Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
97 tokens/sec
GPT-4o
53 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

A Survey on Homomorphic Encryption Schemes: Theory and Implementation (1704.03578v2)

Published 12 Apr 2017 in cs.CR

Abstract: Legacy encryption systems depend on sharing a key (public or private) among the peers involved in exchanging an encrypted message. However, this approach poses privacy concerns. Especially with popular cloud services, the control over the privacy of the sensitive data is lost. Even when the keys are not shared, the encrypted material is shared with a third party that does not necessarily need to access the content. Moreover, untrusted servers, providers, and cloud operators can keep identifying elements of users long after users end the relationship with the services. Indeed, Homomorphic Encryption (HE), a special kind of encryption scheme, can address these concerns as it allows any third party to operate on the encrypted data without decrypting it in advance. Although this extremely useful feature of the HE scheme has been known for over 30 years, the first plausible and achievable Fully Homomorphic Encryption (FHE) scheme, which allows any computable function to perform on the encrypted data, was introduced by Craig Gentry in 2009. Even though this was a major achievement, different implementations so far demonstrated that FHE still needs to be improved significantly to be practical on every platform. First, we present the basics of HE and the details of the well-known Partially Homomorphic Encryption (PHE) and Somewhat Homomorphic Encryption (SWHE), which are important pillars of achieving FHE. Then, the main FHE families, which have become the base for the other follow-up FHE schemes are presented. Furthermore, the implementations and recent improvements in Gentry-type FHE schemes are also surveyed. Finally, further research directions are discussed. This survey is intended to give a clear knowledge and foundation to researchers and practitioners interested in knowing, applying, as well as extending the state of the art HE, PHE, SWHE, and FHE systems.

User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (4)
  1. Abbas Acar (12 papers)
  2. Hidayet Aksu (18 papers)
  3. A. Selcuk Uluagac (30 papers)
  4. Mauro Conti (195 papers)
Citations (951)
View on Semantic Scholar

Summary

  • The paper’s main contribution is a detailed analysis of partially, somewhat, and fully homomorphic encryption schemes and their respective implementations.
  • It reviews foundational methods like Gentry’s FHE and subsequent improvements, highlighting challenges in noise management and computational efficiency.
  • Key insights include practical performance gains from leveled-FHE schemes and actionable research directions to enhance security and efficiency.

A Survey on Homomorphic Encryption Schemes: Theory and Implementation

The paper entitled "A Survey on Homomorphic Encryption Schemes: Theory and Implementation" by Acar et al. offers a comprehensive examination of Homomorphic Encryption (HE) techniques, with a focused analysis on Fully Homomorphic Encryption (FHE) since its conception by Craig Gentry in 2009. This survey explores the theoretical underpinnings, practical implementations, and potential future directions of HE and FHE schemes, providing an insightful reference for researchers and practitioners in the field.

Overview and Classification of Homomorphic Encryption Schemes

Homomorphic encryption allows computation on ciphertexts, generating an encrypted result that, when decrypted, matches the outcome of operations performed on the plaintext. This property is especially valuable for preserving privacy in outsourced computations, such as those performed in cloud computing environments. HE can be broadly categorized into:

  1. Partially Homomorphic Encryption (PHE): Supports an unlimited number of operations but only for a single algebraic operation (either addition or multiplication).
  2. Somewhat Homomorphic Encryption (SWHE): Supports a limited number of both addition and multiplication operations.
  3. Fully Homomorphic Encryption (FHE): Supports arbitrary and unlimited numbers of both addition and multiplication operations on ciphertexts.

Partially Homomorphic Encryption Schemes

PHE schemes, like RSA, Goldwasser-Micali (GM), and Paillier, laid the foundational work for HE. These schemes individually support either additive or multiplicative homomorphism:

  • RSA is multiplicatively homomorphic, i.e., E(m1)E(m2)=E(m1m2)E(m_1) \cdot E(m_2) = E(m_1 \cdot m_2).
  • GM is additively homomorphic, focusing on binary operations, i.e., E(m1)E(m2)=E(m1m2)E(m_1) \cdot E(m_2) = E(m_1 \oplus m_2).
  • Paillier supports additive homomorphism for integers: E(m1)E(m2)=E(m1+m2)E(m_1) \cdot E(m_2) = E(m_1 + m_2).

Somewhat Homomorphic Encryption Schemes

SWHE schemes represent a critical intermediate step towards FHE:

  • BGN allows efficient evaluation of quadratic boolean formulas by supporting unlimited additions and one multiplication.
  • Yao's Garbled Circuits and Ishai-Paskin (IP) schemes expanded the operational capacity of HE but with limitations on the depth and breadth of the supported computations.

Fully Homomorphic Encryption (FHE) Schemes

FHE schemes facilitate arbitrary computations on encrypted data and can be categorized mainly into:

  1. Ideal Lattice-based FHE: Gentry's pioneering scheme using ideal lattices employs bootstrapping and squashing to manage noise during homomorphic operations.
  2. Integer-based FHE: Schemes like DGHV utilize elementary modular arithmetic over integers, achieving conceptual simplicity at the cost of greater computational overhead.
  3. LWE/RLWE-based FHE: These offer improved efficiency by relying on Learning with Errors (LWE) and Ring LWE (RLWE) problems.
  4. NTRU-like FHE: These schemes, based on the NTRUEncrypt protocol, enhance efficiency and standardization.

Notable Implementations and Practical Considerations

The practical implementation of FHE remains a significant challenge due to computational complexity:

  • The pioneering implementation by Gentry and Halevi showcased a complete FHE realization, albeit with considerable computational expense.
  • Subsequent schemes, like the leveled-FHE schemes proposed by Brakerski-Vaikuntanathan (BV) and Fan-Vercauteren (FV), provided performance improvements by eliminating bootstrapping.
  • The development of HElib and other open-source libraries has facilitated experimental research and incremental optimizations in the field.

Future Directions and Challenges

Moving forward, several research avenues and challenges remain:

  1. Enhanced Efficiency: Reducing the computational overhead and improving the speed of homomorphic operations remain critical for practical applications.
  2. Noise Management: Developing noise-free or more efficient noise management techniques holds promise for decreasing the cost of bootstrapping.
  3. Security: Addressing unresolved security issues, such as circular security and IND-CCA1 security, is essential for broader adoption.
  4. Functional and Multi-key FHE: Extending FHE for functional encryption (FE) and enabling multi-key operations to handle multiple users represents a fruitful area of research.

Conclusion

This paper provides a detailed survey of the evolution, theory, and implementation of HE schemes, particularly emphasizing FHE. Although significant strides have been made since Gentry’s initial proposal, realizing practical, secure, and efficient FHE schemes for widespread use remains an ongoing challenge. Future research must address both theoretical and practical aspects to fully leverage the potential of homomorphic encryption in preserving data privacy.

File Document Download Save Streamline Icon: https://streamlinehq.com PDF File Document Download Save Streamline Icon: https://streamlinehq.com Markdown
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets