[Resource Topic] 2012/099: Homomorphic Evaluation of the AES Circuit

Welcome to the resource topic for 2012/099

Title:
Homomorphic Evaluation of the AES Circuit

Authors: Craig Gentry, Shai Halevi, Nigel P. Smart

Abstract:

We describe a working implementation of leveled homomorphic encryption (with or without bootstrapping) that can evaluate the AES-128 circuit. This implementation is built on top of the HElib library, whose design was inspired by an early version of the current work. Our main implementation (without bootstrapping) takes about 4 minutes and 3GB of RAM, running on a small laptop, to evaluate an entire AES-128 encryption operation. Using SIMD techniques, we can process upto 120 blocks in each such evaluation, yielding an amortized rate of just over 2 seconds per block. For cases where further processing is needed after the AES computation, we describe a different setting that uses bootstrapping. We describe an implementation that lets us process 180 blocks in just over 18 minutes using 3.7GB of RAM on the same laptop, yielding amortized 6 seconds/block. We note that somewhat better amortized per-block cost can be obtained using “byte-slicing” (and maybe also “bit-slicing”) implementations, at the cost of significantly slower wall-clock time for a single evaluation.

ePrint: https://eprint.iacr.org/2012/099

Talk: https://www.youtube.com/watch?v=Ama8PBxbVNU

Slides: https://iacr.org/cryptodb/archive/2012/CRYPTO/presentation/17-1-Smart.pdf

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .