a refreshing procedure to make a somewhat homomorphic scheme, fully homomorphic without requiring bootstrapping. Our scheme uses symmetric keys and has performance superior to existing public-key schemes.
The fully homomorphic symmetric encryption scheme MORE encrypts
random keys by conjugation with a random invertible matrix over an RSA modulus.
We provide a known-ciphertext cryptanalysis recovering a linear dependence
among any pair of encrypted keys.
Lattice-based cryptographic primitives are believed to offer resilience against attacks by quantum computers. We demonstrate the practicality of post-quantum key exchange by constructing ciphersuites for the Transport Layer Security (TLS) protocol that provide key exchange based on the ring learning with errors (R-LWE) problem; we accompany these ciphersuites with a rigorous proof of security. Our approach ties lattice-based key exchange together with traditional authentication using RSA or elliptic curve digital signatures: the post-quantum key exchange provides forward secrecy against future quantum attackers, while authentication can be provided using RSA keys that are issued by today's commercial certificate authorities, smoothing the path to adoption. Our cryptographically secure implementation, aimed at the 128-bit security level, reveals that the performance price when switching from non-quantum-safe key exchange is not too high. With our R-LWE ciphersuites integrated into the OpenSSL library and using the Apache web server on a 2-core desktop computer, we could serve 506 RLWE-ECDSA-AES128-GCM-SHA256 HTTPS connections per second for a 10 KiB payload. Compared to elliptic curve Diffie–Hellman, this means an 8 KiB increased handshake size and a reduction in throughput of only 21%. This demonstrates that provably secure post-quantum key-exchange can already be considered practical.
In 1996, Hoffstein, Pipher and Silverman introduced an efficient lattice based encryption scheme dubbed NTRUEncrypt. Unfortunately, this scheme lacks a proof of security. However, in 2011, Stehlé and Steinfeld showed how to modify NTRUEncrypt to reduce security to standard problems in ideal lattices. In 2012, López-Alt, Tromer and Vaikuntanathan proposed a fully homomorphic scheme based on this modified system. However, to allow homomorphic operations and prove security, a non-standard assumption is required. In this paper, we show how to remove this non-standard assumption via techniques introduced by Brakerski and construct a new fully homomorphic encryption scheme from the Stehlé and Steinfeld version based on standard lattice assumptions and a circular security assumption. The scheme is scale-invariant and therefore avoids modulus switching and the size of ciphertexts is one ring element. Moreover, we present a practical variant of our scheme, which is secure under stronger assumptions, along with parameter recommendations and promising implementation results. Finally, we present an approach for encrypting larger input sizes by extending ciphertexts to several ring elements via the CRT on the message space.
Abstract Early in the development,of computer,graphics it was realized that projective geometry is suited quite well to represent points and transformations. Now, maybe another change of paradigm is lying ahead of us based on Geometric Algebra. If you already use quaternions or Lie algebra in additon to the well-known vector algebra, then you may already be familiar with some of the algebraic ideas that will be presented in this tutorial. In fact, quaternions can be represented by Geometric Algebra, next to a number of other algebras like complex numbers, dual-quaternions, Grassmann algebra and Grassmann-Cayley algebra. In this half day tutorial we will emphasize that Geometric Algebra • is a unified language for a lot of mathematical systems used in Computer Graphics,
Gentry’s bootstrapping technique is currently the only known method of obtaining a “pure” fully homomorphic encryption (FHE) schemes, and it may offers performance advantages even in cases that do not require pure FHE (e.g., when using the noise-control technique of Brakerski-Gentry-Vaikuntanathan).
The main bottleneck in bootstrapping is the need to evaluate homomorphically the reduction of one integer modulo another. This is typically done by emulating a binary modular reduction circuit, using bit operations on binary representation of integers. We present a simpler approach that bypasses the homomorphic modular-reduction bottleneck to some extent, by working with a modulus very close to a power of two. Our method is easier to describe and implement than the generic binary circuit approach, and we expect it to be faster in practice (although we did not implement it yet). In some cases it also allows us to store the encryption of the secret key as a single ciphertext, thus reducing the size of the public key.
We also show how to combine our new method with the SIMD homomorphic computation techniques of Smart-Vercauteren and Gentry-Halevi-Smart, to get a bootstrapping method that works in time quasi-linear in the security parameter. This last part requires extending the techniques from prior work to handle arithmetic not only over fields, but also over some rings. (Specifically, our method uses arithmetic modulo a power of two, rather than over characteristic-two fields.)
