DOCSLIB.ORG

Performance Analysis for Fully and Partially Homomorphic Encryption Techniques تحليل االداء لتقنيات التشفير المتماثلة الكاملة والجزئية

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Performance Analysis for Fully and Partially Homomorphic Encryption Techniques تحليل االداء لتقنيات التشفير المتماثلة الكاملة والجزئية Performance Analysis for Fully and Partially Homomorphic Encryption Techniques تحليل اﻻداء لتقنيات التشفير المتماثلة الكاملة والجزئية Prepared by Raya A. Al-Shibib Supervisor Prof. Ahmad Kayed A Thesis submitted in Partial Fulfillment of the Requirements for the Master Degree in Computer Science Department of Computer Science Faculty of Information Technology Middle East University Amman, Jordan May, 2016 II III IV V ACKNOWLEDGMENT Thanks to God I have completed this thesis praise and thanks for his blessings. I would like to thank Prof. Ahmed Kayed for support and assistance and gave me valuable information for the completion of this thesis. I would like to thank my friends, they always standing with me through the good Times and hard times. VI Dedication I dedicate this thesis to my mother who standing beside me and my Father God's mercy. I hope to reach my research into the world to benefit from it and be ongoing charity to dear my father. VII TABLE OF CONTENTS Subject Page Title …………………………………………………………………………….. I Authorization Statement…………………………………………………………… II Examination Committee Decision ………………………………………………… IV Acknowledgment ………………………………………………………………… V Dedication ………………………………………………………………………….. VI Table of Contents ………………………………………………………………… VII List of Table …………………………………………………………………….. XI List of Figures ……………………………………………………………..…… XIV List Abbreviations…………………………………………………………..….. XVI Abstract………………………………………………………………………….. XVIII CHAPTER ONE INTRODUCTION 1.1 Introduction………………………………………………………………………….. 2 1.2 Problem Statement………………………………………………………………… 4 1.3 Research Questions………………………………………………………………… 4 1.4 Limitations and Scope……………………………………………………………… 4 1.5 Objective………………………………………………………………………….. 5 VIII 1.6 Contribution………………………………………………………………………….. 5 1.7 Motivation………………………………………………………………………….. 6 1.8 Methodology………………………………………………………………………….. 6 1.9 Thesis Outline………………………………………………………………………… 7 CHAPTER TWO BACKGROUND 2.1 Background…………………………………………………………………………. 9 2.1.1 Deployment Cloud Computing…………………………………………………… 10 2.1.2 Services Cloud Computing……………………………………………………… 12 2.1.3 Properties of Cloud Computing Services………………………………………… 14 2.1.4 Cloud Security…………………………………………………………………… 15 2.1.5 Homomorphic Encryption Technique…………………………………………… 16 2.1.6 Partial Homomorphic Encryption (PHE) ………………………………………… 17 2.1.6.1 Paillier Cryptosystem…………………………………………………………… 18 2.1.6.2 RSA Cryptosystem……………………………………………………………… 18 2.1.7 NTRU………………………………………………………………………..….. 19 2.2 Literature Review…………………………………………………………………… 20 2.3 Summary 28 IX CHAPTER THREE Performance analysis for fully and partially homomorphic encryption techniques 3.1 Introduction………………………………………………………………………….. 30 3.2 Description Methodology…………………………………………………………… 32 3.2.1 Operation………………………………………………………………………….. 