Packed leveled fully homomorphic signatures from ideal lattices

Shaar, Daniel.

Author(s)

Shaar, Daniel.

Download1098180403-MIT.pdf (350.9Kb)

Other Contributors

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science.

Advisor

Vinod Vaikuntanathan.

Terms of use

MIT theses are protected by copyright. They may be viewed, downloaded, or printed from this source but further reproduction or distribution in any format is prohibited without written permission. http://dspace.mit.edu/handle/1721.1/7582

Metadata

Show full item record

Abstract

Fully homomorphic signature (FHS) schemes allow users to cryptographically verify the results of arbitrary computation on their signed data by an untrusted server. In a leveled scheme, the maximal circuit depth d of the computation must be fixed during setup. More concretely, a user Alice signs a large dataset {x₁,....,xN} yielding short signatures {[sigma]₁,....,[sigma]N}. She then sends the signed dataset to Bob, an untrusted party, who will perform some computation y = g(x₁,....,xN). Bob will then homomorphically derive a new short signature [sigma][subscript g,y], such that anyone with Alice's verification key can verify the correctness of the computation without the underlying dataset. In this work, we modify a previous FHS scheme [GVW15] by basing our solution on the hardness of the ring small integer solution problem (Ring-SIS) in ideal lattices. Working in this ring setting allows for shorter signatures, smaller key sizes, and more ecient computation.

To further improve the eciency of this signature scheme, we also show how to sign a collection of many data items with one short signature. This packing technique is based on batch optimization techniques introduced in [BGV12]. As a modular building block for our homomorphic signature scheme construction, we present a homomorphic trapdoor function (HTDF) construction that supports all functions on its inputs. Additionally, when working with packed inputs, we support two types of operations - pairwise addition (l-Add) and pairwise multiplication (l-Mult). Unlike in [GHS12], we do not show how to perform a data permutation operation (l-Permute), which would allow for arbitrary computation on packed data. Finally, we present an implementation using the PALISADE Lattice Cryptography Library, which we benchmark on certain operations motivated by practical applications.

We utilize PALISADE's implementation of an ecient Gaussian sampling algorithm for lattice trapdoors [GPR+17], which is based on the ring setting of [MP12].

Description

This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.

Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2018

Cataloged from student-submitted PDF version of thesis.

Includes bibliographical references (page 20).

Date issued

2018

URI

https://hdl.handle.net/1721.1/121640

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Publisher

Massachusetts Institute of Technology

Keywords

Electrical Engineering and Computer Science.

Collections

Graduate Theses