Difference between revisions of "FHE"

Intuition

Definitions

Let us fix a security parameter ${\displaystyle \lambda }$. Assume that the ciphertext ${\displaystyle {\mathcal {C}}}$ and the plaintext ${\displaystyle {\mathcal {P}}}$ have the algebraic structure of a ring and that ${\displaystyle Decrypt:{\mathcal {C}}\to {\mathcal {P}}}$ is a ring homomorphism.

Definition. A homomorphic encryption scheme ${\displaystyle {\mathcal {E}}=({\mathcal {C}},{\mathcal {P}},KeyGen,Encrypt,Decrypt)}$ is called leveled if the decryption algorithm is correct for for a certain number of ring operations made on ${\displaystyle {\mathcal {C}}}$.

TODO: Write about the practical reasons for using a leveled scheme.

Definition. A homomorphic encryption scheme ${\displaystyle {\mathcal {E}}}$ is called compact if there exists a polynomial function ${\displaystyle s=s(\lambda )}$ such that the output length of ${\displaystyle Eval(f,c,pk)}$ is at most ${\displaystyle s(\lambda )}$ bits long, regardless of the ring homomorphism ${\displaystyle f:{\mathcal {C}}^{t}\to {\mathcal {C}}}$ or the number of ciphertext inputs ${\displaystyle t}$, for any tuple ${\displaystyle c=(c_{1},\dots ,c_{t})\in {\mathcal {C}}^{t}}$ of ciphertexts.

A homomorphic encryption scheme as above, but for which we do not require that ${\displaystyle s(\lambda )}$ is polynomial in ${\displaystyle \lambda }$ is called bounded .

Examples

References