An efficient fully homomorphic symmetric encryption algorithm

Abstract

In this paper, we consider Homomorphic Encryption (HE) to process over encrypted data to achieve users privacy. We present a framework solution that provides a high level of security for the symmetric HE algorithms. The proposed solution introduces a dynamic structure and a dynamic diffusion primitives that enhance existing symmetric HE algorithms and overcome their weaknesses. Domingo Ferrer is a well known symmetric HE scheme that relies on polynomial computations but at the same time suffers from some vulnerabilities and especially sensitivity to known plain-text attack. We apply the concerned dynamic framework over the Domingo Ferrer encryption scheme to overcome its main weaknesses. Security analysis of the new encryption scheme that we called Enhanced Domingo Ferrer has shown that the latter became immune to several types of attack especially known plain-text attack. Crypt-analysis has also shown that this new implementation will be secure also with the lowest possible storage overhead. Implementation of the new scheme has shown an acceptable execution time. All the new specifications listed previously make the scheme a good candidate for efficiently preserving users privacy in a big variety of real-world modern applications.

Appendix: Domingo Ferrer example

• Suppose that \(m^{\prime }=256\) and m = 256 × 7 = 1792. (m should always be a multiple of \(m^{\prime }\), and let d = 4).

• Two plain-texts x₁ = 157 and x₂ = 220 are picked from the private ring Z₂₅₆.

• x₁, x₂ are randomly divided into 4 integers respectively \({x_{1}}^{j},{x_{2}}^{j}\) such that \({x_{1}}^{j},{x_{2}}^{j} \in Z_{1792}\) and j ∈{1, 2, 3, 4} :

  $$x_{1}=157=(570 + 230+420 + 473)mod(256).$$
  $$x_{2}=220=(700 + 300+256 + 241)mod(256).$$

  Let r = 717 invertible in Z₁₇₉₂ and r^− 1 = 5.

• The encryption of x₁ and x₂ is given by the following:

  $$ \begin{array}{@{}rcl@{}} &&E(x_{1})=E(157)=(570\times 717mod(1792),230\times 717^{2}mod(1792),420\\ &&\times 717^{3} mod(1792), 473\times 717^{4} mod(1792)))=(114,726,1652,233). \end{array} $$
  $$ \begin{array}{@{}rcl@{}} &&E(x_{2})=E(220)=(700\times717 mod(1792),300\times 717^{2}mod(1792),259\\ &&\times717^{3}mod(1792),241\times717^{4}mod(1792))=(140,12,1407,1153). \end{array} $$

• Homomorphic properties:

  The decryption of E(x₁) + E(x₂) is done by multiplying each j^th position by r^−j.

  $$r^{-1}=5, r^{-2}=25, r^{-3}=125, r^{-4}=625$$

  The decryption of E(x₁) + E(x₂) is given by (1270 + 530 + 679 + 714)mod(256) = 121.

  Given that (x₁ + x₂)mod(256) = 121 and the proposed algorithm is additive homomorphic.

  $$E(x_{1}) \times E(x_{2})=((114,726,1652,233)\times (140,12,1407,1153))mod(1792)$$

  The multiplication is done modulo 1792 based on a polynomial calculation, thus:

  $$ \begin{array}{@{}rcl@{}} &&(114r+726r^{2}+1652r^{3}+233r^{4})\times(140r+12r^{2}+1407r^{3}+1153r^{4})=\\ &&1624r^{2}+864r^{3}+774r^{4}+1144r^{5}+1358r^{6}+1547r^{7}+1641r^{8}. \end{array} $$
  $$E(x_{1}) \times E(x_{2})\ \text{can be expressed as}\ (0,1624,864,774,1144,1358,1547,1641).$$

  r^− 1mod(1792) = 5, r^− 2mod(1792) = 25, r^− 3mod(1792) = 125, r^− 4mod(1792) = 625, r^− 5mod(1792) = 1333, r^− 6mod(1792) = 1289, r^− 7mod(1792) = 1069, r^− 8mod(1792) = 1761

The decryption is defined by the following:

1. 1.

   a₁ = 0

2. 2.

   a₂ = 1624 × 25mod(1792) = 1176.

3. 3.

   a₃ = 864 × 125mod(1792) = 480.

4. 4.

   a₄ = 774 × 625mod(1792) = 1702.

5. 5.

   a₅ = 1144 × 1333mod(1792) = 1752.

6. 6.

   a₆ = 1358 × 1289mod(1792) = 1470.

7. 7.

   a₇ = 1547 × 1069mod(1792) = 1519.

8. 8.

   a₈ = 1641 × 1761mod(1792) = 1097.

(1176 + 480 + 1702 + 1752 + 1470 + 1519 + 1097)mod(256) = 236 given that (x₁ × x₂)mod(256) = 157 × 220mod(256) = 236, the proposed algorithm is multiplicative homomorphic.