An Improved Multiple to One Fully Homomorphic Encryption on the Integers

(1)

ISSN Online: 2327-5227 ISSN Print: 2327-5219

DOI: 10.4236/jcc.2018.69005 Sep. 12, 2018 50 Journal of Computer and Communications

An Improved Multiple to One Fully

Homomorphic Encryption on the Integers

Chaoju Hu, Jianwei Zhao

School of Control & Computer Engineering, North China Electric Power University, Baoding, China

Abstract

The public key of the integer homomorphic encryption scheme which was proposed by Van Dijk et al. is long, so the scheme is almost impossible to use in practice. By studying the scheme and Coron’s public key compression technique, a scheme which is able to encrypt n bits plaintext once was ob-tained. The scheme improved the efficiency of the decrypting party and in-creased the number of encrypting parties, so it meets the needs of cloud computing better. The security of the scheme is based on the approximate GCD problem and the sparse-subset sum problem.

Keywords

Fully Homomorphic Encryption, Multipart to One Fully Homomorphism Encryption, Approximate GCD Problem, Sparse-Subset Sum Problem

1. Introduction

Full homomorphic encryption (FHE) was proposed by Rivest, Adleman, and Dertouzos in 1978 [1]. This encryption method can perform operations on ci-phertext. After decryption, the same operation is performed on the correspond-ing plaintext. The results are consistent. With such characteristics, the data can be encrypted and handed over to the cloud for processing, which not only utiliz-es the computing power of the cloud, but also reducutiliz-es the amount of local com-puting and ensures the security of the data [2] [3].

To this end, many scholars have studied how to construct a homomorphic en-cryption scheme, and proposed a variety of enen-cryption schemes that satisfy par-tial homomorphism [4]-[9]. In 2009, Gentry et al. [10] proposed the first true homomorphic encryption scheme based on the ideal lattice on a polynomial ring, but because it is too complicated and inefficient, it has larger difficulty in

prac-How to cite this paper: Hu, C.J. and Zhao, J.W. (2018) An Improved Multiple to One Fully Homomorphic Encryption on the Integers. Journal of Computer and Com-munications, 6, 50-59.

https://doi.org/10.4236/jcc.2018.69005 Received: August 20, 2018

Accepted: September 9, 2018 Published: September 12, 2018

http://creativecommons.org/licenses/by/4.0/

(2)

DOI: 10.4236/jcc.2018.69005 51 Journal of Computer and Communications tical applications. In 2010, Dijk et al. [11] improved the above ideal lattice scheme and proposed an integer homomorphic encryption scheme, namely the DGHV scheme. The public key size of this scheme is _O

( )

_λ

10 _{. In 2011, Coron}_et

al. [12] optimized the DGHV scheme. For the problem of the large number of

public keys in the DGHV scheme, a scheme for generating public key integers in quadratic form was proposed, which shortened the public key length to _O

( )

_λ

7 _.

The following year, Coron et al. [13] proposed a “public key compression tech-nique” for the problem of excessive public key elements in the DGHV scheme, shortening the public key length to _O

( )

_λ

5 _.

Through comparison and research, it is found that the above schemes are composed of one encryption party and also a single decryption party, which is difficult to meet the problem of multi-party interaction in the cloud computing environment. In view of the above problems, this paper studies Coron’s public key compression technology, shortens the size of the public key, expands the plaintext space in the scheme to n bits, and expands the number of encryption parties to achieve multiple encryption methods. A solution composed of a de-cryption party is more in line with the application needs of actual scenarios such as cloud computing. The public key size of this scheme is _O

( )

_λ

5 _.