In the last decades the Moore-Penrose pseudoinverse has found a wide range of
applications in many areas of Science and became a useful tool for physicists
dealing, for instance, with optimization problems, with data analysis, with the
solution of linear integral equations, etc. The existence of such applications
alone should attract the interest of students and researchers in the
Moore-Penrose pseudoinverse and in related sub jects, like the singular values
decomposition theorem for matrices. In this note we present a tutorial review
of the theory of the Moore-Penrose pseudoinverse. We present the first
definitions and some motivations and, after obtaining some basic results, we
center our discussion on the Spectral Theorem and present an algorithmically
simple expression for the computation of the Moore-Penrose pseudoinverse of a
given matrix. We do not claim originality of the results. We rather intend to
present a complete and self-contained tutorial review, useful for those more
devoted to applications, for those more theoretically oriented and for those
who already have some working knowledge of the sub ject.
The role of dopamine in monitoring negative action outcomes and feedback-based learning was tested in a neuroimaging study in humans grouped according to the dopamine D2 receptor gene polymorphism DRD2-TAQ-IA. In a probabilistic learning task, A1-allele carriers with reduced dopamine D2 receptor densities learned to avoid actions with negative consequences less efficiently. Their posterior medial frontal cortex (pMFC), involved in feedback monitoring, responded less to negative feedback than others' did. Dynamically changing interactions between pMFC and hippocampus found to underlie feedback-based learning were reduced in A1-allele carriers. This demonstrates that learning from errors requires dopaminergic signaling. Dopamine D2 receptor reduction seems to decrease sensitivity to negative action consequences, which may explain an increased risk of developing addictive behaviors in A1-allele carriers.
this paper we describe a heuristic method for obtaining linear dependencies among the rows of such matrices. In addition, we present data from experimental runs with randomly generated square matrices of size 50,000 and 100,000.
Homomorphic Encryption provides one of the most promising means to delegate computation to the cloud while retaining data confidentiality. We present a plaintext recovery attack against fully homomorphic schemes which have a polynomial time distinguisher for a given fixed plaintext, and rely on the capability of homomorphically compare a pair of encrypted integer values. We improve by a constant factor the computational complexity of an exhaustive search strategy, which is linear in the recovered plaintext value, and show that it significantly increases the number of recoverable plaintexts. We successfully validate our attack against two noise-free fully homomorphic encryption schemes, which fulfill the mentioned requisite and were claimed to be secure against plaintext recovery attacks.
A fully homomorphic encryption (FHE) scheme allows anyone to transform an encryption of a message, m, into an encryption of any (efficient) function of that message, f(m), without knowing the secret key. We present a leveled FHE scheme that is based solely on the (standard) learning with errors (LWE) assumption. (Leveled FHE schemes are initialized with a bound on the maximal evaluation depth. However, this restriction can be removed by assuming “weak circular security.”) Applying known results on LWE, the security of our scheme is based on the worst-case hardness of “short vector problems” on arbitrary lattices. Our construction improves on previous works in two aspects: 1. We show that “somewhat homomorphic” encryption can be based on LWE, using a new relinearization technique. In contrast, all previous schemes relied on complexity assumptions related to ideals in various rings. 2. We deviate from the “squashing paradigm” used in all previous works. We introduce a new dimension-modulus reduction technique, which shortens the ciphertexts and reduces the decryption complexity of our scheme, without introducing additional assumptions. Our scheme has very short ciphertexts, and we therefore use it to construct an asymptotically efficient LWE-based single-server private information retrieval (PIR) protocol. The communication complexity of our protocol (in the public-key model) is k·polylog(k)+log |DB| bits per single-bit query, in order to achieve security against 2k-time adversaries (based on the best known attacks against our underlying assumptions). Key words. cryptology, public-key encryption, fully homomorphic encryption, learning with errors, private information retrieval
Geometric algebra has established itself as a powerful and valuable mathematical tool for solving problems in computer science, engineering, physics, and mathematics. The articles in this volume, written by experts in various fields, reflect an interdisciplinary approach to the subject, and highlight a range of techniques and applications. Relevant ideas are introduced in a self-contained manner and only a knowledge of linear algebra and calculus is assumed. Features and Topics: * The mathematical foundations of geometric algebra are explored * Applications in computational geometry include models of reflection and ray-tracing and a new and concise characterization of the crystallographic groups * Applications in engineering include robotics, image geometry, control-pose estimation, inverse kinematics and dynamics, control and visual navigation * Applications in physics include rigid-body dynamics, elasticity, and electromagnetism * Chapters dedicated to quantum information theory dealing with multi- particle entanglement, MRI, and relativistic generalizations Practitioners, professionals, and researchers working in computer science, engineering, physics, and mathematics will find a wide range of useful applications in this state-of-the-art survey and reference book. Additionally, advanced graduate students interested in geometric algebra will find the most current applications and methods discussed.
