* Partially sponsored by IARPA SPAR * Partially sponsored by DARPA PROCEED.

Slides:

Advertisements

Similar presentations

Relations, Functions, and Matrices Mathematical Structures for Computer Science Chapter 4 Copyright © 2006 W.H. Freeman & Co.MSCS SlidesThe Mighty Mod.

Advertisements

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.

Secure Evaluation of Multivariate Polynomials

“Advanced Encryption Standard” & “Modes of Operation”

Mathematics of Cryptography Part II: Algebraic Structures

Data Security 1 El_Gamal Cryptography. Data Security2 Introduction El_Gamal is a public-key cryptosystem technique El_Gamal is a public-key cryptosystem.

Paper by: Craig Gentry Presented By: Daniel Henneberger.

Modern Symmetric-Key Ciphers

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.

Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Advanced Information Security 4 Field Arithmetic

Advanced Encryption Standard

A Creative Way of Breaking RSA Azeem Jiva. Overview ● What is RSA? – Public Key Algorithm – Is it secure? ● Ways to break RSA – Discover the Public Key.

1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.

Security Chapters 14,15. The Security Environment Threats Security goals and threats.

Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

Error detection/correction FOUR WEEK PROJECT 1 ITEMS TO BE DISCUSSED 1.0 OVERVIEW OF CODING STRENGTH (3MINS) Weight/distance of binary vectors Error detection.

Chapter 5: Hashing Hash Tables

Section 10.3 Logic Gates.

Simons Institute, Cryptography Boot Camp

Introduction to Computer and Network Security Iliano Cervesato 26 August 2008 – Modern Cryptography.

Announcements: Quizzes graded, but not in gradebook. (Current grade gives 0 on the parts you shouldn’t have done .) Quizzes graded, but not in gradebook.

1 NTRU: A Ring-Based Public Key Cryptosystem Jeffrey Hoffstein, Jill Pipher, Joseph H. Silverman LNCS 1423, 1998.

L1.1. An Introduction to Classical Cryptosystems Rocky K. C. Chang, February 2013.

Hybrid Cipher encryption Plain Text Key Cipher Text Key Plain Text IV Hybrid Cipher decryption Hybrid Cipher Note: IV used in encryption is not used in.

Homomorphic Encryption: WHAT, WHY, and HOW

Section 2.2: Affine Ciphers; More Modular Arithmetic Practice HW (not to hand in) From Barr Textbook p. 80 # 2a, 3e, 3f, 4, 5a, 7, 8 9, 10 (Use affinecipherbreaker.

Number Theory and Advanced Cryptography 1. Finite Fields and AES

Cryptography and Network Security

Week 2 - Wednesday.  What did we talk about last time?  Encryption  Shift ciphers  Transposition ciphers.

Merkle-Hellman Knapsack Cryptosystem Merkle offered $100 award for breaking singly - iterated knapsack Singly-iterated Merkle - Hellman KC was broken by.

Systems of Equations as Matrices and Hill Cipher.

1 Channel Coding (II) Cyclic Codes and Convolutional Codes.

Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.

Section 2.1: Shift Ciphers and Modular Arithmetic Practice HW from Barr Textbook (not to hand in) p.66 # 1, 2, 3-6, 9-12, 13, 15.

Implementing RSA Encryption in Java

By Yernar.  Background  Key generation  Encryption  Decryption  Preset Bits  Example.

Cryptography Team Presentation 2

Data Security and Encryption (CSE348) 1. Lecture # 12 2.

Merkle-Hellman Knapsack Cryptosystem

The Paillier Cryptosystem

FULLY HOMOMORPHIC ENCRYPTION WITH POLYLOG OVERHEAD Craig Gentry and Shai Halevi IBM Watson Nigel Smart Univ. Of Bristol.

Fifth Edition by William Stallings

FHE Introduction Nigel Smart Avoncrypt 2015.

China Summer School on Lattices and Cryptography Craig Gentry and Shai Halevi June 4, 2014 Homomorphic Encryption over Polynomial Rings.

DES Analysis and Attacks CSCI 5857: Encoding and Encryption.

PRACTICAL (F)HE Shai Halevi 1 October 2015FHE+MMAPs Summer School, Paris Part I - BGV Basics Part II - Packed Ciphertexts Part III - Bootstrapping.