32 3.3 Scenario of Algorithm………………………………………………………………… 37 3.3.1 Fixed Data Size with Multi-Key Size Procedure………………………………… 37 3.3.1.1 Calculated Time of Multi-Key by Using Paillier Formula……………………… 37 3.3.1.2 Calculated Time of Multi-Key by Using RSA Formula………………………… 40 3.3.1.3 Calculated Time of Multi-Key by Using Additive NTRU Formula…………… 43 3.3.1.4 Calculated Time of Multi-Key by Using Multiplication NTRU Formula……… 46 3.3.1.5 Calculated Time of Multi-Key by Using Both NTRU Formula………………… 49 3.3.2 Fixed Key and Multi-Data Size Procedure……………………………………… 52 3.3.2.1 Calculated Time of Multi-Data Size by Using Paillier Formula………………… 52 3.3.2.2 Calculated Time of Multi-Data Size by Using RSA Formula…………………… 55 3.3.2.3 Calculated Time of Multi-Data Size by Using Additive NTRU Formula……… 58 3.3.2.4 Calculated Time of Multi-Data Size by Using Multiplication NTRU Formula… 61 3.3.2.5 Calculated Time of Multi-Data Size by Using Both NTRU Formula…………… 64 X CHAPTER FOUR Experimental & Result 4.1 Introduction………………………………………………………………………….. 69 4.2 Tools for Experimental…………………………………………………………… 70 4.3 Evaluation Measures……………………………………………………………….. 70 4.4 Proposed Methodology……………………………………………………………… 71 4.4.1 Execution Fixed Data Size with Multi-Key Size Procedure…………………… 72 4.4.1.1 Execution Time of Multi-Key by Using Paillier Formula……………………… 72 4.4.1.2 Execution Time of Multi-Key by Using RSA Formula………………………… 76 4.4.1.3 Execution Time of Multi-Key by Using Additive NTRU Formula…………… 80 4.4.1.4 Execution Time of Multi-Key by Using Multiplication NTRU Formula……… 84 4.4.1.5 Execution Time of Multi-Key by Using Both NTRU Formula………………… 88 4.4.2 Execution Fixed Key size with Multi-Data Size Procedure…………………… 92 4.4.2.1 Execution Time of Multi-Data Size by Using Paillier Formula………………… 92 4.4.2.2 Execution Time of Multi-Data Size by Using RSA Formula…………………… 97 4.4.2.3 Execution Time of Multi-Data Size by Using Additive NTRU Formula……… 102 4.4.2.4 Execution Time of Multi-Data Size by Using Multiplication NTRU Formula… 107 4.4.2.5 Execution Time of Multi-Data Size by Using Both NTRU Formula…………… 112 4.5 Summary……………………………………………………………………………… 116 CHAPTER FIVE Conclusion & Future work 5.1 Conclusion………………………………………………………………………….. 121 5.2 Future Work……………………………………………………………………….. 124 XI LIST OF TABLES Table Number Table Name Page Chapter Two Table (2-1) Some of Partially Homomorphic Encryption Schemes 17 Chapter Four Table (4-1) Result Execute Additive PHE (Multi Key Size) 73 Table (4-2) Calculate Security and Performance Ratio for Additive PHE 75 (Multi Key Size) Table (4-3) Result Execute Multiplication PHE (Multi Key Size) 77 Table (4-4) Calculate Security and Performance Ratio for Multiplication 79 PHE (Multi Key Size) Table (4-5) Result Execute Additive NTRU (Multi Key Size) 81 Table (4-6) Calculate Security and Performance Ratio for Additive 83 NTRU (Multi Key Size) Table (4-7) Result Execute Multiplication NTRU (Multi Key Size) 85 Table (4-8) Calculate Security and Performance Ratio for Multiplication 87 NTRU (Multi Key Size) Table (4-9) Result Execute Both NTRU (Multi Key Size) 89 Table (4-10) Calculate Security and Performance Ratio for Both NTRU 91 (Multi Key Size) Table (4-11) Result Execute Additive PHE (Multi Data Size) 93 XII Table (4-12) Calculate Data Flexibility and Performance Ratio for 95 Additive PHE (Multi Data Size) Table (4-13) Result Execute Multiplication PHE (Multi Data Size) 98 Table (4-14) Calculate Data Flexibility and Performance Ratio for 99 Multiplication PHE (Multi Data Size) Table (4-15) Result Execute Additive NTRU (Multi Data Size) 103 Table (4-16) Calculate Data Flexibility and Performance Ratio for 104 Additive NTRU (Multi Data Size) Table (4-17) Result Execute Multiplication NTRU (Multi Data Size) 108 Table (4-18) Calculate Data Flexibility and Performance Ratio for 109 Multiplication NTRU (Multi Data Size) Table (4-19) Result Execute Both NTRU (Multi Data Size) 113 Table (4-20) Calculate Data Flexibility and Performance Ratio for Both 114 NTRU (Multi Data Size) Table (4-21) Compare Time between Paillier and Additive NTRU with 116 Different Key Size Table (4-22) Compare Time between RSA and Multiplication NTRU 117 with Different Key Size Table (4-23) Compare Time between Both PHE and Both NTRU with 117 Different Key Size Table (4-24) Compare Time between Paillier and Additive NTRU with 118 Different Data Size XIII Table (4-25) Compare Time between RSA and Multiplication NTRU 118 with Different Data Size Table (4-26) Compare Time between Both PHE and Both NTRU with 119 Different Data Size XIV LIST OF FIGURES Figure Number Figure Name Page Chapter Two Figure (2-1) Cloud Computing Deployment Model 10 Chapter Three Figure (3-1) Major algorithm 31 Figure (3-2) Paillier Flowchart for Fixed Data Size 38 Figure (3-3) RSA Flowchart for Fixed Data Size 41 Figure (3-4) Additive NTRU Flowchart for Fixed Data Size 44 Figure (3-5) Multiplication NTRU Flowchart for Fixed Data Size 47 Figure (3-6) Both-NTRU Flowchart for Fixed Data Size 50 Figure (3-7) Paillier Flowchart for Fixed Key Size 53 Figure (3-8) RSA Flowchart for Fixed Key Size 56 Figure (3-9) Additive NTRU Flowchart for Fixed Key Size 59 Figure (3-10) Multiplication NTRU Flowchart for Fixed Key Size 62 Figure (3-11) Both NTRU Flowcharts for Fixed Key Size 65 Chapter Four Figure (4-1) Proposed Model 69 Figure (4-2) Main Interface 72 Figure (4-3) Execute Additive PHE (Multi Key Size) 73 Figure (4-4) Timing for Additive PHE (Multi Key Size) 74 XV Figure (4-5) Execute Multiplication RSA (Multi Key Size) 77 Figure (4-6) Timing Execute Multiplication PHE (Multi Key Size) 78 Figure (4-7) Execute Additive NTRU (Multi Key Size) 81 Figure (4-8) Timing Execute Additive NTRU (Multi Key Size) 82 Figure (4-9) Execute Multiplication NTRU (Multi Key Size) 85 Figure (4-10) Timing Execute Multiplication NTRU (Multi Key Size) 86 Figure (4-11) Execute Both NTRU (Multi Key Size) 89 Figure (4-12) Timing Execute Both NTRU (Multi Key Size) 90 Figure (4-13) Execute Additive PHE (Multi Data Size) 93 Figure (4-14) Timing Execute Additive PHE (Multi Data Size) 94 Figure (4-15) Execute Multiplication PHE (Multi Data Size) 97 Figure (4-16) Timing Execute Multiplication PHE (Multi Data Size) 98 Figure (4-17) Execute Additive NTRU (Multi Data Size) 102 Figure (4-18) Timing Execute Additive NTRU (Multi Data Size) 103 Figure (4-19) Execute Multiplication NTRU (Multi Data Size) 107 Figure (4-20) Timing Execute Multiplication NTRU (Multi Data Size) 108 Figure (4-21) Execute Both NTRU (Multi Data Size) 112 Figure (4-22) Timing Execute Both NTRU (Multi Data Size) 113 XVI LIST OF ABBREVIATIONS Abbreviations Meaning AES Advanced Encryption Standard ATV Alt-Lopez, Tromer and Vaikuntanathan CPU Central Processing Unit CCA1 Circadian Clock Associated
Load more

Recommended publications
  • Authenticating Computation on Groups: New Homomorphic Primitives and Applications