With the wide adoption of cloud computing paradigm, it is important to develop appropriate techniques to protect client data privacy in the cloud. Encryption is one of the major techniques that could be used to achieve this goal. However, data encryption at the rest alone is insufficient for secure cloud computation environments. There is also the need for efficient techniques to carry out computation over encrypted data. Fully homomorphic encryption (FHE) and garbled circuits are naturally used to process encrypted data without leaking any information about the data. However, existing FHE schemes are inefficient for processing large amount of data in cloud and garbled circuits are one time programs and cannot be reused. Based on quaternion/octonion algebra and Jordan algebra over finite rings , this paper designs efficient fully homomorphic symmetric key encryption (FHE) schemes without bootstrapping (that is, noise-free FHE schemes) that are secure in the weak ciphertext-only security model assuming the hardness of solving multivariate quadratic equation systems and solving univariate high degree polynomial equation systems in . The FHE scheme designed in this paper is sufficient for privacy preserving computation in cloud.
Brakerski showed that linearly decryptable fully homomorphic encryption (FHE) schemes cannot be secure in the chosen plaintext attack (CPA) model. In this paper, we show that linearly decryptable FHE schemes cannot be secure even in the ciphertext only security model. Then we consider the maximum security that a linearly decryptable FHE scheme could achieve. This paper designs fully homomorphic symmetric key encryption (FHE) schemes without bootstrapping (that is, noise-free FHE schemes). The proposed FHE schemes are based on quaternion/octonion algebra and Jordan algebra over finite rings Z_n and are secure in the weak ciphertext-only security model assuming the hardness of solving multivariate quadratic equation systems and solving univariate high degree polynomial equation systems in Z_n. It is up to our knowledge that this is the first noise-free FHE scheme that has ever been designed with a security proof (even in the weak ciphertext-only security model). It is argued that the weak ciphertext-only security model is sufficient for various applications such as privacy preserving computation in cloud. As an example, the proposed FHE schemes are used to construct obfuscated programs. This example could be further used to show that the scheme presented in this paper could be combined with existing FHE schemes with bootstrapping to obtain more efficient FHE schemes with bootstrapping in the fully CPA model. At the end of the paper, we point out the insecurity of several recently proposed noise-free FHE schemes.
The main bottleneck affecting the efficiency of all known fully homomorphic encryption (FHE) schemes is Gentry’s bootstrapping procedure, which is required to refresh noisy ciphertexts and keep computing on encrypted data. Bootstrapping in the latest implementation of FHE, the HElib library of Halevi and Shoup (Crypto 2014), requires about six minutes. We present a new method to homomorphically compute simple bit operations, and refresh (bootstrap) the resulting output, which runs on a personal computer in just about half a second. We present a detailed technical analysis of the scheme (based on the worst-case hardness of standard lattice problems) and report on the performance of our prototype implementation.
Since Gentry’s breakthrough result was introduced in the year 2009, the homomorphic encryption has become a very popular topic. The main contribution of Gentry’s thesis was, that it has proven, that it actually is possible to design a fully homomorphic encryption scheme. However ground-breaking Gentry’s result was, the designs, that employ the bootstrapping technique suffer from terrible performance both in key generation and homomorphic evaluation of circuits. Some authors tried to design schemes, that could evaluate homomorphic circuits of arbitrarily many inputs without need of bootstrapping. This paper introduces notion of symmetric homomorphic encryption, analyses the security of four such proposals, published in three different papers. Our result is a known plaintext key-recovery attack on every one of these schemes.
We describe a comparatively simple fully homomorphic encryption (FHE) scheme based on the learning with errors (LWE) problem. In previous LWE-based FHE schemes, multiplication is a complicated and expensive step involving “relinearization”. In this work, we propose a new technique for building FHE schemes that we call the approximate eigenvector method. In our scheme, for the most part, homomorphic addition and multiplication are just matrix addition and multiplication. This makes our scheme both asymptotically faster and (we believe) easier to understand.
In previous schemes, the homomorphic evaluator needs to obtain the user’s “evaluation key”, which consists of a chain of encrypted secret keys. Our scheme has no evaluation key. The evaluator can do homomorphic operations without knowing the user’s public key at all, except for some basic parameters. This fact helps us construct the first identity-based FHE scheme. Using similar techniques, we show how to compile a recent attribute-based encryption scheme for circuits by Gorbunov et al. into an attribute-based FHE scheme that permits data encrypted under the same index to be processed homomorphically.
