请输入您要查询的百科知识:

 

词条 Homomorphic encryption
释义

  1. Fully Homomorphic Encryption

     Homomorphic Cryptosystems In Current Use  Implementations  History of Homomorphic Cryptosystems  Gentry's cryptosystem  Cryptosystem over the integers 

  2. Partially homomorphic cryptosystems

     Unpadded RSA  ElGamal  Goldwasser–Micali  Benaloh  Paillier  Other partially homomorphic cryptosystems 

  3. Applications

     Encrypted database querying  Bitcoin split-key vanity mining 

  4. See also

  5. References

  6. External links

Homomorphic encryption is a form of encryption that allows computation on ciphertexts, generating an encrypted result which, when decrypted, matches the result of the operations as if they had been performed on the plaintext.

Homomorphic encryption can be used for secure outsourced computation, for example secure cloud computing services, and securely chaining together different services without exposing sensitive data. For example, services from different companies can calculate 1) the tax, 2) the currency exchange rate, and 3) shipping on a transaction without exposing the unencrypted data to each of those services.[1] Homomorphic encryption can also be used to create other secure systems such as secure voting systems,[2] collision-resistant hash functions, private set intersection, and private information retrieval schemes. In typically highly regulated industries, such as health care, homomorphic encryption can be used to enable new services by removing privacy barriers inhibiting data sharing. For example, predictive analytics in health care can be hard to utilize due to medical data privacy concerns, but if the predictive analytics service provider can operate on encrypted data instead these privacy concerns are diminished.

Homomorphic encryption schemes are inherently malleable. In terms of malleability, homomorphic encryption schemes have weaker security properties than non-homomorphic schemes.

Fully Homomorphic Encryption

A cryptosystem that supports {{em|arbitrary computation}} on ciphertexts is known as fully homomorphic encryption (FHE). Such a scheme enables the construction of programs for any desirable functionality, which can be run on encrypted inputs to produce an encryption of the result. Since such a program need never decrypt its inputs, it can be run by an untrusted party without revealing its inputs and internal state.

Fully homomorphic cryptosystems have great practical implications in the outsourcing of private computations, for instance, in the context of cloud computing.[3]

Homomorphic Cryptosystems In Current Use

Although there is a long history of homomorphic encryption research, the homomorphic cryptosystems in current use are derived from techniques that were developed starting in 2011-2012 by Zvika Brakerski, Craig Gentry, Vinod Vaikuntanathan, and others. These innovations led to the development of much more efficient somewhat and fully homomorphic cryptosystems. These include:

  • The Brakerski-Gentry-Vaikuntanathan cryptosystem (BGV),[4] building on techniques of Brakerski-Vaikuntanathan.[5]
  • Brakerski's {{em|scale-invariant}} cryptosystem.[6]
  • The NTRU-based cryptosystem due to Lopez-Alt, Tromer, and Vaikuntanathan (LTV).[7]
  • The Gentry-Sahai-Waters cryptosystem (GSW).[8]
  • The Brakerski/Fan-Vercauteren cryptosystem (BFV).[9]
  • The Cheon-Kim-Kim-Song cryptosystem (CKKS).[10]

The security of most of these schemes is based on the hardness of the Learning with errors problem, except for the LTV scheme whose security is based on a variant of the NTRU computational problem, and the FV scheme which is based on the Ring Learning with errors variant of this problem. The distinguishing characteristic of these cryptosystems is that they all feature much slower growth of the noise during the homomorphic computations.

