Symmetric somewhat homomorphic encryption library based on DGHV scheme.
Homomorphic encryption is a kind of encryption that allows to execute functions over the ciphertexts without decrypting them. This library implements a symmetric variant of originally asymmetric somewhat homomorphic encryption scheme over the integers by van Dijk et al. DGHV10 using ciphertext compression techniques from CNT11. The symmetricity of the scheme means that only the private key is used to encrypt and decrypt ciphertexts. A relatively small public element, however, is used in homomorphic operations, but it is not a real public key.
Such scheme is useful in secure function evaluation setting, where a client encrypts an input to an algorithm using their private key, sends it to a server which executes an algorithm homorphically, and sends the output back to the client. The client then obtains the output of the algorithm by decrypting server response using the private key.
See the following diagram for visual explanation.
- Let f be an algorithm to be evaluated on a server.
- Let a[1], a[2], ... a[n] be inputs of f that client provides to the server.
- Let b[1], b[2], ... b[n] be inputs of f that server possesses.
- Let p be the client's private key, and x[0] be the corresponding public element
Warning. This is experimental software. It is not to be used in mission-critical applications. Since the time this software was written, parameters of the underlying scheme were broken many times.
You can consult the .travis.yml
for concrete installation commands on Debian-based systems.
Build and install libshe.so
library and headers:
make
sudo make install
You can also uninstall with
sudo make uninstall
Run tests:
make tests
Note. Running tests will compile sources with debug options. Do make clean
before installing if tests were run previously.
Run benchmarks:
make benchmarks
Use C++11 and link against GMP and Boost Serialization when building your program:
-std=c++11 -lgmp -lboost_serialization -lshe
Include libshe in your sources:
#include <she.hpp>
using she::ParameterSet;
using she::PrivateKey;
// ...
The following example assumes a client and a server that are engaged in a two-party secure function evaluation protocol.
Client generates a parameter set:
const ParameterSet params = ParameterSet::generate_parameter_set(62, 1, 42);
Given these parameters, the encryption scheme exhibits following properties:
- Security level is (62-bit)
- At least 1 multiplication can be evaluated on every bit in the ciphertext
- The non-secure random number generator used in ciphertext compression is seeded with number 42
Client then constructs a private key object from generated parameters:
const PrivateKey sk(params);
Encrypts the plaintext:
const vector<bool> plaintext = {1, 0, 1, 0, 1, 0, 1, 0};
const auto compressed_ciphertext = sk.encrypt(plaintext);
Serializes and sends compressed ciphertext to server.
Upon obtaining the compressed ciphertext, Server expands it to perform operations:
const auto ciphertext = compressed_ciphertext.expand();
Executes the algorithm (here negation of an 8-bit input)
const vector<bool> another_plaintext = {1, 1, 1, 1, 1, 1, 1, 1};
const auto response = ciphertext ^ another_plaintext;
Serializes the output and sends it back to the client.
Client decrypts the response and obtains the algorithm output in plaintext:
const auto decrypted_response = sk.decrypt(response);
const vector<bool> expected_result = {0, 1, 0, 1, 0, 1, 0, 1};
assert(decrypted_response == expected_result);
Note that ciphertext can be compressed only during encryption on the client side, so cost for Server → Client communication is significantly higher than that of Client → Server communication.
- Bitwise addition (XOR):
c1 ^ c2
- Bitwise multiplication (AND):
c1 & c2
- Equality comparison:
c0.equal({c1, c2, ..., cn})
.. - Selection of i-th ciphertext:
c0.select({c1, c2, ..., cn})
.
The code is released under the GNU General Public License v3.0.
Copyright © 2015 Bogdan Kulynych. hello [at] bogdankulynych.me