Gentry’s “bootstrapping” technique (STOC 2009) constructs a fully homomorphic encryption (FHE) scheme from a “somewhat homomorphic” one that is powerful enough to evaluate its own decryption function. To date, it remains the only known way of obtaining unbounded FHE. Unfortunately, bootstrapping is computationally very expensive, despite the great deal of effort that has been spent on improving its efficiency. The current state of the art, due to Gentry, Halevi, and Smart (PKC 2012), is able to bootstrap “packed” ciphertexts (which encrypt up to a linear number of bits) in time only quasilinear
Õ(λ) = λ · logO(1)λ in the security parameter. While this performance is asymptotically optimal up to logarithmic factors, the practical import is less clear: the procedure composes multiple layers of expensive and complex operations, to the point where it appears very difficult to implement, and its concrete runtime appears worse than those of prior methods (all of which have quadratic or larger asymptotic runtimes).
In this work we give simple, practical, and entirely algebraic algorithms for bootstrapping in quasilinear time, for both “packed” and “non-packed” ciphertexts. Our methods are easy to implement (especially in the non-packed case), and we believe that they will be substantially more efficient in practice than all prior realizations of bootstrapping. One of our main techniques is a substantial enhancement of the “ring-switching” procedure of Gentry et al. (SCN 2012), which we extend to support switching between two rings where neither is a subring of the other. Using this procedure, we give a natural method for homomorphically evaluating a broad class of structured linear transformations, including one that lets us evaluate the decryption function efficiently.
Geometric algebra provides a rich and general mathematical framework for the development of solutions, concepts and computer algorithms without losing geometric insight into the problem in question. Many current mathematical subjects can be treated in an unified manner without abandoning the mathematical system of geometric algebra, such as multilinear algebra, projective and affine geometry, calculus on manifolds, Riemann geometry, the representation of Lie algebras and Lie groups using bivector algebras, and conformal geometry.Geometric Algebra Computing in Engineering and Computer Science presents contributions from an international selection of experts in the field. This useful text/reference offers new insights and solutions for the development of theorems, algorithms and advanced methods for real-time applications across a range of disciplines. The book also provides an introduction to advanced screw theory and conformal geometry. Written in an accessible style, the discussion of all applications is enhanced by the inclusion of numerous examples, figures and experimental analysis.Topics and features:Provides a thorough discussion of several tasks for image processing, pattern recognition, computer vision, robotics and computer graphics using the geometric algebra framework.Introduces nonspecialists to screw theory in the geometric algebra framework, offering a tutorial on conformal geometric algebra and an overview of recent applications of geometric algebra. Explores new developments in the domain of Clifford Fourier Transforms and Clifford Wavelet Transform, including novel applications of Clifford Fourier transforms for 3D visualization and colour image spectral analysis. Presents a detailed study of fluid flow problems with quaternionic analysis. Examines new algorithms for geometric neural computing and cognitive systems. Analyzes computer software packages for extensive calculations in geometric algebra, investigating the algorithmic complexity of key geometric operations and how the program code can be optimized for real-time computations The book is an essential resource for computer scientists, applied physicists, AI researchers and mechanical and electrical engineers. It will also be of value to graduate students and researchers interested in a modern language for geometric computing. Prof. Dr. Eng. Eduardo Bayro-Corrochano is a Full Professor of Geometric Computing at Cinvestav, Mexico. He is the author of the Springer titles Geometric Computing for Perception Action Systems, Handbook of Geometric Computing, and Geometric Computing for Wavelet Transforms, Robot Vision, Learning, Control and Action.Prof. Dr. Gerik Scheuermann is a Full Professor at the University of Leipzig, Germany. He is the author of the Springer title Topology-Based Methods in Visualization II.
Bootstrapping is a technique, originally due to Gentry (STOC 2009), for “refreshing” ciphertexts of a somewhat homomorphic encryption scheme so that they can support further homomorphic operations. To date, bootstrapping remains the only known way of obtaining fully homomorphic encryption for arbitrary unbounded computations.
Over the past few years, several works have dramatically improved the efficiency of bootstrapping and the hardness assumptions needed to implement it. Recently, Brakerski and Vaikuntanathan (ITCS 2014) reached the major milestone of a bootstrapping algorithm based on Learning With Errors for polynomial approximation factors. Their method uses the Gentry-Sahai-Waters (GSW) cryptosystem (CRYPTO 2013) in conjunction with Barrington’s “circuit sequentialization” theorem (STOC 1986). This approach, however, results in very large polynomial runtimes and approximation factors. (The approximation factors can be improved, but at even greater costs in runtime and space.)
In this work we give a new bootstrapping algorithm whose runtime and associated approximation factor are both small polynomials. Unlike most previous methods, ours implements an elementary and efficient arithmetic procedure, thereby avoiding the inefficiencies inherent to the use of boolean circuits and Barrington’s Theorem. For 2
λ
security under conventional lattice assumptions, our method requires only a quasi-linear Õ(λ) number of homomorphic operations on GSW ciphertexts, which is optimal (up to polylogarithmic factors) for schemes that encrypt just one bit per ciphertext. As a contribution of independent interest, we also give a technically simpler variant of the GSW system and a tighter error analysis for its homomorphic operations.
We present a new tensoring technique for LWE-based fully homomorphic encryption. While in all previous works, the ciphertext noise grows quadratically (B → B
2·poly(n)) with every multiplication (before “refreshing”), our noise only grows linearly (B → B·poly(n)).
We use this technique to construct a scale-invariant fully homomorphic encryption scheme, whose properties only depend on the ratio between the modulus q and the initial noise level B, and not on their absolute values.
Our scheme has a number of advantages over previous candidates: It uses the same modulus throughout the evaluation process (no need for “modulus switching”), and this modulus can take arbitrary form. In addition, security can be classically reduced from the worst-case hardness of the GapSVP problem (with quasi-polynomial approximation factor), whereas previous constructions could only exhibit a quantum reduction from GapSVP.
We show that an encryption scheme cannot have a simple decryption function and be homomorphic at the same time, even with added noise. Specifically, if a scheme can homomorphically evaluate the majority function, then its decryption cannot be weakly-learnable (in particular, linear), even if the probability of decryption error is high. (In contrast, without homomorphism, such schemes do exist and are presumed secure, e.g. based on LPN.)
An immediate corollary is that known schemes that are based on the hardness of decoding in the presence of low hamming-weight noise cannot be fully homomorphic. This applies to known schemes such as LPN-based symmetric or public key encryption.
Using these techniques, we show that the recent candidate fully homomorphic encryption, suggested by Bogdanov and Lee (ePrint ’11, henceforth BL), is insecure. In fact, we show two attacks on the BL scheme: One that uses homomorphism, and another that directly attacks a component of the scheme.
In a finite-segment p-adic number system one of the difficult problems is concerned with converting Hensel codes back into rational numbers. An algorithm for this conversion is proposed which is based on a sophisticated table look-up procedure.
Geometric Algebra has the power to lead easily from the geometric intuition of solving an engineering application to its efficient implementation on current and future computing platforms. It is easy to develop new algorithms in areas such as computer graphics, robotics,
computer animation and computer simulation. Owing to its geometric intuitiveness, compactness and simplicity, algorithms based on Geometric Algebra can lead to enhanced quality, a reduction in development time and solutions that are more easily understandable and maintainable. Often, a clear structure and greater elegance result in lower runtime performance. However, based on our computing technology, Geometric Algebra implementations can even be faster and more robust than conventional ones.
We present an example on how easy it is to describe algorithms in Geometric Algebra and introduce our technology for the integration of Geometric Algebra into standard programming languages. We really do hope that this technology can support the widespread use of Geometric Algebra Computing technology in many engineering fields.
In a finite segment p-adic number system one of the difficult problems is concerned with converting Hensel Codes Back into rational numbers. A method for this conversion has been proposed which is based on a table lookup procedure.
Five new classes of Fibonacci-Hessenberg matrices are introduced. Further, we introduce the notion of two-dimensional Fibonacci arrays and show that three classes of previ-ously known Fibonacci-Hessenberg matrices and their generalizations satisfy this prop-erty. Simple systems of linear equations are given whose solutions are Fibonacci fractions.
In this paper we give formulas for performing row reduction of a matrix of Ore polynomials in a fraction-free way. The reductions can be used for finding the rank and left nullspace of such matrices. When specialized to matrices of skew polynomials our reduction can be used for computing a weak Popov form of such matrices and for computing a GCRD and an LCLM of skew polynomials or matrices of skew polynomials. The algorithm is suitable for computation in exact arithmetic domains where the growth of coefficients in intermediate computations is a concern. This coefficient growth is controlled by using fraction-free methods. The known factor can be predicted and removed efficiently.
