Difference between revisions of "BGV"
| Line 21: | Line 21: | ||
depth of the circuits that the scheme is capable of evaluating. | depth of the circuits that the scheme is capable of evaluating. | ||
| − | <b> Definition.</b> We say that a family of homomorphic encryption schemes <math> \mathcal E^{(L)}: L \in \mathbb Z^{+} </math> is leveled fully homomorphic if, for all <math>L \in \mathbb Z^{+} </math>, they all use the same decryption circuit, <math>\mathcal E^{(L)} </math> compactly evaluates all circuits of depth at most <math> L </math> (that use some specified complete set of gates), and the computational complexity of <math> \mathcal E^{(L)} </math>'s algorithms is polynomial (a fixed polynomial for all <math>L </math>) in the security parameter <math> L</math>, and the size of the circuit (in the case of the evaluation algorithm). | + | <b> Definition.</b> We say that a family of homomorphic encryption schemes <math> \{\mathcal E^{(L)}: L \in \mathbb Z^{+} \} </math> is leveled fully homomorphic if, for all <math>L \in \mathbb Z^{+} </math>, they all use the same decryption circuit, <math>\mathcal E^{(L)} </math> compactly evaluates all circuits of depth at most <math> L </math> (that use some specified complete set of gates), and the computational complexity of <math> \mathcal E^{(L)} </math>'s algorithms is polynomial (a fixed polynomial for all <math>L </math>) in the security parameter <math> L</math>, and the size of the circuit (in the case of the evaluation algorithm). |
=== The construction: FHE without bootstrapping === | === The construction: FHE without bootstrapping === | ||
Revision as of 16:20, 5 January 2021
In 2011, Brakerski, Gentry and Vaikuntanathan (BGV) published the paper [1] in which they introduce a new (leveled) fully homomorphic encryption (FHE) that improves performance and bases security on weaker assumptions than schemes from the previous generation.
A central conceptual contribution of this work is a new way of constructing leveled fully homomorphic encryption schemes (capable of evaluating arbitrary polynomial-size circuits), without Gentry’s bootstrapping procedure.
Until recently, the BGV scheme was considered to be the most efficient homomorphic encryption scheme when performing the same operations on multiple ciphertexts at once.
Contents
Modulus switching
@TODO
New noise management technique
@TODO
Leveled Fully Homomorphic Encryption
Most of the work done by the will focus on the construction of a leveled fully homomorphic scheme, in the sense that the parameters of the scheme depend (polynomially) on the depth of the circuits that the scheme is capable of evaluating.
Definition. We say that a family of homomorphic encryption schemes Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://en.wikipedia.org/api/rest_v1/":): {\displaystyle \{\mathcal E^{(L)}: L \in \mathbb Z^{+} \} } is leveled fully homomorphic if, for all Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://en.wikipedia.org/api/rest_v1/":): {\displaystyle L \in \mathbb Z^{+} } , they all use the same decryption circuit, Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://en.wikipedia.org/api/rest_v1/":): {\displaystyle \mathcal E^{(L)} } compactly evaluates all circuits of depth at most Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://en.wikipedia.org/api/rest_v1/":): {\displaystyle L } (that use some specified complete set of gates), and the computational complexity of Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://en.wikipedia.org/api/rest_v1/":): {\displaystyle \mathcal E^{(L)} } 's algorithms is polynomial (a fixed polynomial for all ) in the security parameter , and the size of the circuit (in the case of the evaluation algorithm).
The construction: FHE without bootstrapping
The authors base the security of their scheme on the hardness of Ring-Learning with errors problems, a generalisation of the classical LWE problem.
Let be a security parameter, representing security against known attacks.
Let and a power of .
![{\displaystyle R = \mathbb Z[X]/(x^d+1) }](https://en.wikipedia.org/api/rest_v1/media/math/render/svg/f0cdaf528599437b7efaa1be69649d532f37d5e4)
Let be an odd modulus and Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://en.wikipedia.org/api/rest_v1/":): {\displaystyle \chi = \chi(\lambda) } a ``noise" distribution over Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://en.wikipedia.org/api/rest_v1/":): {\displaystyle R} . Let Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://en.wikipedia.org/api/rest_v1/":): {\displaystyle N=N(\lambda)} be an additional parameter of the system which is larger than Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://en.wikipedia.org/api/rest_v1/":): {\displaystyle 3 \cdot \log{q} } .
Let us assume that the plaintext is Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://en.wikipedia.org/api/rest_v1/":): {\displaystyle R_2 = R/2R } .
References
- ↑ Z. Brakerski, C. Gentry, and V. Vaikuntanathan. 2014. (Leveled) Fully Homomorphic Encryption without Bootstrapping. ACM Trans. Comput. Theory 6, 3, Article 13 (July 2014), 36 pages. DOI:https://doi.org/10.1145/2633600