    Universita` degli Studi di Catania Dipartimento di Matematica ed Informatica Dottorato di Ricerca in Matematica Pura ed Applicata XXVI ciclo Orazio Puglisi Authenticating Computation on Groups: New Homomorphic Primitives and Applications Advisor: Ch.mo Prof. Dario Catalano ANNO ACCADEMICO 2013-2014 Contents Contents i Acknowledgments iv 1 Introduction 1 1.1 Afewwordsaboutcryptographyhistory . 1 1.2 From Encryption to Homomorphic Encryption . 3 1.3 Whatabouthomomorphicsignatures? . 4 1.4 Fromaconcreteproblemtoanewprimitive . 6 1.5 Organizationofthisthesis . 8 2 Preliminaries and notations 10 2.1 BasicNotations .......................... 10 2.1.1 Probabilisticnotation. 10 2.1.2 NumberTheory...................... 11 2.1.3 Pairings .......................... 11 2.1.4 Computationalassumptions . 12 2.2 PrimitivesandSecurity. 13 2.2.1 Usersandprimitives . 13 2.2.2 Indistinguishability under CPA and CCA . 15 2.2.3 Theasymptoticapproach . 16 2.2.4 Primitives ......................... 17 2.2.4.1 HashFunction . 17 2.2.4.2 ChameleonHashFunction . 18 2.2.4.3 PublicKeyEncryption. 19 i CONTENTS ii 2.2.4.3.1 Security for Public Key Encryption Schemes. ............... 20 2.2.4.3.2 Paillier Encryption Scheme . 22 2.2.4.4 Signatures. 23 2.2.4.4.1 Security for Digital Signatures Schemes 24 2.2.4.4.2 WatersSignature . 26 2.2.4.5 AuthenticatedEncryption . 27 2.2.4.6 SigmaProtocol . 28 2.2.4.6.1 SchnorrSigmaProtocol . 30 2.2.5 Homomorphicprimitives . 30 3 A linearly homomorphic signature scheme to sign elements in bilinear groups 32 3.1 Linear Network Coding and Linearly Homomorphic Signatures 33 3.2 HomomorphicSignaturesscheme . 34 3.2.1 Correctness and Security for Homomorphic Signatures 35 3.3 LHSG:Definition ........................
    [Show full text]
  • Secure E-Voting System by Utilizing Homomorphic Properties of the Encryption Algorithm
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by TELKOMNIKA (Telecommunication Computing Electronics and Control) TELKOMNIKA, Vol.16, No.2, April 2018, pp. 862~867 ISSN: 1693-6930, accredited A by DIKTI, Decree No: 58/DIKTI/Kep/2013 DOI: 10.12928/TELKOMNIKA.v16i2.8420 862 Secure E-voting System by Utilizing Homomorphic Properties of the Encryption Algorithm Rifki Suwandi*, Surya Michrandi Nasution, Fairuz Azmi Electrical Engineering Faculty, Telkom University, Bandung, Indonesia *Corresponding author, e-mail: [email protected], [email protected], [email protected] Abstract The use of cryptography in the e-voting system to secure data is a must to ensure the authenticity of the data. In contrast to common encryption algorithms, homomorphic encryption algorithms had unique properties that can perform mathematical operations against ciphertext. This paper proposed the use of the Paillier and Okamoto-Uchiyama algorithms as two homomorphic encryption algorithms that have the additional properties so that it can calculate the results of voting data that has been encrypted without having to be decrypted first. The main purpose is to avoid manipulation and data falsification during vote tallying process by comparing the advantages and disadvantages of each algorithm. Keywords: cryptography, encryption, homomorphic, Paillier, Okamoto-Uchiyama Copyright © 2018 Universitas Ahmad Dahlan. All rights reserved. 1. Introduction There are numerous issues with the electronic vote casting system, together with system errors, network safety, information security, and so on. One of the primary issues is cheating committed by either insider or outsider, especially for some important role holders with authority that can access the system itself.
