Questions tagged [homomorphic-encryption]
Cryptosystems which support computation on encrypted data. They might be partially homomorphic (support for one operation such as + or *) or they might be fully homomorphic (any sequence of + and *).
912
questions
0
votes
0
answers
26
views
Homomorphic Max For Two Distances
I have a interesting geometric problem involving distances on a finite plane. I'll provide the unencrypted mathematical background and proof and after that pose the question as it pertains to HE.
...
4
votes
4
answers
3k
views
Is the XOR of hashes a good hash function?
Definitions:
Let $h$ be a hash function with output size $n$ bytes. Suppose the file $F$ can be divided into chunks of size $n$ bytes $F=f_0+f_1+\dots +f_i$ where the operator "$+$" stands ...
1
vote
0
answers
39
views
Difference between TFHE and CKKS?
What are the differences in parameters while implementing CKKS vs TFHE?
For example modulus size, ring dimensions, bit security. Any pointers to literature would be appreciated
0
votes
0
answers
13
views
Is there any bound on the size of ring dimension for Torus FHE?
I see that all implementations of TFHE in opensource supports 2^10 to 2^12 size of ring dimensions. Is there any specific reason (crypto) behind choosing the value or can we choose higher dimensions (...
0
votes
0
answers
24
views
Does the use of OPRF or OT remove the need of HE in PSI?
I was reading a systematic literature review on Private Set Intersection (PSI) protocols (https://www.sciencedirect.com/science/article/pii/S1574013723000345#sec8), which mentions that the main ...
3
votes
2
answers
514
views
Is ElGamal homomorphic encryption using additive groups works only for Discrete Log ElGamal? What about EC ElGamal?
It is known that in Discrete Log ElGamal encryption, the ciphertext $E$ is encrypted as:
$a\ =\ g^k$, where $k$ - random scalar from $[0,\ p)$, $g$ - group generator
$b\ =\ (Y^k*m)\mod\ p$, where $Y$ -...
0
votes
0
answers
42
views
Can there be fully homomorphic encryption with this property?
Lets say Alice has data D and wants to send this data for Bob to process it with algorithm A. Is it possible to encrypt D so that it can only be used to run algorithm A? Alice and Bob will communicate ...
1
vote
0
answers
65
views
Formal connection between fully homomorphic encryption schemes and field homomorphism
In fully homomorphic encryptions schemes (FHE), we aim to preserve both additional and multiplication operations in the encrypted space such that the operations can be decrypted later. This concept ...
2
votes
1
answer
82
views
Question Regarding Idenitities of Gentry's Homomorphic Encryption on LWE
In the paper Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based Gentry introduces the following identity $\mathbf{a} \in \mathbb Z^n,\mathbf{...
0
votes
0
answers
33
views
Zero-Knowledge Proof of a number being generated "randomly" (similar to a dice roll)
If party1 asks other parties to give a random number, for simplicity, say in a range from 1 to 6 (like in a dice). Is it possible for party1 to ensure that the number received is in a given range and ...
1
vote
0
answers
18
views
Mental Poker: Can the shuffle of the deck be done Publicaly by a single player at the start of the game
Ref: Mental Poker Revisited by Barnett and Smart.
I am looking at mental poker problem.
Generally, the shuffling process is done by a single player who starts the game and not by all players.
But, in ...
1
vote
0
answers
47
views
Where are the bad and good lattice basis for LWE's ciphertext: (as+e+Δm, a)?
Letś talk about LWE with 2 dimensions. I've seen somewhere they talking about encrypting with the good basis (public key) and then only the bad basis can decrypt.
I assume that the bad basis is the ...
0
votes
1
answer
44
views
Can Batch Encode and Bootstrapping Be Used Together
I have referenced some documents stating that "To implement bootstrapping, the plaintext modulus 𝑡
needs to be chosen as a prime power." Meanwhile, the SEAL library documentation on Batch ...
1
vote
2
answers
96
views
Real-or-Random Security (IND$-CPA) for Homomorphic Encryption?
I am reading papers about homomorphic encryption recently. To my knowledge, all of them opts for the Left-or-Right security i.e. distinguish between $M_0$ and $M_1$ given $\mathcal{E}_K(M_b)$ for $b \...
1
vote
1
answer
56
views
Literature on Batching in FHE
From what I understand, the folklore way to batch Ring-LWE style cipher texts is to use the Chinese remainder theorem. I am wondering if there are any different approaches/optimizations to this style ...