Additional optimizations by Craig Gentry, Shai Halevi, and Nigel Smart resulted in cryptosystems with nearly optimal asymptotic complexity: Performing operations on data encrypted with security parameter has complexity of only .[11][12][13]

These optimizations build on the Smart-Vercauteren techniques that enables packing of many plaintext values in a single ciphertext and operating on all these plaintext values in a SIMD fashion.[14]

Many of the advances in these second-generation cryptosystems were also ported to the cryptosystem over the integers.[15][16]

Zvika Brakerski and Vinod Vaikuntanathan observed that for certain types of circuits, the GSW cryptosystem features an even slower growth rate of noise, and hence better efficiency and stronger security.[14]Jacob Alperin-Sheriff and Chris Peikert then described a very efficient bootstrapping technique that uses exactly this type of circuits[15]

This type of circuits, however, seems incompatible with the ciphertext-packing techniques, and hence the Gentry-Halevi-Smart optimizations[11] cannot be applied here.

All the second-generation cryptosystems still follow the basic blueprint of Gentry's original construction, namely they first construct a somewhat-homomorphic cryptosystem that handles noisy ciphertexts, and then convert it to a fully homomorphic cryptosystem using bootstrapping.

Implementations

There are several implementation of current fully homomorphic encryption available in open source libraries:

  • HElib[16] by Shai Halevi and Victor Shoup that implements the BGV cryptosystem with the GHS optimizations;
  • PALISADE[17] by a consortium of defense contractors and academics funded by DARPA, IARPA, NIH and Sloan Foundation, including New Jersey Institute of Technology, Duality Technologies, Raytheon BBN Technologies, MIT, University of California, San Diego and others. PALISADE is a framework for implementing lattice cryptography primitives and comes with implementations of multiple fully homomorphic encryption schemes including the BFV[9] and BGV cryptosystems;
  • HEAAN[18] by Seoul National University, the original homomorphic encryption library that implements CKKS[10] cryptosystem including a bootstrapping algorithm[19];
  • Microsoft SEAL[20] by Microsoft implements the BFV[9] and the CKKS[10] encryption schemes;
  • FHEW[21] by Leo Ducas and Daniele Micciancio that implements a combination of Regev's LWE cryptosystem with the bootstrapping techniques of Alperin-Sheriff and Peikert,[15];
  • TFHE[22] by Ilaria Chillotti, Nicolas Gama, Mariya Georgieva and Malika Izabachene that proposes a faster variant over the Torus with an intuitive API to evaluate boolean circuits.

Some of these libraries implement bootstrapping: HElib reports a time of 5–10 minutes for bootstrapping a packed ciphertext with about 1000 plaintext values,[23]

FHEW reports a time of around {{Half}} second for bootstrapping a non-packed ciphertext encrypting a single bit,[24]

TFHE reports a time of 13 milliseconds for evaluating any bootstrapped binary gate on non-packed ciphertexts encrypting a single bit,[25]

and HEAAN reports a time of 2 minutes for bootstrapping a packed ciphertext with 128 plaintext values of 12-bit precision.[19]

In late 2014, a re-implementation of homomorphic evaluation of the AES-encryption circuit using HElib reported an evaluation time of just over 4 minutes on 120 inputs, bringing the amortized per-input time to about 2 seconds.[16]

A standardization effort for homomorphic encryption maintains another list of implementations.

History of Homomorphic Cryptosystems

The problem of constructing a fully homomorphic encryption scheme was first proposed in 1978, within a year of the development of RSA.[26] For more than 30 years, it was unclear whether a solution existed. During that period, partial results included the Sander-Young-Yung system, which after more than 20 years solved the problem for logarithmic depth circuits;[27] the Boneh–Goh–Nissim cryptosystem, which supports evaluation of an unlimited number of addition operations but at most one multiplication;[28]

and the Ishai-Paskin cryptosystem, which supports evaluation of polynomial-size branching programs.[29]

Gentry's cryptosystem

Craig Gentry,[30] using lattice-based cryptography, described the first plausible construction for a fully homomorphic encryption scheme. Gentry's scheme supports both addition and multiplication operations on ciphertexts, from which it is possible to construct circuits for performing arbitrary computation.

The construction starts from a somewhat homomorphic encryption scheme, which is limited to evaluating low-degree polynomials over encrypted data. (It is limited because each ciphertext is noisy in some sense, and this noise grows as one adds and multiplies ciphertexts, until ultimately the noise makes the resulting ciphertext indecipherable.) Gentry then shows how to slightly modify this scheme to make it bootstrappable, i.e., capable of evaluating its own decryption circuit and then at least one more operation. Finally, he shows that any bootstrappable somewhat homomorphic encryption scheme can be converted into a fully homomorphic encryption through a recursive self-embedding.

For Gentry's "noisy" scheme, the bootstrapping procedure effectively "refreshes" the ciphertext by applying to it the decryption procedure homomorphically, thereby obtaining a new ciphertext that encrypts the same value as before but has lower noise. By "refreshing" the ciphertext periodically whenever the noise grows too large, it is possible to compute arbitrary number of additions and multiplications without increasing the noise too much.

Gentry based the security of his scheme on the assumed hardness of two problems: certain worst-case problems over ideal lattices, and the sparse (or low-weight) subset sum problem.

Gentry's Ph.D. thesis[31]

provides additional details.

Regarding performance, ciphertexts in Gentry's scheme remain compact insofar as their lengths do not depend at all on the complexity of the function that is evaluated over the encrypted data, but the scheme is impractical, and its ciphertext size and computation time increase sharply as one increases the security level.

Several optimizations and refinements were proposed by Damien Stehle and Ron Steinfeld,[32]

Nigel Smart and Frederik Vercauteren,[33][34]

and Craig Gentry and Shai Halevi,[35][36]

the latter obtaining the first working implementation of Gentry's fully homomorphic encryption.

There have been several early implementations of fully homomorphic encryption capabilities. The Gentry-Halevi implementation of the above mentioned Gentry's original cryptosystem;[36] reported timing of about 30 minutes per basic bit operation. Extensive design and implementation work in subsequent years have improved upon these early implementations by many orders of magnitude runtime performance.

An early implementation from 2012 due to Gentry, Halevi, and Smart (GHS)[13] of a variant of the BGV cryptosystem,[4] reported evaluation of a complex circuit (implementing the encryption procedure of the AES cipher) in 36 hours. Using the packed-ciphertext techniques, that implementation could evaluate the same circuit on 54 different inputs in the same 36 hours, yielding amortized time of roughly 40 minutes per input. This AES-encryption circuit was adopted as a benchmark in several follow-up works,[15][37][38] gradually bringing the evaluation time down to about four hours and the per-input amortized time to just over 7 seconds.

Cryptosystem over the integers

In 2010, Marten van Dijk, Craig Gentry, Shai Halevi and Vinod Vaikuntanathan presented a second fully homomorphic encryption scheme,[39]

which uses many of the tools of Gentry's construction, but which does not require ideal lattices. Instead, they show that the somewhat homomorphic component of Gentry's ideal lattice-based scheme can be replaced with a very simple somewhat homomorphic scheme that uses integers. The scheme is therefore conceptually simpler than Gentry's ideal lattice scheme, but has similar properties with regards to homomorphic operations and efficiency. The somewhat homomorphic component in the work of van Dijk et al. is similar to an encryption scheme proposed by Levieil and Naccache in 2008,[40] and also to one that was proposed by Bram Cohen in 1998.[41]

Cohen's method is not even additively homomorphic, however. The Levieil–Naccache scheme supports only additions, but it can be modified to also support a small number of multiplications.

Many refinements and optimizations of the scheme of van Dijk et al. were proposed in a sequence of works by Jean-Sébastien Coron, Tancrède Lepoint, Avradip Mandal, David Naccache, and Mehdi Tibouchi.[42][43][44][45]

Some of these works included also implementations of the resulting schemes.

Partially homomorphic cryptosystems

In the following examples, the notation is used to denote the encryption of the message .

