Lattice-based Fully Homomorphic Encryption And Its Applications

As a typical representative of the post quantum cryptography,lattice-based cryptography is a kind of public key crypto-system resistant against quantum computing attacks under the spotlight.It has more and more positive theoretical and practical significances to its research.The development of the lattice-based cryptography is divided into two main lines in general: first,the study from the development of classical mathematics problems about lattice to the solution of high dimensional lattice hardness problem and its calculation complexity theory in recent 30 years;second,from analyzing the security development of non-lattice public key cryptosystem using the solution of lattice hardness problem to the design of cryptographic system based on the difficult problem.Notably,due to the homomorphism property of lattice operation,designing lattice-based homomorphic crypto-system has potential application value in the solution of ciphertext retrieval and encrypted date processing and so on in the cloud secure computing environment.Besides,homomorphic encryption not only provided a theoretical solution for cloud computing security,but also the ultimate solution to protect the privacy of users,which has greatly promoted the development of cloud computing.With the target of lattice-based full homomorphic encryption scheme,this subject comes from the research work of the following four aspects respectively from the aspects of security,efficiency and application to achieve secure ciphertext computation:1.To solve the inefficient problem of multi-bit FHE via combination of single-bit FHE schemes,as well as the leakage-resistant problem of lattice-based multi-bit FHE,this paper proposed a leakage resilient leveled FHE on multiple bits message scheme by using the Gentry-Sahai-Waters scheme as the building block.First,we improve the construction of the public key,so that the public key contains a sequence of LWE instances instead of only one LWE instance.We can obtain the ciphertext by using our designed public key,and the obtained ciphertext can be decrypted in the flexible approach.That's means we can recover the targeted bit(or the plaintext bit on specific location)by the bit decryption,we also can recovery the whole plaintext bits by decrypting the entire ciphertext at a time.In addition,inspired by the leakage resistant lattice-based single-bit FHE,and armed with our multi-bite FHE,we construct a leakage-resistant FHE scheme.Compared with the Hiromasa-Abe-Okamoto scheme,our scheme is more practical and has tolerance of more bits leakage.2.In order to solve the inefficient problem of Linear Combination Procedure(LCP)achieved by combining single-bit FHEs in the Mukherjee-Wichs scheme LCP,we proposed a multi-key lattice-based FHE on long messages scheme in this paper and gave an efficient multi-bit single-key GSW-like construction used for improving LCP.Armed with our improved LCP construction,the efficient multi-key FHE on the multi-bit message is obtained.3.In order to solve the issue that the current Gentry-Sahai-Waters scheme is not secure under the key recovery attacks,in this paper,we propose a multiple secret keys lattice-based FHE for preventing adaptive key recovery attacks on the GSW leveled homomorphic encryption.As late as 2016,the only positive result was the IND-CCA1 scheme under strong knowledge assumption using “efficient ciphertext” proposed by Loftus,May,Smart and Vercauteren.However,their scheme is not secure under the adaptive attack of ‘ciphertext validity oracle'.Our scheme does not depend on the concept of ‘efficient ciphertext' to enable the scheme to resist the leakage of private key information.However,despite the fact that the multi-secret FHE avoids the leakage of private key information,the use of noise information can still enable adaptive key recovery attack.For this,we design a dual multi-secret FHE to solve the problem.The core idea is that every time the decryption algorithm is run,a ‘one-time' private key will be generated.Therefore,even if an attacker can get some bits of the private key from each decrypted query,a valid private key cannot be obtained.4.In view of the fact that current lattice-based proxy re-encryption scheme and lattice-based identity-based proxy re-encryption scheme cannot realize multi-hop,we consider that,as a kind of NC1 circuit,the branching program(BP)can be used to calculate the encrypted data.Therefore,we proposed the two following schemes,achieving lattice-based homomorphic proxy re-encryption scheme via BP and towards multi-hop lattice-based homomorphic identity-based proxy re-encryption scheme via BP.The two solutions,not only solve the multi-hop problem of lattice-based proxy re-encryption scheme and lattice-based identity proxy re-encryption scheme efficiently,but also make the ciphertext support homomorphic addition and multiplication simultaneously.It is believed that the research work of this paper can enrich and develop the theoretical research of lattice-based cryptography and FHE.At the same time,it also provides a reference of lattice-based FHE.Most importantly,it has great scientific significance and application value to ensure the safety and privacy of data in the cloud computing environment.