Packed leveled fully homomorphic signatures from ideal lattices

• dc.contributor.advisor: Vinod Vaikuntanathan.
• dc.contributor.author: Shaar, Daniel.
• dc.contributor.other: Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science.
• dc.date.copyright: 2018
• dc.date.issued: 2018
• dc.identifier.uri: https://hdl.handle.net/1721.1/121640
• dc.description: This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.
• dc.description: Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2018
• dc.description: Cataloged from student-submitted PDF version of thesis.
• dc.description: Includes bibliographical references (page 20).
• dc.description.abstract: Fully homomorphic signature (FHS) schemes allow users to cryptographically verify the results of arbitrary computation on their signed data by an untrusted server. In a leveled scheme, the maximal circuit depth d of the computation must be fixed during setup. More concretely, a user Alice signs a large dataset {x₁,....,xN} yielding short signatures {[sigma]₁,....,[sigma]N}. She then sends the signed dataset to Bob, an untrusted party, who will perform some computation y = g(x₁,....,xN). Bob will then homomorphically derive a new short signature [sigma][subscript g,y], such that anyone with Alice's verification key can verify the correctness of the computation without the underlying dataset. In this work, we modify a previous FHS scheme [GVW15] by basing our solution on the hardness of the ring small integer solution problem (Ring-SIS) in ideal lattices. Working in this ring setting allows for shorter signatures, smaller key sizes, and more ecient computation.
• dc.description.abstract: To further improve the eciency of this signature scheme, we also show how to sign a collection of many data items with one short signature. This packing technique is based on batch optimization techniques introduced in [BGV12]. As a modular building block for our homomorphic signature scheme construction, we present a homomorphic trapdoor function (HTDF) construction that supports all functions on its inputs. Additionally, when working with packed inputs, we support two types of operations - pairwise addition (l-Add) and pairwise multiplication (l-Mult). Unlike in [GHS12], we do not show how to perform a data permutation operation (l-Permute), which would allow for arbitrary computation on packed data. Finally, we present an implementation using the PALISADE Lattice Cryptography Library, which we benchmark on certain operations motivated by practical applications.
• dc.description.abstract: We utilize PALISADE's implementation of an ecient Gaussian sampling algorithm for lattice trapdoors [GPR+17], which is based on the ring setting of [MP12].
• dc.description.statementofresponsibility: by Daniel Shaar.
• dc.format.extent: 20 pages
• dc.language.iso: eng
• dc.publisher: Massachusetts Institute of Technology
• dc.subject: Electrical Engineering and Computer Science.
• dc.type: Thesis
• dc.description.degree: M. Eng.
• dc.contributor.department: Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
• dc.identifier.oclc: 1098180403
• dc.description.collection: M.Eng. Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science
• mit.thesis.degree: Master
• mit.thesis.department: EECS