Unpadded RSA

If the RSA public key is modulus and exponent , then the encryption of a message is given by . The homomorphic property is then

ElGamal

In the ElGamal cryptosystem, in a cyclic group of order with generator , if the public key is , where , and is the secret key, then the encryption of a message is , for some random . The homomorphic property is then

Goldwasser–Micali

In the Goldwasser–Micali cryptosystem, if the public key is the modulus m and quadratic non-residue x, then the encryption of a bit b is , for some random . The homomorphic property is then

where denotes addition modulo 2, (i.e. exclusive-or).

Benaloh

In the Benaloh cryptosystem, if the public key is the modulus m and the base g with a blocksize of c, then the encryption of a message x is , for some random . The homomorphic property is then

Paillier

In the Paillier cryptosystem, if the public key is the modulus m and the base g, then the encryption of a message x is , for some random . The homomorphic property is then

Other partially homomorphic cryptosystems

  • Okamoto–Uchiyama cryptosystem
  • Naccache–Stern cryptosystem
  • Damgård–Jurik cryptosystem
  • Sander-Young-Yung encryption scheme
  • Boneh–Goh–Nissim cryptosystem
  • Ishai-Paskin cryptosystem

Applications

Encrypted database querying

Typical database encryption leaves the database encrypted at rest, but when queries are performed the data must be decrypted in order to be parsed. Homomorphic encryption schemes have been devised such that database queries can run against ciphertext data directly.[46] It must be noted that in this paper, the authors have accepted that they have used simple and non secure homomorphic scheme and still it takes a huge toll on the performance. For e.g. a 16 bit multiplication takes approximately 24 minutes.

Bitcoin split-key vanity mining

Bitcoin addresses are hashes of public keys from ECDSA key pairs. A vanity address is an address generated from parameters such that the resultant hash contains a human-readable string (e.g., 1BoatSLRHtKNngkdXEeobR76b53LETtpyT). Given that ECDSA key pairs have homomorphic properties for addition and multiplication, one can outsource the generation of a vanity address without having the generator know the full private key for this address.

For example,

  1. Alice generates a private key (a) and public key (A) pair, and publicly posts A.
  2. Bob generates a key pair (b, B) such that hash(A + B) results in a desired vanity address. He sells b and B to Alice. A, B, and b are publicly known, so one can verify that the address = hash(A + B) is desired.
  3. Alice computes the combined private key (a + b) and uses it as the private key for the public key (A + B).

Similarly, multiplication could be used instead of addition.

See also

  • Homomorphic secret sharing
  • Homomorphic signatures for network coding
  • Private biometrics
  • Verifiable computing using a fully homomorphic scheme
  • Client-side encryption
  • Secure multi-party computation
  • Format-preserving encryption

