Design and Implementation of a Homomorphic ... - Researcher
Design and Implementation of a Homomorphic ... - Researcher
Design and Implementation of a Homomorphic ... - Researcher
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
References<br />
[1] L. I. Bluestein. A linear filtering approach to the computation <strong>of</strong> the discrete fourier transform.<br />
Northeast Electronics Research <strong>and</strong> Engineering Meeting Record 10, 1968.<br />
[2] Z. Brakerski, C. Gentry, <strong>and</strong> V. Vaikuntanathan. Fully homomorphic encryption without<br />
bootstrapping. In Innovations in Theoretical Computer Science (ITCS’12), 2012. Available<br />
at http://eprint.iacr.org/2011/277.<br />
[3] C. Gentry. Fully homomorphic encryption using ideal lattices. In Proceedings <strong>of</strong> the 41st ACM<br />
Symposium on Theory <strong>of</strong> Computing – STOC 2009, pages 169–178. ACM, 2009.<br />
[4] C. Gentry, S. Halevi, <strong>and</strong> N. Smart. Fully homomorphic encryption with polylog overhead. In<br />
”Advances in Cryptology - EUROCRYPT 2012”, volume 7237 <strong>of</strong> Lecture Notes in Computer<br />
Science, pages 465–482. Springer, 2012. Full version at http://eprint.iacr.org/2011/566.<br />
[5] C. Gentry, S. Halevi, <strong>and</strong> N. Smart. <strong>Homomorphic</strong> evaluation <strong>of</strong> the AES circuit. In ”Advances<br />
in Cryptology - CRYPTO 2012”, volume 7417 <strong>of</strong> Lecture Notes in Computer Science, pages<br />
850–867. Springer, 2012. Full version at http://eprint.iacr.org/2012/099.<br />
[6] C. Gentry, S. Halevi, <strong>and</strong> N. P. Smart. Better bootstrapping in fully homomorphic encryption.<br />
In Public Key Cryptography - PKC 2012, volume 7293 <strong>of</strong> Lecture Notes in Computer Science,<br />
pages 1–16. Springer, 2012.<br />
[7] V. Lyubashevsky, C. Peikert, <strong>and</strong> O. Regev. On ideal lattices <strong>and</strong> learning with errors over<br />
rings. In H. Gilbert, editor, Advances in Cryptology - EUROCRYPT’10, volume 6110 <strong>of</strong> Lecture<br />
Notes in Computer Science, pages 1–23. Springer, 2010.<br />
[8] R. Rivest, L. Adleman, <strong>and</strong> M. Dertouzos. On data banks <strong>and</strong> privacy homomorphisms. In<br />
Foundations <strong>of</strong> Secure Computation, pages 169–177. Academic Press, 1978.<br />
[9] V. Shoup. NTL: A Library for doing Number Theory. http://shoup.net/ntl/, Version 5.5.2,<br />
2010.<br />
[10] N. P. Smart <strong>and</strong> F. Vercauteren. Fully homomorphic SIMD operations. Manuscript at<br />
http://eprint.iacr.org/2011/133, 2011.<br />
A<br />
Pro<strong>of</strong> <strong>of</strong> noise-estimate<br />
Recall that we observed empirically that for a r<strong>and</strong>om Hamming-weight-H polynomial s with<br />
coefficients −1/0/1 <strong>and</strong> an integral power r we have E[|s r (τ)| 2r ] ≈ r! · H r , where τ is the principal<br />
complex m-th root <strong>of</strong> unity, τ = e 2πi/m .<br />
To simplify the pro<strong>of</strong>, we analyze the case that each coefficient <strong>of</strong> s is chosen uniformly at<br />
r<strong>and</strong>om from −1/0/1, so that the expected Hamming weight is H. Also, we assume that s is<br />
chosen as a degree-(m − 1) polynomial (rather than degree φ(m) − 1).<br />
Theorem 1. Suppose m, r, H are positive integers, with H ≤ m, <strong>and</strong> let τ = e 2πi/m ∈ C. Suppose<br />
that we choose f 0 , . . . , f m−1 independently, where for i = 0, . . . , m − 1, f i is ±1 with probability<br />
37