Motivation

Secure Multi-Party Computation (MPC) protocols enable a group of parties to securely compute joint functions over their private inputs without revealing any information beyond the output. Homomorphic encryption (HE) approaches have been known to reduce the communication complexity of MPC [1]. HE is a scheme that supports computation on encrypted data. Concretely, HE schemes enable secure outsourcing computation in an untrusted cloud and have a wide range of applications between multiple data providers. In MPC, multiple parties should build an interactive protocol to evaluate a circuit without revealing auxiliary information beyond the computation result, but it usually suffers from a high communication and round complexity. There are some scenarios where an interactive circuit evaluation does not fit the system and network model. To solve these issues, Multi-Party HE (MPHE) can be used to design round-efficient MPC protocols with minimal communication cost [2,3,4].

Mouchet et al. [4] proposed an MPC solution based on BFV [5] and CKKS [6] homomorphic encryption schemes in the semi-honest model with a dishonest majority, based on MPHE. López-Alt et al. [7] proposed a Multi-Key Homomorphic Encryption (MKHE) scheme, which is a cryptographic primitive performing arithmetic operations on encrypted ciphertexts under different keys. Chen et al. [3] present multi-key variants of BFV and CKKS with packed ciphertexts by adapting the state-of-the-art bootstrapping algorithms to the multi-key scenario. In the same line of work, Chen et al. proposed an MKHE scheme [2] by generalizing the low-latency homomorphic encryption by Chillotti et al. [8]. They evaluated a binary gate on ciphertexts encrypted under different keys followed by a bootstrapping.

Most of the current HE schemes can be classified into Arithmetic Circuit-based HE (such as BFV [5] and CKKS [6]) and Boolean Circuit-based HE (such as FHEW [9] and TFHE [8]). Each type has its advantages and disadvantages. It becomes challenging to compute non-polynomial functions like min/max on the ciphertexts of Arithmetic Circuit-based HE schemes, and to compute polynomial functions like multiplication over Boolean Circuit-based HE. In another line of research, to address this issue, the CHIMERA framework [10] allows to switch between TFHE ciphertexts and ciphertexts of the torus variant of the CKKS/BFV schemes to enable to perform arithmetic operations via CKKS/BFV and to compute Boolean gates via TFHE. Recently, PEGASUS [11] allows to efficiently switch back and forth between a packed CKKS ciphertext and FHEW ciphertexts without decryption, allowing to evaluate arithmetic functions via CKKS and LUTs on FHEW ciphertexts. This work will consider conversions between different Multi-Party Homomorphic Encryption (MPHE) schemes.

Goal

All the previous works were purely abstract and far from practical for real-world applications. In particular, the efficiency of MPHE remained an open question because there has been no analysis and study to compare and combine them. At the first stage, this thesis will study and analyze different MPHE schemes, especially the works proposed in [2,3,4] and the conversion between them. Such an analysis is essential to understand better which MPHE scheme to use in which use case and for which part of secure computation. Then, the thesis will propose a practical hybrid solution for combining and switching between popular MPHE schemes inspired by [10, 11]. More concretely, the thesis should design and implement a mixed protocol framework that efficiently combines secure computation schemes based on MPHE. In the end, an implementation of hybrid MPHE schemes is provided and the performance is experimentally evaluated for basic applications that involve combinations of arithmetic and boolean operations such as modular exponentiation, private set intersection, biometric matching, supervised and unsupervised machine learning. The performance of the applications should be compared against solutions that are based purely on MPHE of Boolean Circuits and should also be compared with the performance that can be achieved by interactive solutions based on state-of-the-art MPC (e.g., by comparing with corresponding benchmarks from the MOTION paper [12]).

Requirements

• Good programming skills in C/C++
• At least basic knowledge of lattice-based cryptography
• High motivation + ability to work independently
• Knowledge of the English language, Git, LaTeX, etc. goes without saying

References

• [1] Craig Gentry. Fully homomorphic encryption using ideal lattices (opens in new tab). In STOC, 2009.
• [2] Hao Chen, Ilaria Chillotti, and Yongsoo Song. Multi-key homomorphic encryption from TFHE. In ASIACRYPT, 2019.
• [3] Hao Chen, Wei Dai, Miran Kim, and Yongsoo Song. Efficient multi-key homomorphic encryption with packed ciphertexts with application to oblivious neural network inference. In CCS, 2019.
• [4] Christian Mouchet, Juan Troncoso-Pastoriza, Jean-Philippe Bossuat, and Jean-Pierre Hubaux. Multiparty homomorphic encryption from ring learning with errors. In PETS, 2021.
• [5] Junfeng Fan and Frederik Vercauteren. Somewhat practical fully homomorphic encryption. IACR Cryptol. ePrint Arch., 2012:144.
• [6] Jung Hee Cheon, Andrey Kim, Miran Kim, and Yongsoo Song. Homomorphic encryption for arithmetic of approximate numbers. In ASIACRYPT, 2017.
• [7] Adriana López-Alt, Eran Tromer, and Vinod Vaikuntanathan. On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption. In STOC, 2012.
• [8] Ilaria Chillotti, Nicolas Gama, Mariya Georgieva, and Malika Izabachene. Faster fully homomorphic encryption: Bootstrapping in less than 0.1 seconds. In ASIACRYPT, 2016.
• [9] Léo Ducas and Daniele Micciancio. FHEW: Bootstrapping homomorphic encryption in less than a second. In EUROCRYPT, 2015.
• [10] Christina Boura, Nicolas Gama, Mariya Georgieva, and Dimitar Jetchev. Chimera: Combining ring-lwe-based fully homomorphic encryption schemes. Journal of Mathematical Cryptology, 2020.
• [11] Wen-jie Lu, Zhicong Huang, Cheng Hong, Yiping Ma, and Hunter Qu. Pegasus: Bridging polynomial and nonpolynomial evaluations in homomorphic encryption. In IEEE S&P, 2021.
• [12] Lennart Braun, Daniel Demmler, Thomas Schneider, and Oleksandr Tkachenko. MOTION – A framework for mixed-protocol multi-party computation. In ” Cryptology ePrint Archive, Report 2020/1137.

Supervisor

• Hossein Yalame, M.Sc.
• Prof. Dr.-Ing. Thomas Schneider ( schneider@encrypto.cs.tu-…)