2. Basic Symbols and Concepts

2.1. Fully Homomorphic Encryption

A compact encryption scheme E encrypts the plaintext according to the encryp-tion method in scheme E. After the obtained ciphertext is arbitrarily operated, the result is decrypted and the result is the same as the plaintext, and the scheme E is fully homomorphic Encryption scheme. Expressed as a mathematical for-mula as:

( )

(

1 , 2 , , n

)

(

1, , ,2 n

)

Dec f Enc m Enc m_ _ Enc m  =_ f m m _ m

Enc is an encryption algorithm, Dec is a decryption algorithm, f is an arbitrary function, cn is ciphertext, and mn is plaintext.

In general, a fully homomorphic encryption algorithm consists of four parts: Key generation algorithm KeyGen (λ): Generate public key pk, private key sk. Encryption algorithm Encrypt (pk, m): encrypts the plaintext m with the pub-lic key pk to obtain the ciphertext c.

Decryption algorithm Decrypt (sk, c): Decrypt the ciphertext c with the pri-vate key sk to obtain the plaintext m.

The ciphertext calculation algorithm Evaluates

(

pk f c c, , , , ,1 2 cn

)

: the

oper-ation of the ciphertext should satisfy:

( )

(

1 , 2 , , n

)

(

1, , ,2 n

)

Dec f Enc m Enc m_ _ Enc m  =_ f m m _ m

2.2. DGHV Program

(3)

DOI: 10.4236/jcc.2018.69005 52 Journal of Computer and Communications scheme, namely the DGHV scheme, which is no longer based on ideal lattices but on modular operations on integers.

The encryption algorithm of the DGHV scheme is

2 c

← +

m

r pq

+

where c is ciphertext, m is plaintext, r is random noise interference, p is a private key, and q is a large positive integer generated during the key generation phase.

The decryption algorithm is

(

cmodp

)

mod 2 c p c mod 2 Lsb c xorLsb

( )

c

p p

   

=_ − ∗ _ = _{ }

   

The public key size of this scheme is _O

( )

_λ

10 _.

In order to ensure security, the approximate maximum common divisor prob-lem is introduced. In the encryption process, some ciphertext xi encrypted by 0,

{

x x r pqi: i= +i

}

is added, then reorder xi so that x0 is the largest and x0 is

odd.

(

x0modp

)

is an even number, then the public key pk=

(

x x0, , ,1 xτ

)

. When encrypting, a subset of the set is randomly added to the ciphertext, and the encryption algorithm is

(

2 1i i

)

mod 0

c← m+ r+

∑

_{≤ ≤}_τx x _.

The addition of the approximate greatest common divisor problem means that the attack on the program is due to an attack on the approximate greatest com-mon divisor problem, so the scheme is safe [14].

2.3. Many-to-One Homomorphic Encryption

The many-to-one fully homomorphic encryption scheme [15] contains a plural-ity of encryption parties P i_i

(

=1,2, ,_ n

)

_{and a decryption party}_P_{. The}

plain-text space is M, the public-private key pair

(

pk sk_i, _i

)

of the encrypting party, and the public-private key pair

(

pk sk,

)

of the decrypting party. And the en-cryption algorithm E(⋅) and the corresponding decryption algorithm D(⋅). In this model, the plaintext m Mi∈ of the encryption side, the generated ciphertext

i

c is mi encrypted by pki, and needs to satisfy the following properties,

where ⊕ denotes the operator,

i j

≠

:

1) Both the encrypting party and the decrypting party can use their own pri-vate key to decrypt the message encrypted by their own public key, i.e.

( )

(

)

i i

sk pk i i

D E m =m , D E msk

(

pk

( )

)

=m.

2) The encrypting party i cannot use its own private key ski to decrypt the

message encrypted by the encrypting party j with its own public key pkj, that

is,

( )

(

)

i j

sk pk j j

D E m ≠m _.

3) The message encrypted by the encrypting party i with its own public key

i

(4)

DOI: 10.4236/jcc.2018.69005 53 Journal of Computer and Communications

( )

(

i

)

sk pk i i

D E m =m.

4) Different messages encrypted by the encrypting party i with its own public key pki have homomorphism under the operation of the decrypting party P,

that is,

(

)

(

_i ₁ ₂

)

(

_i

( )

₁ _i

( )

₂

)

sk pk sk pk pk

D E m ⊕m =D E m ⊕E m .

5) Different messages encrypted by different encrypting party i and encrypting party j have homomorphism under the operation of decrypting party P, that is,

( )

(

_i ₁ _j ₂

)

(

₁ ₂

)

sk pk pk sk pk

D E m ⊕E m =D E m ⊕m .

3. Improved N-Bit “One-to-One” Homomorphic Encryption

Scheme

The DGHV scheme can only encrypt 1 bit of plaintext at a time, and the size of the public key element is too large. This section extends the plaintext space to n bits, and uses the public key compression technique to improve the key genera-tion algorithm, using pseudo-random number generagenera-tion. The f and the seed se

generate a set of integers χi having the same number of bits as xi, so that it is

not necessary to store the large integer xi, and it is only necessary to store the

difference between χi and xi as a public key element.

3.1. Program Establishment

KeyGen: randomly generate a large prime number _p __{2 ,2}η−1 η

)

∈  of length

η

bits, and calculate x0=q p0⋅ , where q0∈ 0,2γ p

)

is a random odd number.

Initialize the pseudo-random number generator f and the seed se, and generate

τ

integers by using f se

( )

, that is, χ χ1, , ,2  χτ, and calculate

(

mod

)

i i p i p ri

δ = χ +ξ ⋅ − , 1≤ ≤i

τ

,

where r Zi∈ 

(

−2 ,2ρ ρ

)

,

ξ

i∈Z0,2λ η+ p

)

. Then xi=χ δi− i. The public

key pk=

(

se x, , , , ,0 δ δ1 2 δτ

)

, private key sk p= .

Encrypt: Randomly select the integer vector b b

( )

i ₁i 0,2

)

τ α τ ≤ ≤ ∈ 

= , randomly

select the integer r Z_∈

(

₋2 ,2ρ′ ρ′

)

 , ciphertext

(

2 2 1

)

mod 0

n n

i i i

c← m+ ⋅ +r ⋅

∑

_{≤ ≤}_τb x⋅ x _. Decrypt: _m_←

(

_cmod_p

)

mod 2n_.

In order to ensure the security of the scheme, the parameters in the above method need to meet the following restrictions: to resist violent attacks, select

(

log

)

ρ ω= λ _{; in order to make the compressed decryption circuit belong to the}

permissible circuit, select

_{η ρ}

_{≥ ⋅Θ}

(

_λ

_log2

_λ

)

_{; to resist the lattice-based attack,}

choose

_{γ ω η}

₌

(

2_⋅_log

_λ

)

_{; apply the residual hash theorem to the approximation}

of the approximate GCD problem, choose α τ γ ω⋅ ≥ +

(

logλ

)

; To ensure cor-rect decryption of ciphertext, select η ρ α≥ + + +2 log2τ; second noise

(5)

( )

2

O

η

= 

λ

_,

_γ

₌_O

( )

_λ

5 _,

_τ

₌_O

( )

_λ

3 _,

_α

₌_O

( )

_λ

2 _,

_ρ

_{′ =}_O

( )

_λ

2 _.

3.2. Proof of Correctness

(

)

(

)

1

1 mod mod 2

2 2 mod mod 2

n

n n n

i i i

n n n

i i i

i

c p

m r b x p

m r b p

τ τ χ δ ≤ ≤ ≤ ≤    =__ + ⋅ + ⋅ ⋅ _ _        =__ + ⋅ + ⋅ ⋅ − _ _    

∑

In which

(

)

(

)

(

)

[

]

{

}

(

)

mod mod mod

mod mod mod mod

0 0 mod

i i i i i i

i i i i

i i

p p p r p

p p p p r p

r p

r

χ δ

χ

ξ

χ

ξ

− = − ⋅   ⋅  − + = − _ − + = − + =

So the original

(

)