    [Show full text]
  • Two-Party ECDSA from Hash Proof Systems and Efficient Instantiations
    Two-Party ECDSA from Hash Proof Systems and Efficient Instantiations Guilhem Castagnos, Dario Catalano, Fabien Laguillaumie, Federico Savasta, Ida Tucker To cite this version: Guilhem Castagnos, Dario Catalano, Fabien Laguillaumie, Federico Savasta, Ida Tucker. Two-Party ECDSA from Hash Proof Systems and Efficient Instantiations. CRYPTO 2019 - 39th Annual Inter- national Cryptology Conference, Aug 2019, Santa Barbara, United States. pp.191-221, 10.1007/978- 3-030-26954-8_7. hal-02281931 HAL Id: hal-02281931 https://hal.archives-ouvertes.fr/hal-02281931 Submitted on 9 Sep 2019 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Two-Party ECDSA from Hash Proof Systems and Efficient Instantiations Guilhem Castagnos1, Dario Catalano2, Fabien Laguillaumie3, Federico Savasta2;4, and Ida Tucker3 1 Université de Bordeaux, INRIA, CNRS, IMB UMR 5251, F-33405 Talence, France. 2 Università di Catania, Italy. 3 Univ Lyon, EnsL, UCBL, CNRS, Inria, LIP, F-69342, LYON Cedex 07, France. 4 Scuola Superiore di Catania, Italy Abstract. ECDSA is a widely adopted digital signature standard. Unfortunately, efficient distributed variants of this primitive are notoriously hard to achieveand known solutions often require expensive zero knowledge proofs to deal with malicious adversaries.
    [Show full text]
  • Homomorphic Encryption: Working and Analytical Assessment DGHV, Helib, Paillier, FHEW and HE in Cloud Security
    Master of Science in Computer Science February 2017 Homomorphic Encryption: Working and Analytical Assessment DGHV, HElib, Paillier, FHEW and HE in cloud security Srinivas Divya Papisetty Faculty of Computing Blekinge Institute of Technology SE-371 79 Karlskrona Sweden This thesis is submitted to the Faculty of Computing at Blekinge Institute of Technology in partial fulfillment of the requirements for the degree of Master of Science in Computer Science. The thesis is equivalent to 20 weeks of full time studies. Contact Information: Author(s): Srinivas Divya Papisetty E-mail: [email protected] University advisor: Dr. Emiliano Casalicchio Dept. of Computer Science & Engineering Faculty of Computing Internet : www.bth.se Blekinge Institute of Technology Phone : +46 455 38 50 00 SE-371 79 Karlskrona, Sweden Fax : +46 455 38 50 57 i i ABSTRACT Context. Secrecy has kept researchers spanning over centuries engaged in the creation of data protection techniques. With the growing rate of data breach and intervention of adversaries in confidential data storage and communication, efficient data protection has found to be a challenge. Homomorphic encryption is one such data protection technique in the cryptographic domain which can perform arbitrary computations on the enciphered data without disclosing the original plaintext or message. The first working fully homomorphic encryption scheme was proposed in the year 2009 and since then there has been a tremendous increase in the development of homomorphic encryption schemes such that they can be applied to a wide range of data services that demand security. All homomorphic encryption schemes can be categorized as partially homomorphic (PHE), somewhat homomorphic (SHE), leveled homomorphic (LHE), and fully homomorphic encryption (FHE).