We propose a fully homomorphic encryption scheme - i.e., a scheme that allows one to evaluate circuits over encrypted data without being able to decrypt. Our solution comes in three steps. First, we provide a general result - that, to construct an encryption scheme that permits evaluation of arbitrary circuits, it suffices to construct an encryption scheme that can evaluate (slightly augmented versions of) its own decryption circuit; we call a scheme that can evaluate its (augmented) decryption circuit bootstrappable. Next, we describe a public key encryption scheme using ideal lattices that is almost bootstrappable. Lattice-based cryptosystems typically have decryption algorithms with low circuit complexity, often dominated by an inner product computation that is in NC1. Also, ideal lattices provide both additive and multiplicative homomorphisms (modulo a public-key ideal in a polynomial ring that is represented as a lattice), as needed to evaluate general circuits. Unfortunately, our initial scheme is not quite bootstrap- pable - i.e., the depth that the scheme can correctly evalu- ate can be logarithmic in the lattice dimension, just like the depth of the decryption circuit, but the latter is greater than the former. In the final step, we show how to modify the scheme to reduce the depth of the decryption circuit, and thereby obtain a bootstrappable encryption scheme, with- out reducing the depth that the scheme can evaluate. Ab- stractly, we accomplish this by enabling the encrypter to start the decryption process, leaving less work for the de- crypter, much like the server leaves less work for the de- crypter in a server-aided cryptosystem. Categories and Subject Descriptors: E.3 (Data En-
Our main result is a reduction from worst-case lattice problems such as GapSVP and SIVP to a certain learning problem. This learning problem is a natural extension of the “learning from parity with error” problem to higher moduli. It can also be viewed as the problem of decoding from a random linear code. This, we believe, gives a strong indication that these problems are hard. Our reduction, however, is quantum. Hence, an efficient solution to the learning problem implies a quantum algorithm for GapSVP and SIVP. A main open question is whether this reduction can be made classical (i.e., nonquantum).
We also present a (classical) public-key cryptosystem whose security is based on the hardness of the learning problem. By the main result, its security is also based on the worst-case quantum hardness of GapSVP and SIVP. The new cryptosystem is much more efficient than previous lattice-based cryptosystems: the public key is of size Õ( n ² ) and encrypting a message increases its size by a factor of Õ( n ) (in previous cryptosystems these values are Õ( n ⁴ ) and Õ( n ² ), respectively). In fact, under the assumption that all parties share a random bit string of length Õ( n ² ), the size of the public key can be reduced to Õ( n ).
All previously known fully homomorphic encryption (FHE) schemes use Gentry's blueprint:* SWHE: Construct a somewhat homomorphic encryption (SWHE) scheme -- roughly, an encryption scheme that can homomorphically evaluate polynomials up to some degree.* Squash: ``Squash" the decryption function of the SWHE scheme, so that the scheme can evaluate functions twice as complex (in terms of polynomial degree) than its own decryption function. Do this by adding a ``hint " to the SHWE public key -- namely, a large set of vectors that has a secret sparse subset that sums to the original secret key.* Bootstrap: Given a SWHE scheme that can evaluate functions twice as complex as its decryption function, apply Gentry's transformation to get a ``leveled" FHE scheme. To get ``pure" (non-leveled) FHE, one assumes circular security. Here, we describe a new blueprint for FHE. We show how to eliminate the squashing step, and thereby eliminate the need to assume that the sparse subset sum problem (SSSP) is hard, as all previous leveled FHE schemes have done. Using our new blueprint, we obtain the following results:* A ``simple" leveled FHE scheme where we replace SSSP with Decision Diffie-Hellman!* The first leveled FHE scheme based entirely on worst-case hardness}. Specifically, we give a leveled FHE scheme with security based on the shortest independent vector problem over ideal lattices (ideal-SIVP).* Some efficiency improvements for FHE.} While the new blueprint does not yet improve computational efficiency, it reduces cipher text length. As in the previous blueprint, we obtain pure FHE by assuming circular security. Our main technique is to express the decryption function of SWHE schemes as a depth-3 () arithmetic circuit. When we evaluate this decryption function homomorphically, we temporarily switch to a multiplicatively homomorphic encryption (MHE) scheme, such as Elgamal, to handle the part, after which we translate the result from the MHE scheme back to the SWHE scheme by evaluating the MHE scheme's decryption function within the SWHE scheme. The SWHE scheme only needs to be able to evaluate the MHE scheme's decryption function (plus minor operations), and does not need to have the self-referential property of being able to evaluate its {\em own} decryption function, a property that necessitated squashing in the original blueprint.