References

1. ^{{cite web |author=Craig Stuntz|date=2010-03-18|title=What is Homomorphic Encryption, and Why Should I Care?|url=https://community.embarcadero.com/blogs/entry/what-is-homomorphic-encryption-and-why-should-i-care-38566}}
2. ^{{cite web|author=Ron Rivest|date=2002-10-29|title=Lecture Notes 15: Voting, Homomorphic Encryption|url=http://web.mit.edu/6.857/OldStuff/Fall02/handouts/L15-voting.pdf}}
3. ^{{cite web|title=A First Glimpse of Cryptography's Holy Grail|author=Daniele Micciancio|url=http://cacm.acm.org/magazines/2010/3/76275-a-first-glimpse-of-cryptographys-holy-grail/fulltext|publisher=Association for Computing Machinery|date=2010-03-01|page=96|accessdate=2010-03-17}}
4. ^Z. Brakerski, C. Gentry, and V. Vaikuntanathan. Fully Homomorphic Encryption without Bootstrapping. In ITCS 2012
5. ^Z. Brakerski and V. Vaikuntanathan. Efficient Fully Homomorphic Encryption from (Standard) LWE. In FOCS 2011 (IEEE)
6. ^Z. Brakerski. Fully Homomorphic Encryption without Modulus Switching from Classical GapSVP. In CRYPTO 2012 (Springer)
7. ^A. Lopez-Alt, E. Tromer, and V. Vaikuntanathan. [https://eprint.iacr.org/2013/094 On-the-Fly Multiparty Computation on the Cloud via Multikey Fully Homomorphic Encryption]. In STOC 2012 (ACM)
8. ^C. Gentry, A. Sahai, and B. Waters. Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based. In CRYPTO 2013 (Springer)
9. ^{{cite journal|last1=Fan |first1=Junfeng|last2=Vercauteren |first2=Frederik|title=Somewhat Practical Fully Homomorphic Encryption|url=https://eprint.iacr.org/2012/144|date=2012}}
10. ^{{cite conference |last1=Cheon |first1=Jung Hee |last2=Kim |first2=Andrey |last3=Kim |first3=Miran |last4=Song |first4=Yongsoo |title=Homomorphic encryption for arithmetic of approximate numbers |publisher=Springer, Cham |conference=ASIACRYPT 2017 |date=2017 |book-title=Takagi T., Peyrin T. (eds) Advances in Cryptology – ASIACRYPT 2017 |pages=409–437|doi=10.1007/978-3-319-70694-8_15 }}
11. ^C. Gentry, S. Halevi, and N. P. Smart. Fully Homomorphic Encryption with Polylog Overhead. In EUROCRYPT 2012 (Springer)
12. ^C. Gentry, S. Halevi, and N. P. Smart. Better Bootstrapping in Fully Homomorphic Encryption. In PKC 2012 (SpringeR)
13. ^C. Gentry, S. Halevi, and N. P. Smart. Homomorphic Evaluation of the AES Circuit. In CRYPTO 2012 (Springer)
14. ^Z. Brakerski and V. Vaikuntanathan. Lattice-Based FHE as Secure as PKE. In ITCS 2014
15. ^J. Alperin-Sheriff and C. Peikert. Faster Bootstrapping with Polynomial Error. In CRYPTO 2014 (Springer)
16. ^{{cite web|title=HElib: An Implementation of homomorphic encryption|url=https://github.com/shaih/HElib|author=Shai Halevi|author2=Victor Shoup|accessdate=31 December 2014}}
17. ^{{cite web|title=PALISADE Lattice Cryptography Library|url=palisade-crypto.org|accessdate=1 January 2019}}
18. ^{{cite web|title=Homomorphic Encryption for Arithmetic of Approximate Numbers|url=https://github.com/snucrypto/HEAAN|author=Jung Hee Cheon|author2=Kyoohyung Han|author3=Andrey Kim|author4=Miran Kim|author5=Yongsoo Song|accessdate=15 May 2016}}
19. ^Jung Hee Cheon, Kyoohyung Han, Andrey Kim, Miran Kim and Yongsoo Song. [https://eprint.iacr.org/2018/153 Bootstrapping for Approximate Homomorphic Encryption]. In EUROCRYPT 2018(springer).
20. ^{{cite web|author=Microsoft Research|title=Microsoft SEAL|url=https://www.microsoft.com/en-us/research/project/microsoft-seal|accessdate=20 February 2019}}
21. ^{{cite web|title=FHEW: A Fully Homomorphic Encryption library|url=https://github.com/lducas/FHEW|author=Leo Ducas|author2=Daniele Micciancio|accessdate=31 December 2014}}
22. ^{{cite web|title=Faster Fully Homomorphic Encryption: Bootstrapping in less than 0.1 Seconds|url=https://tfhe.github.io/tfhe|author=Ilaria Chillotti|author2=Nicolas Gama|author3=Mariya Georgieva|author4=Malika Izabachene|accessdate=31 December 2016}}
23. ^{{cite web|last1=Halevi|first1=Shai|last2=Shoup|first2=Victor|title=Bootstrapping for HElib|url=http://eprint.iacr.org/2014/873|website=Cryptology ePrint archive|accessdate=2 January 2015}}
24. ^{{cite web|last1=Ducas|first1=Léo|last2=Micciancio|first2=Daniele|title=FHE Bootstrapping in less than a second|url=http://eprint.iacr.org/2014/816|website=Cryptology ePrint archive|accessdate=2 January 2015}}
25. ^{{cite web|last1=Chillotti|first1=Ilaria|last2=Gama|first2=Nicolas|last3=Georgieva|first3=Mariya|last4=Izabachene|first4=Malika|title=Improving TFHE: faster packed homomorphic operations and efficient circuit bootstrapping|url=http://eprint.iacr.org/2017/430|website=Cryptology ePrint archive|accessdate=2 May 2017}}
