Candidate
Ahmed Zawia
Title
An RNS variant of fully homomorphic encryption over integers
Supervisor
Anwarul Hasan
Abstract
In 1978, the concept of privacy homomorphism was introduced by Rivest et al. Since then, homomorphic cryptosystems have gathered researchers' attention. Most of the early schemes were either partially homomorphic or not secure. The question then arose: was fully homomorphic encryption (FHE) scheme possible? And if so, would it have practical worth? About thirty years later, Gentry, in his pioneering work, constructed the first fully homomorphic encryption scheme. The scheme's security was based on worst-case problems over ideal lattices along with a sparse subset-sum problem. A conceptually simpler scheme was proposed in 2010 by Dijk, Gentry, Halevi, and Vaikuntanathan (DGHV). The scheme is over integers instead of ideal lattices, and its security is based on the hardness of the approximate great common divisor problem (A-GCD). Afterward, different techniques were proposed to reduce ciphertext noise growth and to compress the public key size in order to enhance the practicality of FHE. Moreover, Coron et al proposed and implemented a scale-invariant of the DGHV scheme (SI-DGHV) and a number of optimization techniques including modulus switching (MS). However, FHE over integers is still far from practical. To this end, this work proposes a residue number system (RNS) variant to FHE of SI-DGHV, which is also applicable to the DGHV scheme. The proposed scheme exploits properties of RNS to perform the required operations over relatively small moduli in parallel. The RNS variant enhances the timing of the original scheme. The variant scheme also improves the original scheme's security, since the former relies only on the hardness of the A-GCD problem and eliminates the need for the sparse-subset-sum problem used in the original MS procedure. Moreover, the public key elements that are required for the MS method is slightly reduced in the RNS variant. Finally, our analysis of the RNS variant reveals a different linear relationship between the noise and the multiplication depth.