We present a somewhat homomorphic encryption scheme that is both very simple to describe and analyze, and whose security (quantumly) reduces to the worst-case hardness of problems on ideal lattices. We then transform it into a fully homomorphic encryption scheme using standard “squashing” and “bootstrapping” techniques introduced by Gentry (STOC 2009).
One of the obstacles in going from “somewhat” to full homomorphism is the requirement that the somewhat homomorphic scheme be circular secure, namely, the scheme can be used to securely encrypt its own secret key. For all known somewhat homomorphic encryption schemes, this requirement was not known to be achievable under any cryptographic assumption, and had to be explicitly assumed. We take a step forward towards removing this additional assumption by proving that our scheme is in fact secure when encrypting polynomial functions of the secret key.
Our scheme is based on the ring learning with errors (RLWE) assumption that was recently introduced by Lyubashevsky, Peikert and Regev (Eurocrypt 2010). The RLWE assumption is reducible to worst-case problems on ideal lattices, and allows us to completely abstract out the lattice interpretation, resulting in an extremely simple scheme. For example, our secret key is s, and our public key is (a,b = as + 2e), where s,a,e are all degree (n − 1) integer polynomials whose coefficients are independently drawn from easy to sample distributions.
The “learning with errors” (LWE) problem is to distinguish random linear equations, which have been perturbed by a small amount of noise, from truly uniform ones. The problem has been shown to be as hard as worst-case lattice problems, and in recent years it has served as the foundation for a plethora of cryptographic applications. Unfortunately, these applications are rather inefficient due to an inherent quadratic overhead in the use of LWE. A main open question was whether LWE and its applications could be made truly efficient by exploiting extra algebraic structure, as was done for lattice-based hash functions (and related primitives).
We resolve this question in the affirmative by introducing an algebraic variant of LWE called ring-LWE, and proving that it too enjoys very strong hardness guarantees. Specifically, we show that the ring-LWE distribution is pseudorandom, assuming that worst-case problems on ideal lattices are hard for polynomial-time quantum algorithms. Applications include the first truly practical lattice-based public-key cryptosystem with an efficient security reduction; moreover, many of the other applications of LWE can be made much more efficient through the use of ring-LWE. Finally, the algebraic structure of ring-LWE might lead to new cryptographic applications previously not known to be based on LWE.
Since its invention, geometric algebra has been applied to various branches of physics such as cosmology and electrodynamics, and is now being embraced by the computer graphics community where it is providing new ways of solving geometric problems. It took over two thousand years to discover this algebra, which uses a simple and consistent notation to describe vectors and their products. John Vince (best-selling author of a number of books including 'Geometry for Computer Graphics' and 'Vector Analysis for Computer Graphics') tackles this new subject in his usual inimitable style, and provides an accessible and very readable introduction. The first five chapters review the algebras of real numbers, complex numbers, vectors, and quaternions and their associated axioms, together with the geometric conventions employed in analytical geometry. As well as putting geometric algebra into its historical context, John Vince provides chapters on Grassmann's outer product and Clifford's geometric product, followed by the application of geometric algebra to reflections, rotations, lines, planes and their intersection. The conformal model is also covered, where a 5D Minkowski space provides an unusual platform for unifying the transforms associated with 3D Euclidean space. Filled with lots of clear examples and useful illustrations, this compact book provides an excellent introduction to geometric algebra for computer graphics.
Our main result is a reduction from worst-case lattice problems such as SVP and SIVP to a certain learning problem. This learning problem is a natural extension of the 'learning from parity with error' problem to higher moduli. It can also be viewed as the problem of decoding from a random linear code. This, we believe, gives a strong indication that these problems are hard. Our reduction, however, is quantum. Hence, an efficient solution to the learning problem implies a quantum algorithm for SVP and SIVP. A main open question is whether this reduction can be made classical.Using the main result, we obtain a public-key cryptosystem whose hardness is based on the worst-case quantum hardness of SVP and SIVP. Previous lattice-based public-key cryptosystems such as the one by Ajtai and Dwork were only based on unique-SVP, a special case of SVP. The new cryptosystem is much more efficient than previous cryptosystems: the public key is of size Õ(n2) and encrypting a message increases its size by Õ(n)(in previous cryptosystems these values are Õ(n4) and Õ(n2), respectively). In fact, under the assumption that all parties share a random bit string of length Õ(n2), the size of the public key can be reduced to Õ(n).
