Skip to main content
Springer Nature Link
Log in

Finding and Evaluating Parameters for BGV

  • Conference paper
  • First Online:
Progress in Cryptology - AFRICACRYPT 2023 (AFRICACRYPT 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14064))

Included in the following conference series:

Abstract

Fully Homomorphic Encryption (FHE) is a groundbreaking technology that allows for arbitrary computations to be performed on encrypted data. State-of-the-art schemes such as Brakerski Gentry Vaikuntanathan (BGV) are based on the Learning with Errors over rings (RLWE) assumption where each ciphertext has an associated error that grows with each homomorphic operation. For correctness, the error needs to stay below a certain threshold, requiring a trade-off between security and error margin for computations in the parameters. Choosing the parameters accordingly, for example, the polynomial degree or the ciphertext modulus, is challenging and requires expert knowledge specific to each scheme.

In this work, we improve the parameter generation across all steps of its process. We provide a comprehensive analysis for BGV in the Double Chinese Remainder Theorem (DCRT) representation providing more accurate and better bounds than previous work on the DCRT, and empirically derive a closed formula linking the security level, the polynomial degree, and the ciphertext modulus. Additionally, we introduce new circuit models and combine our theoretical work in an easy-to-use parameter generator for researchers and practitioners interested in using BGV for secure computation.

Our formula results in better security estimates than previous closed formulas while our DCRT analysis results in reduced prime sizes of up to 42% compared to previous work.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Acar, A., Aksu, H., Uluagac, A.S., Conti, M.: A survey on homomorphic encryption schemes: theory and implementation. ACM Comput. Surv. (CSUR) 51(4), 1–35 (2018)

    Article  Google Scholar 

  2. Albrecht, M.R.: On dual lattice attacks against small-secret LWE and parameter choices in HElib and SEAL. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 103–129. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56614-6_4

    Chapter  Google Scholar 

  3. Albrecht, M.R., et al.: Homomorphic encryption security standard. Technical report. Toronto, Canada (2018). https://HomomorphicEncryption.org

  4. Albrecht, M.R., Cid, C., Faugere, J.C., Fitzpatrick, R., Perret, L.: On the complexity of the BKW algorithm on LWE. Des. Codes Crypt. 74(2), 325–354 (2015)

    Article  MathSciNet  MATH  Google Scholar 

  5. Albrecht, M.R., Player, R., Scott, S.: On the concrete hardness of learning with errors. J. Math. Crypt. 9(3), 169–203 (2015)

    Article  MathSciNet  MATH  Google Scholar 

  6. Badawi, A.A., et al.: OpenFHE: open-source fully homomorphic encryption library. Cryptology ePrint Archive, Paper 2022/915 (2022). https://eprint.iacr.org/2022/915

  7. Bergerat, L., et al.: Parameter Optimization & Larger Precision for (T) FHE. Cryptology ePrint Archive (2022)

    Google Scholar 

  8. Biasioli, B., Marcolla, C., Calderini, M., Mono, J.: Improving and Automating BFV Parameters Selection: An Average-Case Approach. Cryptology ePrint Archive (2023)

    Google Scholar 

  9. Brakerski, Z., Vaikuntanathan, V.: Fully homomorphic encryption from ring-LWE and security for key dependent messages. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 505–524. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_29

    Chapter  Google Scholar 

  10. Chen, H., Kim, M., Razenshteyn, I., Rotaru, D., Song, Y., Wagh, S.: Maliciously secure matrix multiplication with applications to private deep learning. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12493, pp. 31–59. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64840-4_2

    Chapter  Google Scholar 

  11. Costache, A., Laine, K., Player, R.: Evaluating the effectiveness of heuristic worst-case noise analysis in FHE. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds.) ESORICS 2020. LNCS, vol. 12309, pp. 546–565. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-59013-0_27

    Chapter  Google Scholar 

  12. Costache, A., Nürnberger, L., Player, R.: Optimizations and trade-offs for helib. Cryptology ePrint Archive (2023)

    Google Scholar 

  13. Costache, A., Smart, N.P.: Which ring based somewhat homomorphic encryption scheme is best? In: Sako, K. (ed.) CT-RSA 2016. LNCS, vol. 9610, pp. 325–340. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29485-8_19

    Chapter  Google Scholar 

  14. Damgård, I., Pastro, V., Smart, N., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 643–662. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_38

    Chapter  Google Scholar 

  15. Di Giusto, A., Marcolla, C.: Breaking the power-of-two barrier: noise estimation for BGV in NTT-friendly rings. Cryptology ePrint Archive, Paper 2023/783 (2023)