Lecture5 – Introduction to Cryptography 3/ Implementation Rice ELEC 528/ COMP 538 Farinaz Koushanfar Spring 2009.

Vigenère Tableau Reference –Matt Bishop, Computer Security, Addison Wesley, 2003.

Implementing Secure IRC App with Elgamal By Hyungki Choi ID : Date :

Introduction to Elliptic Curves CSCI 5857: Encoding and Encryption.

Aggelos Kiayias, Nikos Leonardos, Helger Lipmaa, Kateryna Pavlyk, and Qiang Tang FIT 2016, February 6, 2016.

China Summer School on Lattices and Cryptography Craig Gentry and Shai Halevi June 3, 2014 Fully Homomorphic Encryption and Bootstrapping.

Introduction to Elliptic Curve Cryptography CSCI 5857: Encoding and Encryption.

Le Trong Ngoc Security Fundamentals (2) Encryption mechanisms 4/2011.

Public Key Cryptosystem In Symmetric or Private Key cryptosystems the encryption and decryption keys are either the same or can be easily found from each.

Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim

Fully Homomorphic Encryption (FHE) By: Matthew Eilertson.

Matrix Multiplication in Hadoop

Packing Techniques for Homomorphic Encryption Schemes Scott Thompson CSCI-762 4/28/2016.

Multi-Party Computation r n parties: P 1,…,P n  P i has input s i  Parties want to compute f(s 1,…,s n ) together  P i doesn’t want any information.

Attack on Fully Homomorphic Encryption over Principal Ideal Lattice

NJIT Cybersecurity Research Center Jerry Ryan

Some of this slide set is from Section 2,

ADVANCED ENCRYPTION STANDARDADVANCED ENCRYPTION STANDARD

Practical (F)HE Part III – Bootstrapping

Counter Mode, Output Feedback Mode

Presentation transcript:

* Partially sponsored by IARPA SPAR * Partially sponsored by DARPA PROCEED

PAlgebra Structure of Zm* PAlgebraTwo/2r plaintext-slot algebra NumbTh miscellaneous utilities CModulus polynomials mod p Math SingleCRT/DoubleCRT polynomial arithmetic FHE KeyGen/Enc/Dec Ctxt Ciphertext operations Crypto EncryptedArray/EncrytedArrayMod2r Routing plaintext slots IndexSet/IndexMap Indexing utilities FHEcontext parameters bluestein FFT/IFFT timing KeySwitching Matrices for keyswitching Box Diagram of the Library

 A ciphertext encrypts an array of values ◦ Either bits, elements of GF(2 n ), or integers mod 2 r  Array size determined by other parameters ◦ Intended depth of circuits & security parameter ◦ E.g., 378, 600, 682, 720, 1285, …  Homomorphic operations include: ◦ Element-wise addition/subtraction, multiplication ◦ Addition/subtraction, multiplication by constants ◦ Cyclic/non-cyclic shifts ◦ Also SELECT(A 1,A 2, pattern) = pattern  A 1 + (1-pattern)  A 2

 Security parameter=80, circuit width=4 arrays (  ) (  ) maybe similar work to homomorphic AES ◦ If true, ~12x speedup on our previous implementation [CRYPTO 2012] Circuit “depth”Array sizeTime (hrs:min:sec) 72240:00: :02: :19: :01: :24:47

 Various optimizations and design choices 1.Representing plaintext algebra (§2.4, §2.5) 2.Double-CRT representation of polynomials(§2.8) 3.Ciphertexts as “generic” vectors (§3.1.1-§3.1.3) 4.Dynamic noise estimate (§3.1.4) 5.Key-switching optimizations (§3.1.6) 6.Which key-switching matrices to generate (§3.3) 7.Implementation of rotation/shifts (§4.1)  Here I will only talk about 3 & 4 § The section numbers correspond to the design & implementation document

 A freshly-encrypted ciphertext comes with some noise estimate  The estimate evolves during computation  We use it to decide when to do modulus- switching  Also the application can use it to know if it should expect a decryption error

 We have the basic BGV implementation more or less done  Evaluate nontrivial circuits in a few minutes, and even complex circuits in just a few hours  Amenable to massive parallelism