    [Show full text]
  • Eurocrypt'2000 Conference Report
    Eurocrypt'2000 Conference Report May 15–18, 2000 Bruges Richard Graveman Telcordia Technologies Morristown, NJ USA [email protected] Welcome This was the nineteenth annual Eurocrypt conference. Thirty-nine out of 150 papers were accepted, and there were two invited talks along with the traditional rump session. About 480 participants from 39 countries were present. Bart Preneel was Program Chair. The Proceedings were published by Springer Verlag as Advances in Cryptology— Eurocrypt'98, Lecture Notes in Computer Science, Volume 1807, Bart Preneel, editor. Session 1: Factoring and Discrete Logarithm, Chair: Bart Preneel Factorization of a 512-bit RSA Modulus, Stefania Cavallar (CWI, The Netherlands), Bruce Dodson (Lehigh University, USA), Arjen K. Lenstra (Citibank, USA), Walter Lioen (CWI, The Netherlands), Peter L. Montgomery (Microsoft Research, USA and CWI, The Netherlands), Brian Murphy (The Australian National University, Australia), Herman te Riele (CWI, The Netherlands), Karen Aardal (Utrecht University, The Netherlands), Jeff Gilchrist (Entrust Technologies Ltd., Canada), Gérard Guillerm (École Polytechnique, France), Paul Leyland (Microsoft Research Ltd., UK), Joël Marchand (École Polytechnique/CNRS, France), François Morain (École Polytechnique, France), Alec Muffett (Sun Microsystems, UK), Chris and Craig Putnam (USA), Paul Zimmermann (Inria Lorraine and Loria, France) The authors factored the RSA challenge number RSA-512 with the general number field sieve (NFS). The algorithm has four steps: polynomial selection, sieving, linear algebra, and square root extraction. For N known to be composite, two irreducible polynomials with a common root mod N are needed. f1 (of degree 5 in this case) should have many roots modulo small primes as well as being as small as possible.
    [Show full text]
  • The Paillier Cryptosystem
    The Paillier Cryptosystem A Look Into The Cryptosystem And Its Potential Application By Michael O’Keeffe The College of New Jersey Mathematics Department April 18, 2008 ABSTRACT So long as there are secrets, there is a need for encryption to help guard these secrets. The Paillier Cryptosystem is an encryption scheme that can be used to conceal information, with a few interesting properties. These properties, when creatively applied, allow the Paillier Cryptosystem to be used in ways that other cryptographic systems simply can’t be used. This paper will explore how the Paillier Cryptosystem works, how these properties arise, and one way in which the system can be used in a real world situation as a result of these properties. 1. INTRODUCTION 1.1 A Brief History of Cryptography There are simply times when the intended recipient of a message needs to be the only person able to gather the information contained inside it. To this end, there exists the need for the ability to hide the contents of a message from all but the intended recipient. Primitively, one may choose to physically conceal a message in a location of which only the recipient is aware. However, there exists the risk of the message’s discovery, at which point all information contained within the message is no longer secure. Thus, the need for encryption arises: a way in which to alter a message in such a way that, should the message be intercepted by someone other than the intended recipient, it would be difficult, if not practically impossible, for this person to absorb the information contained within the message.
    [Show full text]
  • Paillier Cryptosystem - Wikipedia, the Free Encyclopedia Paillier Cryptosystem from Wikipedia, the Free Encyclopedia
    13/03/13 Paillier cryptosystem - Wikipedia, the free encyclopedia Paillier cryptosystem From Wikipedia, the free encyclopedia The Paillier cryptosystem, named after and invented by Pascal Paillier in 1999, is a probabilistic asymmetric algorithm for public key cryptography. The problem of computing n-th residue classes is believed to be computationally difficult. The decisional composite residuosity assumption is the intractability hypothesis upon which this cryptosystem is based. The scheme is an additive homomorphic cryptosystem; this means that, given only the public-key and the encryption of and , one can compute the encryption of . Contents 1 Algorithm 1.1 Key generation 1.2 Encryption 1.3 Decryption 1.4 Homomorphic properties 1.5 Background 1.6 Semantic Security 1.7 Applications 2 See also 3 References 3.1 Notes 4 External links Algorithm The scheme works as follows: Key generation 1. Choose two large prime numbers p and q randomly and independently of each other such that . This property is assured if both primes are of equivalent length, i.e., for security parameter .[1] 2. Compute and . 3. Select random integer where 4. Ensure divides the order of by checking the existence of the following modular multiplicative inverse: , where function is defined as . Note that the notation does not denote the modular multiplication of times the modular en.wikipedia.org/wiki/Paillier_cryptosystem 1/5 13/03/13 Paillier cryptosystem - Wikipedia, the free encyclopedia multiplicative inverse of but rather the quotient of divided by , i.e., the largest integer value to satisfy the relation . The public (encryption) key is . The private (decryption) key is If using p,q of equivalent length, a simpler variant of the above key generation steps would be to set and , where .[1] Encryption 1.
