1

Recently I'm researching about logical circuit calculation and I hope to use homomorphic encryption to protect the whole process. I've read Gentry's paper and use some websites like https://asecuritysite.com/encryption/hom_xor, and I wonder if there are some other methods?

Few days ago, I thought that position transformation like Caesar cipher could just support my thoughts. For instance, $(4 \gg 1) \oplus (5 \gg 1) = (4 \oplus 5) \gg 1$. But my professor told me that this is unreasonable and could even not be seen as "encryption" for lacking of random number. Is he right? Or maybe I could adjust this thought so that it is able to be accept as a "homomorphic" calculation for logical operation?

Raoul722
  • 2,836
  • 2
  • 20
  • 39
Kao Tou
  • 15
  • 4

2 Answers2

2

Partial and Fully Homomorphic Encryption

When a homomorphic encryption scheme supports a single operation on the encrypted data like

  • RSA has a modular multiplicative operation
  • Elgamal has a modular multiplicative operation
  • Goldwasser–Micali cryptosystem has x-or operation
  • Paillier cryptosystem has a modular addition operation

it is called partial homomorphic. When they support two operations they are called Fully Homomorphic Encryption (FHE) in the sense that one can build arbitrary circuits with them constrained to some conditions.

The two operations in the FHE scheme are usually addition and multiplication. In the bit-based case, the addition is XOR $\oplus$ and the multiplication is AND gates $\wedge$. Though neither the XOR nor the AND are universal logic gates, when combined they can construct any gate. And note that the randomization on the encryption requires a different design than the usual circuit design.

Public Key!

All FHE schemes that I know are based on public-key. Therefore if the randomization is removed then an attacker can use the public parameters to determine the encrypted values. If one looks at the Ind-CPA game for public-key encryption, we consider that the encryption oracle is free to the adversary. As a concrete example, consider TextBook RSA encryption (it has no padding, insecure, and it is multiplicative) with single-bit encryption then you can immediately deduce it, even for a byte or a word.

This is dangerous and we left it with the seminal paper of Shafi Goldwasser and Silvio Micali

You can also get the notion from the famous ECB picture of tux in Wikipedia.

There are many libraries for FHE that you may look at like HeLib, TFHE, Seal. If you like to read how some small circuits are designed, you can read from here Representing a function as FHE circuit and see some of the implementation papers, too.

Aman Grewal
  • 1,421
  • 1
  • 9
  • 23
kelalaka
  • 48,443
  • 11
  • 116
  • 196
1

XOR and AND are "just" addition and multiplication $\bmod 2$. Your application needs a fully homomorphic encryption scheme defined over $\mathbb{F}_2$, of which the schemes FHEW/TFHE (which are broadly similar) are a relatively simple example that are specialized to this case (or more generally to the evaluation of boolean circuits).

If you want to read about these schemes, I like the exposition in this paper a decent amount. If you just want implementations, I believe they can be found in many homomorphic encryption libraries (such as PALISADE at least, although I would also check HElib and SEAL). I think the authors behind TFHE have their own implementation as well. I have not compared these implementations myself practically.

Mark Schultz-Wu
  • 12,944
  • 19
  • 41