We construct a simple fully homomorphic encryption scheme, using only elementary modular arithmetic. We use Gentry’s technique to construct a fully homomorphic scheme from a “bootstrappable” somewhat homomorphic scheme. However, instead of using ideal lattices over a polynomial ring, our bootstrappable encryption scheme merely uses addition and multiplication over the integers. The main appeal of our scheme is the conceptual simplicity.
We reduce the security of our scheme to finding an approximate integer gcd – i.e., given a list of integers that are near-multiples of a hidden integer, output that hidden integer. We investigate the hardness of this task, building on earlier work of Howgrave-Graham.
We present a novel approach to fully homomorphic encryption (FHE) that dramatically improves performance and bases security on weaker assumptions. A central conceptual contribution in our work is a new way of constructing leveled, fully homomorphic encryption schemes (capable of evaluating arbitrary polynomial-size circuits of a-priori bounded depth), without Gentry’s bootstrapping procedure.
Specifically, we offer a choice of FHE schemes based on the learning with error (LWE) or Ring LWE (RLWE) problems that have 2 λ security against known attacks. We construct the following.
(1) A leveled FHE scheme that can evaluate depth-L arithmetic circuits (composed of fan-in 2 gates) using O(λ. L3) per-gate computation, quasilinear in the security parameter. Security is based on RLWE for an approximation factor exponential in L. This construction does not use the bootstrapping procedure.
(2) A leveled FHE scheme that can evaluate depth-L arithmetic circuits (composed of fan-in 2 gates) using O(λ2) per-gate computation, which is independent of L. Security is based on RLWE for quasipolynomial factors. This construction uses bootstrapping as an optimization.
We obtain similar results for LWE, but with worse performance. All previous (leveled) FHE schemes required a per-gate computation of Ω(λ3.5), and all of them relied on subexponential hardness assumptions.
We introduce a number of further optimizations to our scheme based on the Ring LWE assumption. As an example, for circuits of large width (e.g., where a constant fraction of levels have width Ω(λ)), we can reduce the per-gate computation of the bootstrapped version to O(λ), independent of L, by batching the bootstrapping operation. At the core of our construction is a new approach for managing the noise in lattice-based ciphertexts, significantly extending the techniques of Brakerski and Vaikuntanathan [2011b].
We propose a new homomorphic encryption scheme based on the hardness of
decoding under independent random noise from certain affine families of codes.
Unlike in previous lattice-based homomorphic encryption schemes, where the
message is hidden in the noisy part of the ciphertext, our scheme carries the
message in the affine part of the transformation and applies noise only to
achieve security. Our scheme can tolerate noise of arbitrary magnitude, as long
as the noise vector has sufficiently small hamming weight (and its entries are
independent).
Our design achieves "proto-homomorphic" properties in an elementary manner:
message addition and multiplication are emulated by pointwise addition and
multiplication of the ciphertext vectors. Moreover, the extremely simple nature
of our decryption makes the scheme easily amenable to bootstrapping. However,
some complications are caused by the inherent presence of noticeable encryption
error. Our main technical contribution is the development of two new techniques
for handling this error in the homomorphic evaluation process.
We also provide a definitional framework for homomorphic encryption that may
be useful elsewhere.
In this paper, we prove the intractability of learning several classes of Boolean functions in the distribution-free model (also called the Probably Approximately Correct or PAC model) of learning from examples. These results are representation independent , in that they hold regardless of the syntactic form in which the learner chooses to represent its hypotheses.
Our methods reduce the problems of cracking a number of well-known public-key cryptosystems to the learning problems. We prove that a polynomial-time learning algorithm for Boolean formulae, deterministic finite automata or constant-depth threshold circuits would have dramatic consequences for cryptography and number theory. In particular, such an algorithm could be used to break the RSA cryptosystem, factor Blum integers (composite numbers equivalent to 3 modulo 4), and detect quadratic residues. The results hold even if the learning algorithm is only required to obtain a slight advantage in prediction over random guessing. The techniques used demonstrate an interesting duality between learning and cryptography.
We also apply our results to obtain strong intractability results for approximating a generalization of graph coloring.
Noise-free symmetric fully homomorphic encryption based on noncommutative rings
- J Li
- L Wang
J. Li and L. Wang, "Noise-free symmetric fully homomorphic encryption
based on noncommutative rings.," IACR Cryptology ePrint Archive,
vol. 2015, p. 641, 2015.
Linear and geometric algebra
- A Macdonald
A. Macdonald, Linear and geometric algebra. Alan Macdonald, 2010.