Paper 2011/405

Can Homomorphic Encryption be Practical?

Kristin Lauter, Michael Naehrig, and Vinod Vaikuntanathan

Abstract

The prospect of outsourcing an increasing amount of data storage and management to cloud services raises many new privacy concerns for individuals and businesses alike. The privacy concerns can be satisfactorily addressed if users encrypt the data they send to the cloud. If the encryption scheme is homomorphic, the cloud can still perform meaningful computations on the data, even though it is encrypted. In fact, we now know a number of constructions of fully homomorphic encryption schemes that allow arbitrary computation on encrypted data. In the last two years, solutions for fully homomorphic encryption have been proposed and improved upon, but it is hard to ignore the elephant in the room, namely efficiency -- can homomorphic encryption ever be efficient enough to be practical? Certainly, it seems that all known fully homomorphic encryption schemes have a long way to go before they can be used in practice. Given this state of affairs, our contribution is two-fold. First, we exhibit a number of real-world applications, in the medical, financial, and the advertising domains, which require only that the encryption scheme is "somewhat" homomorphic. Somewhat homomorphic encryption schemes, which support a limited number of homomorphic operations, can be much faster, and more compact than fully homomorphic encryption schemes. Secondly, we show a proof-of-concept implementation of the recent somewhat homomorphic encryption scheme of Brakerski and Vaikuntanathan, whose security relies on the "ring learning with errors" (Ring LWE) problem. The system is very efficient, and has reasonably short ciphertexts. Our unoptimized implementation in magma enjoys comparable efficiency to even optimized pairing-based schemes with the same level of security and homomorphic capacity. We also show a number of application-specific optimizations to the encryption scheme, most notably the ability to convert between different message encodings in a ciphertext.

Note: Full version of the ACM CCSW 2011 paper.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
Homomorphic encryptionring learning with errors
Contact author(s)
michael @ cryptojedi org
History
2011-09-01: last of 3 revisions
2011-07-30: received
See all versions
Short URL
https://ia.cr/2011/405
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2011/405,
      author = {Kristin Lauter and Michael Naehrig and Vinod Vaikuntanathan},
      title = {Can Homomorphic Encryption be Practical?},
      howpublished = {Cryptology ePrint Archive, Paper 2011/405},
      year = {2011},
      note = {\url{https://eprint.iacr.org/2011/405}},
      url = {https://eprint.iacr.org/2011/405}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.