26. ^R. L. Rivest, L. Adleman, and M. L. Dertouzos. On data banks and privacy homomorphisms. In Foundations of Secure Computation, 1978.
27. ^{{cite book|last1=Sander|first1=Tomas |last2=Young|first2=Adam L.|last3=Yung|first3=Moti |title=Non-Interactive CryptoComputing For NC1|journal=Focs1991|pages=554–566 |doi=10.1109/SFFCS.1999.814630 |year=1999 |isbn=978-0-7695-0409-4 }}
28. ^D. Boneh, E. Goh, and K. Nissim. Evaluating 2-DNF Formulas on Ciphertexts. In Theory of Cryptography Conference, 2005.
29. ^Y. Ishai and A. Paskin. Evaluating branching programs on encrypted data. In Theory of Cryptography Conference, 2007.
30. ^Craig Gentry. Fully Homomorphic Encryption Using Ideal Lattices. In the 41st ACM Symposium on Theory of Computing (STOC), 2009.
31. ^{{cite web|title=A Fully Homomorphic Encryption Scheme (Ph.D. thesis)|url=http://crypto.stanford.edu/craig/|author=Craig Gentry|format=PDF}}
32. ^{{cite journal|last1=Stehle|first1=Damien|last2=Steinfeld|first2=Ron|title=Faster Fully Homomorphic Encryption|journal=Asiacrypt 2010|url=https://eprint.iacr.org/2010/299|year=2010}}
33. ^{{cite journal|last1=Smart|first1=Nigel P.|last2=Vercauteren|first2=Frederik|title=Fully homomorphic encryption with relatively small key and ciphertext sizes|journal=Pkc 2010}}
34. ^{{cite journal|last1=Smart|first1=Nigel P.|last2=Vercauteren|first2=Frederik|title=Fully Homomorphic SIMD Operations |journal=Designs, Codes and Cryptography|volume=71|number=1|pages=57–81 |date=2014|url=http://eprint.iacr.org/2011/133}}
35. ^{{cite journal|last1=Gentry|first1=Craig|last2=Halevi|first2=Shai|title=Fully Homomorphic Encryption without Squashing Using Depth-3 Arithmetic Circuits|journal=Focs 2011|url=https://eprint.iacr.org/2011/279|year=2011}}
36. ^{{cite journal|last1=Gentry|first1=Craig|last2=Halevi|first2=Shai|title=Implementing Gentry's fully-homomorphic encryption scheme|journal=Eurocrypt 2011|url=http://eprint.iacr.org/2010/520|year=2010}}
37. ^Y. Doroz, Y. Hu, and B. Sunar. Homomorphic AES Evaluation using NTRU. In Financial Cryptography 2014
38. ^{{cite journal|title=Accelerating NTRU based Homomorphic Encryption using GPUs|url=http://eprint.iacr.org/2014/389|author=Wei Dai|author2=Yarkin Doroz|author3=Berk Sunar|year=2014}}
39. ^{{cite journal|last1=Marten|first1=van Dijk |last2=Gentry|first2=Craig|last3=Halevi|first3=Shai|last4=Vinod|first4=Vaikuntanathan |title=Fully Homomorphic Encryption over the Integers|journal=Eurocrypt 2010|url=http://eprint.iacr.org/2009/616|year=2009 }}
40. ^{{cite web|title=Cryptographic Test Correction|url=https://www.iacr.org/archive/pkc2008/49390088/49390088.pdf |last1=Levieil |first1=Eric |author-link1=Eric Levieil|last2=Naccache |first2=David |author-link2=David Naccache}}
41. ^{{cite web |title=Simple Public Key Encryption |url=http://bramcohen.com/simple_public_key.html |last=Cohen |first=Bram |author-link=Bram Cohen |deadurl=yes |archiveurl=https://web.archive.org/web/20111007060226/http://bramcohen.com/simple_public_key.html |archivedate=2011-10-07 |df= }}
42. ^{{cite journal|last1=Coron|first1=Jean-Sébastien|last2=Naccache|first2=David|last3=Tibouchi|first3=Mehdi|title=Public Key Compression and Modulus Switching for Fully Homomorphic Encryption over the Integers|journal=Eurocrypt 2012|url=http://eprint.iacr.org/2011/440|year=2011}}
43. ^{{cite journal|last1=Coron|first1=Jean-Sébastien|last2=Mandal|first2=Avradip|last3=Naccache|first3=David |last4=Tibouchi|first4=Mehdi|title=Fully Homomorphic Encryption over the Integers with Shorter Public Keys|journal=Crypto 2011|url=http://eprint.iacr.org/2011/441|year=2011}}
44. ^{{cite journal|last1=Coron|first1=Jean-Sébastien|last2=Lepoint|first2=Tancrède|last3=Tibouchi|first3=Mehdi|title=Batch Fully Homomorphic Encryption over the Integers|journal=Eurocrypt 2013|url=http://eprint.iacr.org/2013/036|year=2013}}
45. ^{{cite journal|last1=Coron|first1=Jean-Sébastien|last2=Lepoint|first2=Tancrède|last3=Tibouchi|first3=Mehdi|title=Scale-Invariant Fully Homomorphic Encryption over the Integers|journal=Pkc 2014|url=http://eprint.iacr.org/2014/032|year=2014}}
46. ^{{cite arXiv |last1=Gahi |first1=Youssef |last2=Guennoun |first2=Mouhcine |last3=El-Khatib | first3=Khalil |eprint=1512.03498 |title=A Secure Database System using Homomorphic Encryption Schemes |date=11 Dec 2015 |class=cs.CR }}