    [Show full text]
  • Fair Encryption of RSA Keys
    Fair Encryption of RSA Keys Guillaume Poupard and Jacques Stern Ecole¶ Normale Sup¶erieure, D¶epartement d'informatique 45 rue d'Ulm, F-75230 Paris Cedex 05, France email: fGuillaume.Poupard,[email protected] Abstract. Cryptography is more and more concerned with elaborate protocols involving many participants. In some cases, it is crucial to be sure that players behave fairly especially when they use public key en- cryption. Accordingly, mechanisms are needed to check the correctness of encrypted data, without compromising secrecy. We consider an op- timistic scenario in which users have pairs of public and private keys and give an encryption of their secret key with the public key of a third party. In this setting we wish to provide a publicly veri¯able proof that the third party is able to recover the secret key if needed. Our emphasis is on size; we believe that the proof should be of the same length as the original key. In this paper, we propose such proofs of fair encryption for El Gamal and RSA keys, using the Paillier cryptosystem. Our proofs are really e±cient since in practical terms they are only a few hundred bytes long. As an application, we design a very simple and e±cient key recovery system. 1 Introduction In some cryptographic applications it is crucial to be sure that players behave fairly, especially when they use public key encryption. For example, we can consider a voting scheme where each player encrypts the name of his favorite candidate. It can be useful to convince anybody that the encrypted name is indeed in the list of the candidates without revealing any information about this name.
    [Show full text]
  • Efficient Decentralized Tracing Protocol for Fingerprinting System
    Proceedings of APSIPA Annual Summit and Conference 2019 18-21 November 2019, Lanzhou, China Efficient Decentralized Tracing Protocol for Fingerprinting System with Index Table Minoru Kuribayashi and Nobuo Funabiki Okayama University, Okayama, Japan E-mail: [email protected] Abstract—Due to the burden at a trusted center, a decen- From the different point of view, as differently fingerprinted tralized fingerprinting system has been proposed by delegating versions of same content are delivered to users, a coalition of authority to an authorized server so that the center does not users will be able to modify/delete the fingerprint, which is participate in the tracing protocol. As a fingerprinting code is used to retain a collusion resistance, the calculation of correlation called collusion attack. In order to tolerate for the collusion score for each user is required to identify illegal users from attack, fingerprinting codes [12], [13], [14], [15] enable a a pirated copy. Considering the secrecy of code parameters, seller to catch at least one illegal user from a pirated copy. the computation must be executed by a seller in an encrypted Among the codes, the Tardos code [14] and its variant [15] domain to realize the decentralized tracing protocol. It requires are attractive because its code length can be a theoretically much computational costs as well as the communication costs between the center and a seller because encrypted database (DB) minimum order. The codeword is produced by a probabilistic is necessary for the computation. In this paper, we propose a algorithm based on bias probabilities as secret parameter.
    [Show full text]
  • An Identity Escrow Scheme with Appointed Verifiers
    An Identity Escrow Scheme with Appointed Verifiers Jan Camenisch1 and Anna Lysyanskaya2 1 IBM Research Zurich Research Laboratory CH–8803 R¨uschlikon [email protected] 2 MIT LCS 545 Technology Square Cambridge, MA 02139 USA [email protected] Abstract. An identity escrow scheme allows a member of a group to prove membership in this group without revealing any extra information. At the same time, in case of abuse, his identity can still be discovered. Such a scheme allows anonymous access control. In this paper, we put forward the notion of an identity escrow scheme with appointed verifiers. Such a scheme allows the user to only convince an appointed verifier (or several appointed verifiers) of his membership; but no unauthorized verifier can verify a user’s group membership even if the user fully cooperates, unless the user is completely under his control. We provide a formal definition of this new notion and give an efficient construction of an identity escrow scheme with appointed verifiers provably secure under common number-theoretic assumptions in the public-key model. Keywords. Identity escrow, group signatures, privacy protection, formal model for group signatures. 1 Introduction As digital communication becomes the preferred means of information exchange, it becomes ever easier for those of questionable motivation to mine the accumu- lated data. Under these circumstances, both the importance and the challenge of protecting the privacy of individuals grow considerably. A number of crypto- graphic protocols that limit the information dispersed from accumulated data have been proposed. These are, for instance, anonymous voting protocols [5,30], anonymous payment schemes [6,18], and credential systems [9,16].
