Paillier and the Rise of Somewhat Homomorphic Encryption

Motivation:

In 1978, Rivest, Adleman and Dertouzos [1] introduced the idea of performing computations directly on encrypted data without using secret key. This concept is known as homomorphic encryption. However, their first proposal supported only one type of operation, either addition or multiplication, on encrypted data. Such schemes are called partially homomorphic encryption (PHE).

Later, in 1999, Paillier [2] improved this concept by designing an encryption scheme that allows both addition and multiplication on encrypted data, but only a limited number of times. This type of scheme is called somewhat homomorphic encryption (SHE).


Paillier Encryption:

Paillier encryption is a probabilistic asymmetric algorithm, which means it uses separate keys for encryption and decryption and also introduces randomness during encryption to ensure that the same message never encrypts to the same ciphertext. It supports important homomorphic properties that make it useful in privacy preserving applications.

The scheme works as follows.

1. Key Generation

  • Choose two large prime numbers p1p_1and p2p_2.

  • Compute n=p1p2n = p_1 \cdot p_2

  • Compute λ=lcm(p11,p21)\lambda = \text{lcm}(p_1 - 1, p_2 - 1).

  • Select a random generator gZn2g \in \mathbb{Z}_{n^2}^*.

  • Compute μ=(L(gλmodn2))1modn\mu = \left(L(g^{\lambda} \bmod n^2)\right)^{-1} \bmod n, where L(u)=u1nL(u) = \frac{u - 1}{n}.

The public key is (n,g)(n, g) and the private key is (λ,μ).



(\lambda, \mu)



References: 
We thanks to..

[1] Ronald L Rivest, Len Adleman, Michael L Dertouzos. ON DATA BANKS AND PRIVACY HOMOMORPHISM. Foundations of Secure Computation, 4(11):169–180, 1978.

[2] Pascal Paillier. Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In International conference on the theory and applications of cryptographic techniques, pages 223–238, 1999.




Comments

Post a Comment

Popular posts from this blog

Homomorphic Encryption: A Basic Idea

Image
Homomorphic encryption has the same aim as other encryption-decryption mechanisms: maintaining confidentiality, security, privacy, etc.  In this blog, we will see homomorphic encryption and its type.  Homomorphic Encryption (HE):  It is an encryption that computes operations over encrypted data without decrypting it (or without the need for a secret key).  Mathematically speaking in a client-server architecture: client has message 'm' and function f. The task of client is to compute f(m). Due to computational expensiveness (maybe one of the reason) client sends encryption of message (say Enc(m)) and 'f' to the server. Server will compute function over encrypted message, that is, f(Enc(m)), and return the result to the client, that is, Enc(f(m)). Client will decrypt it Dec(Enc(f(m)), that is, f(m). Hence, client achieves f(m).  Let's understand HE with our daily life (Tea making process): Figure 1. Here m is message, Enc is encryption, f is function, and Eval in...
Read more

Elliptic Curve Cryptography (ECC) and ECDSA

Image
Elliptic Curve Cryptography (ECC) Elliptic curve (EC) was first introduced by Neal Kobiltz and Victor Miller in 1985. Elliptic curve is a non-singular curve that is operated on a finite field Zq (where q is the order of elliptic curve). EC consists of set of points that satisfies the following equation as follows.                                                                   Y 2 = X 3 + aX + b Where {X,Y,a,b} ∈ Zq, and 4a 3 + 27b 2 ≠ 0. Next, we discuss the encryption and decryption mechanism between two parties (Say α and γ ). Remark 1: Elements selected from party α is represented by capital letters whereas elements selected from party γ is represented by small letters. i) Key Generation: 1. Secret key: Each party α and γ selects secret keys S ∈ Zq and s ∈ Zq. 2. Public key: P ...
Read more

Fast Base Conversion and Its Application

Image
Fast Base Conversion (FBC) is a technique used to convert a number from one modulus space to another. For example, if we have 14 m o d     77 14 \mod 77  and want to convert it to x m o d     390 x \mod 390 , FBC is widely used. Mathematically, it can be represented as follows: Here, the above equation represents an integer x x  in modulus q q , and FBC converts this integer into the modulus space t t . The modulus q q  is the product of small coprime moduli (i.e., q = q 1 q 2 … q k q = q_1 q_2 \dots q_k ​ ), and x x  is an integer such that x ∈ [ 0 , q ) x \in [0, q) . We also note that q q  and t t  are coprime numbers. Here, we remark that it is not necessary for the above equation to produce the exact result for x x . Instead of x m o d     t x \mod t , it will provide x ′ m o d     t x' \mod t . Thus, the output of the above equation is as follows: FBC ( x , q , t )  =  x  +  A q  mod  t , where A ∈ [ 0 , k − 1 ] A \in [0,...
Read more