    Google Scholar 

  16. Fan, J., Vercauteren, F.: Somewhat practical fully homomorphic encryption. IACR Cryptology ePrint Archive (2012)

    Google Scholar 

  17. Gama, N., Nguyen, P.Q.: Predicting lattice reduction. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 31–51. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_3

    Chapter  Google Scholar 

  18. Gentry, C.: A Fully Homomorphic Encryption Scheme, vol. 20. Stanford university, Stanford (2009)

    MATH  Google Scholar 

  19. Gentry, C., Halevi, S., Smart, N.P.: Homomorphic evaluation of the AES circuit. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 850–867. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_49

    Chapter  Google Scholar 

  20. Halevi, S., Polyakov, Y., Shoup, V.: An improved RNS variant of the BFV homomorphic encryption scheme. In: Matsui, M. (ed.) CT-RSA 2019. LNCS, vol. 11405, pp. 83–105. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12612-4_5

    Chapter  Google Scholar 

  21. Halevi, S., Shoup, V.: Design and implementation of HElib: a homomorphic encryption library. Cryptology ePrint Archive (2020)

    Google Scholar 

  22. Iliashenko, I.: Optimisations of fully homomorphic encryption (2019)

    Google Scholar 

  23. Kim, A., Polyakov, Y., Zucca, V.: Revisiting homomorphic encryption schemes for finite fields. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13092, pp. 608–639. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92078-4_21

    Chapter  Google Scholar 

  24. Lindner, R., Peikert, C.: Better key sizes (and attacks) for LWE-based encryption. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 319–339. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19074-2_21

    Chapter  Google Scholar 

  25. Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_1

    Chapter  Google Scholar 

  26. Marcolla, C., Sucasas, V., Manzano, M., Bassoli, R., Fitzek, F.H., Aaraj, N.: Survey on fully homomorphic encryption, theory, and applications. Proc. IEEE 110(10), 1572–1609 (2022)

    Article  Google Scholar 

  27. Martins, P., Sousa, L., Mariano, A.: A survey on fully homomorphic encryption: an engineering perspective. ACM Comput. Surv. (CSUR) 50(6), 1–33 (2017)

    Article  Google Scholar 

  28. Micciancio, D., Regev, O.: Lattice-based cryptography. In: Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.) Post-Quantum Cryptography, pp. 147–191. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-540-88702-7_5 ISBN 978-3-540-88702-7

    Chapter  MATH  Google Scholar 

  29. PALISADE (2022). https://palisade-crypto.org

  30. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Proceedings of the Thirty-seventh Annual ACM Symposium on Theory of Computing, pp. 84–93 (2005)

    Google Scholar 

  31. Schnorr, C.P., Euchner, M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program. 66(1–3), 181–199 (1994)

    Article  MathSciNet  MATH  Google Scholar 

Download references

Acknowledgement

The work described in this paper has been supported by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany’s Excellence Strategy - EXC 2092 CASA - 390781972. We also would like to thank Anna Hambitzer for her helpful comments on coupled optimization.

Author information

Authors and Affiliations

  1. Ruhr University Bochum, Horst Görtz Institute for IT Security, Bochum, Germany

    Johannes Mono, Georg Land & Tim Güneysu

  2. Technology Innovation Institute, Abu Dhabi, United Arab Emirates

    Chiara Marcolla & Najwa Aaraj

  3. DFKI GmbH, Cyber-Physical Systems, Bremen, Germany

    Georg Land & Tim Güneysu

Authors
  1. Johannes Mono
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chiara Marcolla
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Georg Land
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tim Güneysu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Najwa Aaraj
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Johannes Mono .

Editor information

Editors and Affiliations

  1. EMSE, Saint-Étienne, France

    Nadia El Mrabet

  2. IBM Research Europe, Rüschlikon, Switzerland

    Luca De Feo

  3. Université de Rennes 1, Rennes Cedex, France

    Sylvain Duquesne

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Mono, J., Marcolla, C., Land, G., Güneysu, T., Aaraj, N. (2023). Finding and Evaluating Parameters for BGV. In: El Mrabet, N., De Feo, L., Duquesne, S. (eds) Progress in Cryptology - AFRICACRYPT 2023. AFRICACRYPT 2023. Lecture Notes in Computer Science, vol 14064. Springer, Cham. https://doi.org/10.1007/978-3-031-37679-5_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-37679-5_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-37678-8

  • Online ISBN: 978-3-031-37679-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics