Design and Implementation of a Homomorphic ... - Researcher
Design and Implementation of a Homomorphic ... - Researcher
Design and Implementation of a Homomorphic ... - Researcher
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
homomorphic automorphism operation we get a two-polynomial ciphertext (c 0 , c 1 ) but relative to<br />
the key s ′ = κ(s) (where κ is the same automorphism that we applied to the ciphertext, namely<br />
s ′ (X) = s(X t ) for some t ∈ Z ∗ m).<br />
To support all <strong>of</strong> these options, a ciphertext in our library consists <strong>of</strong> an arbitrary-length vector<br />
<strong>of</strong> “ciphertext parts”, where each part is a polynomial, <strong>and</strong> each part contains a “h<strong>and</strong>le” that<br />
points to the secret-key that this part should be multiply by during decryption. H<strong>and</strong>les, parts,<br />
<strong>and</strong> ciphertexts are implemented using the classes SKH<strong>and</strong>le, CtxtPart, <strong>and</strong> Ctxt, respectively.<br />
3.1.1 The SKH<strong>and</strong>le class<br />
An object <strong>of</strong> the SKH<strong>and</strong>le class “points” to one particular secret-key polynomial, that should<br />
multiply one ciphertext-part during decryption. Recall that we allow multiple secret keys per<br />
instance <strong>of</strong> the cryptosystem, <strong>and</strong> that we may need to reference powers <strong>of</strong> these secret keys (e.g.<br />
s 2 after multiplication) or polynomials <strong>of</strong> the form s(X t ) (after automorphism). The general form<br />
<strong>of</strong> these secret-key polynomials is therefore s r i (Xt ), where s i is one <strong>of</strong> the secret keys associated<br />
with this instance, r is the power <strong>of</strong> that secret key, <strong>and</strong> t is the automorphism that we applied to<br />
it. To uniquely identify a single secret-key polynomial that should be used upon decryption, we<br />
should therefore keep the three integers (i, r, t).<br />
Accordingly, a SKH<strong>and</strong>le object has three integer data members, powerOfS, powerOfX, <strong>and</strong><br />
secretKeyID. It is considered a reference to the constant polynomial 1 whenever powerOfS= 0,<br />
irrespective <strong>of</strong> the other two values. Also, we say that a SKH<strong>and</strong>le object points to a base secret<br />
key if it has powerOfS = powerOfX = 1.<br />
Observe that when multiplying two ciphertext parts, we get a new ciphertext part that should<br />
be multiplied upon decryption by the product <strong>of</strong> the two secret-key polynomials. This gives<br />
us the following set <strong>of</strong> rules for multiplying SKH<strong>and</strong>le objects (i.e., computing the h<strong>and</strong>le <strong>of</strong><br />
the resulting ciphertext-part after multiplication). Let {powerOfS, powerOfX, secretKeyID} <strong>and</strong><br />
{powerOfS ′ , powerOfX ′ , secretKeyID ′ } be two h<strong>and</strong>les to be multiplied, then we have the following<br />
rules:<br />
• If one <strong>of</strong> the SKH<strong>and</strong>le objects points to the constant 1, then the result is equal to the other<br />
one.<br />
• If neither points to one, then we must have secretKeyID = secretKeyID ′ <strong>and</strong> powerOfX =<br />
powerOfX ′ , otherwise we cannot multiply. If we do have these two equalities, then the result<br />
will also have the same t = powerOfX <strong>and</strong> i = secretKeyID, <strong>and</strong> it will have r = powerOfS +<br />
powerOfS ′ .<br />
The methods provided by the SKH<strong>and</strong>le class are the following:<br />
SKH<strong>and</strong>le(long powerS=0, long powerX=1, long sKeyID=0); // constructor<br />
long getPowerOfS() const; // returns powerOfS;<br />
long getPowerOfX() const; // returns powerOfX;<br />
long getSecretKeyID() const; // return secretKeyID;<br />
void setBase(); // set to point to a base secret key<br />
void setOne(); // set to point to the constant 1<br />
bool isBase() const; // does it point to base<br />
14