    [Show full text]
  • Homomorphic Encryption for Secure Data Computations
    AIN SHAMS UNIVERSITY FACULTY OF ENGINEERING Computer and Systems Engineering Homomorphic Encryption for Secure Data Computations A Thesis submitted in partial fulfillment of the requirements of Master of Science in Electrical Engineering (Computer and Systems Engineering) by Mohamed Tarek Ibn Ziad Mohamed Hassan Bachelor of Science in Electrical Engineering (Computer and Systems Engineering) Faculty of Engineering, Ain Shams University, 2014 Supervised By Dr. Hassan Mohamed Shehata Bedour Dr. Yousra Mohsen Ali Alkabani Cairo, 2017 AIN SHAMS UNIVERSITY FACULTY OF ENGINEERING Computer and Systems Engineering Examiners’ Committee Name: Mohamed Tarek Ibn Ziad Mohamed Hassan Thesis: Homomorphic Encryption for Secure Data Computations Degree: Master of Science in Electrical Engineering (Computer and Systems Engineering) Name and affiliation Signature Prof. Dr. Hossam Aly Hassan Fahmy ........... Prof. at Electronics and Communications Engineering Dept. Faculty of Engineering, Cairo University. Prof. Dr. Mohamed Watheq Ali Kamel El-Kharashi ........... Prof. at Computer and Systems Engineering Dept. Faculty of Engineering, Ain shams University. Dr. Hassan Mohamed Shehata Bedour ........... Associative Prof. at Computer and Systems Engineering Dept. Faculty of Engineering, Ain shams University. Date: June 2017 Statement This Thesis is submitted as a partial fulfillment of Master of Science in Electrical Engineering, Faculty of Engineering, Ain shams University. The author carried out the work included in this Thesis, and no part of it has been submitted
    [Show full text]
  • 1 a Survey on Homomorphic Encryption Schemes: Theory and Implementation
    1 A Survey on Homomorphic Encryption Schemes: Theory and Implementation ABBAS ACAR, HIDAYET AKSU, and A. SELCUK ULUAGAC, Florida International University MAURO CONTI, University of Padua Legacy encryption systems depend on sharing a key (public or private) among the peers involved in exchang- ing an encrypted message. However, this approach poses privacy concerns. The users or service providers with the key have exclusive rights on the data. Especially with popular cloud services, the control over the privacy of the sensitive data is lost. Even when the keys are not shared, the encrypted material is shared with a third party that does not necessarily need to access the content. Moreover, untrusted servers, providers, and cloud operators can keep identifying elements of users long after users end the relationship with the services. Indeed, Homomorphic Encryption (HE), a special kind of encryption scheme, can address these concerns as it allows any third party to operate on the encrypted data without decrypting it in ad- vance. Although this extremely useful feature of the HE scheme has been known for over 30 years, the first plausible and achievable Fully Homomorphic Encryption (FHE) scheme, which allows any computable function to perform on the encrypted data, was introduced by Craig Gentry in 2009. Even though this was a major achievement, different implementations so far demonstrated that FHE still needs to be improved sig- nificantly to be practical on every platform. Therefore, this survey focuses on HE and FHE schemes. First, we present the basics of HE and the details of the well-known Partially Homomorphic Encryption (PHE) and Somewhat Homomorphic Encryption (SWHE), which are important pillars of achieving FHE.
    [Show full text]