On homomorphic encryption, transciphering frameworks, and he-friendly ciphers

Abstract

Homomorphic encryption (HE) is a promising cryptographic primitive that enables computation over encrypted data, with a variety of applications including medical, genomic, and financial tasks. Current HE schemes, nevertheless, still suffer from slow encryption speed and large ciphertext expansion compared to symmetric cryptography. Transciphering framework is a hybrid framework converting symmetric ciphertext to HE ciphertext, which is proposed to address the issue of the ciphertext expansion and the client-side computational overload.In this paper, we propose two transciphering frameworks: RtF (Real-to-Finite-field) framework, and BtE (Binary-to-Extension-field) framework. The RtF framework is the first transciphering framework for real numbers. The main idea behind this construction is to combine the CKKS and the FV homomorphic encryption schemes, and use a stream cipher using modular arithmetic in between. As a result, real numbers can be encrypted without significant ciphertext expansion or computational overload on the client side. The BtE framework fully exploits the structure of extension fields in order to use the whole inner-slot storage inside HE ciphertexts. Although the BtE framework only supports homomorphic operation on a binary extension field, the digit extraction function at the end of the BtE framework makes the resulting HE ciphertexts operate on a usual binary space homomorphically.As an instantiation of the stream cipher in our framework, we propose three HE-friendly ciphers: HERA, Rubato, and eHERA. The HERA cipher features a simple randomized key schedule and sparse linear layers in order to be efficiently evaluated with batching technique. The Rubato cipher is a mixture of block cipher and LWE encryption. The added noise has an effect of increasing the algebraic degree so that the multiplicative depth becomes lower than before. We also propose a new HE-friendly cipher eHERA, a variant of HERA, as an instantiation of the stream cipher operating on a binary extension field for the BtE framework. The BtE framework combined with eHERA outperforms existing HE-friendly ciphers in terms of both throughput and latency in the client-side.