[Resource Topic] 2012/078: Fully Homomorphic Encryption without Modulus Switching from Classical GapSVP

Welcome to the resource topic for 2012/078

Title:
Fully Homomorphic Encryption without Modulus Switching from Classical GapSVP

Authors: Zvika Brakerski

Abstract:

We present a new tensoring technique for LWE-based fully homomorphic encryption. While in all previous works, the ciphertext noise grows quadratically (B \to B^2\cdot\poly(n)) with every multiplication (before refreshing''), our noise only grows linearly ($B \to B\cdot\poly(n)$). We use this technique to construct a \emph{scale-invariant} fully homomorphic encryption scheme, whose properties only depend on the ratio between the modulus $q$ and the initial noise level $B$, and not on their absolute values. Our scheme has a number of advantages over previous candidates: It uses the same modulus throughout the evaluation process (no need for modulus switching’'), and this modulus can take arbitrary form, including a power of 2 which carries obvious advantages for implementation. In addition, security can be \emph{classically} reduced to the worst-case hardness of the GapSVP problem (with quasi-polynomial approximation factor), whereas previous constructions could only exhibit a quantum reduction to GapSVP.

ePrint: https://eprint.iacr.org/2012/078

Talk: https://www.youtube.com/watch?v=S_Bhir1bst0

Slides: https://iacr.org/cryptodb/archive/2012/CRYPTO/presentation/17-2-Brakerski.pdf

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .