Questions tagged [homomorphic-encryption]
Cryptosystems which support computation on encrypted data. They might be partially homomorphic (support for one operation such as + or *) or they might be fully homomorphic (any sequence of + and *).
957 questions
2
votes
2
answers
162
views
How to perform bitwise XOR by rational function modulo $2^n$?
Does there exist a rational function modulo $2^n$?
This is a function of the form
$$f(a,b)\pmod{2^n},$$ such that $$\forall\;a,b\in \{0,1,\ldots,2^n-1\},\quad a\oplus b=\frac{g(a,b)}{h(a,b)}\pmod{2^n},...
- 21
1
vote
0
answers
33
views
Feldman’s VSS Scheme and one way homomorphisms
I’m working on an educational resource that discusses Feldman’s scheme for verifiable secret sharing. In talking Feldman’s scheme through with multiple math students, I’m finding that many people are ...
- 111
1
vote
2
answers
75
views
Is any FHE scheme faster than the trivial one?
There is an "trivial" FHE method where the client uses normal symmetric cryptography to encrypt, the server "performs the computation" by pretending the function to be performed to ...
- 391
2
votes
0
answers
57
views
Can I avoid the INTT in CKKS RNS Multiplication?
Given two Ciphers in evaluation (NTT) form, is it possible to multiply them together, relinearize them with a given relinearization key, and return the product, all without performing the INTT? For ...
- 23
2
votes
0
answers
29
views
Exploring Schemes for Additive Homomorphism and Nested Encryption
Is there an algorithm that satisfies both additive homomorphism and allows for double encryption?
That is:
$$m = Dec_{sk_2}(Dec_{sk_1}(Enc_{pk_2}(Enc_{pk_1}(m))))$$
$$Enc_{pk}(m_1) + Enc_{pk}(m_2) = ...
- 147
0
votes
1
answer
81
views
HELib Number Theoretic Transform
In HELib, when constructing the polynomial ring over which computations are performed $Z_q[X]/(X^m+1)$, it is possible that $q < m$. How does this work with the number theoretic transform, which ...
- 11
0
votes
0
answers
67
views
Can we build perfectly secure / collusion-resistant multi-party application?
Let's take voting as a simple example application. The simplest and naive way to build such an application and achieve vote privacy is to leverage a trusted third party that collects votes and outputs ...
1
vote
0
answers
55
views
SIMD packing NTL implementation
I am trying to implement the SIMD packing detailed by Smart and Vercauteren: https://eprint.iacr.org/2011/133.pdf and the packing detailed in this paper: https://eprint.iacr.org/2022/771.pdf. I am ...
- 11
0
votes
0
answers
40
views
Error terms in FHE over the integers
I have been investigating the DGHV scheme for FHE over the integers (https://eprint.iacr.org/2009/616.pdf).
I'm trying to work out the details of the proof of correctness. I've looked at the other ...
1
vote
0
answers
31
views
Bootstrapping of BV11 (2-nd Gen FHE): bootstrapping with arithmetic circuit
The bootstrapping technique, using the arithmetic circuit of the decryption algorithm presented in BV11, is questionable. The authors say, “Checking if the result is in Z_p can be done with depth O(...
0
votes
1
answer
56
views
BFV bootstrapping vs leveled scheme
I am trying to understand how BFV leveled scheme is different from BGV leveled scheme? Is the difference in the noise management techniques? Do we have modulus chain for BFV as well? how do we do ...
- 19
2
votes
0
answers
33
views
The confusion about the secret setup in Schoenmakers' PVSS
In Schoenmakers' PVSS scheme, the secret distributor selects a random number $s \in \mathbb{Z}_q$, and the secret is defined as $S=h^s\bmod p$.
What restricts the PVSS scheme to sharing the secret $h^...
- 147
1
vote
0
answers
23
views
Integrity of oursourced computation with FHE
A standard use case for fully-homomorphic encryption (FHE) is outsourced computation:
The client encrypts its data x with an FHE scheme under a private key k and sends the ciphertext c = Enc(k, x) to ...
- 53
0
votes
0
answers
24
views
Is there a scheme which allows N people to encrypt/decrypt shared data with different keys?
I'm looking for a way to store data on an untrusted server, such that all users can read and write arbitrarily, but the server cannot violate the confidentiality of the stored data (ignore integrity ...
- 117
0
votes
0
answers
32
views
How to use Chaum-Pedersen zero-knowledge proof for ElGamal additively homomorphic encryption is 0 or 1 without revealing which is m=0 or m=1?
My plaintext have a value of either $m=0$ or $m=1$. I use ElGamal additive homomorphic property to encrypt a message $m$ as follows $c_1=g^k, c_2=g^{xk+m}$. I now want to create a zero-knowledge proof,...
- 87