External links

  • HomomorphicEncryption.org; an open standardization effort for fully homomorphic encryption
  • The Swiss Army Knife of Cryptography
  • {{Cite news|url=https://www.americanscientist.org/article/alice-and-bob-in-cipherspace|title=Alice and Bob in Cipherspace|date=September 2012|work=American Scientist|access-date=2018-05-08|language=en}}
  • [https://github.com/hcrypt-project/libScarab The Open Source hcrypt Project]
  • [https://github.com/shaih/HElib HElib], open source homomorphic encryption library for C++
  • [https://github.com/lducas/FHEW FHEW], open source homomorphic encryption library for C and C++
  • [https://git.njit.edu/palisade/PALISADE PALISADE], open source lattice cryptography framework; written in C++
  • [https://www.microsoft.com/en-us/research/project/microsoft-seal Microsoft SEAL], open source homomorphic encryption library by Microsoft; written in C++
  • [https://tfhe.github.io/tfhe TFHE], open source homomorphic encryption library for C and C++
{{DEFAULTSORT:Homomorphic Encryption}}

3 : Cryptographic primitives|Public-key cryptography|Homeomorphisms
随便看

 

开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。

 

Copyright © 2023 OENC.NET All Rights Reserved
京ICP备2021023879号 更新时间:2024/11/11 16:27:04