1

mod mod 2n 2n 2n mod 2n

i i i

c p m r b r m

τ

≤ ≤

 

=_ + ⋅ + ⋅ ⋅ _ =



∑



3.3. Test of Homomorphism

There are ciphertext 1 1 2 1 2 1

n n

i i i

c m= + ⋅ +r ⋅

∑

≤ ≤τb x⋅ and ciphertext

2 2 2n 2 2n 1i j j

c =m + ⋅ +r ⋅

∑

_{≤ ≤}_τb x⋅ , then

(

)

(

)

(

)

(

)

(

)

1 2

1 2 1 2

1 1

1 2 1 2

1 1

1 2

mod mod 2

2 2 mod mod 2

2 2 mod 2

n

n n n

i i j j

i j

n n n

i i j j

i j

c c p

m m r r b x b x p

m m r r b r b r

m m τ τ τ τ ≤ ≤ ≤ ≤ ≤ ≤ ≤ ≤ +         =__ + + ⋅ + + ⋅ ⋅ + ⋅ _ _         =_ + + ⋅ + + ⋅ ⋅ + ⋅ _   = +   

∑

(

)

(

)(

) (

)

(

)

1 2

1 1 2 2 1 1

1

2 2

1 1 1

mod mod 2

2 2 2 2

2 2 2 2 mod mod 2

n

n n n n

j j j

n n n n n

i i i i j j

i i j

c c p

m r m r m r b x

b x m r b x b x p

τ

τ τ τ

≤ ≤ ≤ ≤ ≤ ≤ ≤ ≤      =_ + ⋅ + ⋅ + + ⋅ ⋅ ⋅         +_ ⋅ ⋅ _ + ⋅ +_ ⋅ ⋅ _ ⋅ ⋅ _ _                 

∑

(

)(

) (

)

(

)

(

)(

)

(

)

1 1 2 2 1 1

1

2 2

1 1 1

1 1 2 2

1 2

2 2 2 2

2 2 2 2 mod 2

2 2 mod 2

n n n n

j j j

n n n n n

i i i i j j

i i j

n n n

m r m r m r b r

b r m r b r b r

m r m r

m m

τ

τ τ τ

(6)

4. Improved N-Bit “Many-to-One” Fully Homomorphic

Encryption Scheme

Based on the scheme given in Section 3.1, this section changes the key genera-tion algorithm, expands the number of encrypgenera-tion parties, and gives a “many-to-one” fully homomorphic encryption scheme for processing n-bit plaintext, and corrects it. Sex and homomorphism have been proved.

4.1. Program Establishment

KeyGen: There are multiple encryption parties P i_i

(

=1,2, ,_ n

)

_{and one}

de-cryption party P in this scheme. The decryption party P generates the public key

(

, , , , ,0 1 2

)

pk= se x δ δ  δτ from the 3.1 scheme, the encryption side

(

1,2, ,

)

i

P i=  n selects the integer _{2 ,2}i1 i

)

(

₂ ₁

)

i

p η− η Z



∈ _ + as its own key

i

sk , then change the order of

(

δ δ1, , ,2 δτ

)

in the public key randomly to ob-tain pk=

(

se x, , , , ,0 δ δ1 2 δτ

)

, and then randomly selected integer

,0, , , 0,2

i

i i

i

q q Z

p γ

τ

 

 

 

∈ _

 ,

randomly select integer ri,0, , ri,τ∈Z−2 ,2ρi ρi, such that

(

)

, , , , 2n ,

i j i j i j i i j j j i j

x =χ −δ =p q χ −δ + r _,1≤ ≤j τi,xi,0=p q xi i,0 0+2nri,0, and xi,0 is the largest. Then the public key of Pi is

(

, ,0 ,0, ,,1 ,2, , ,i

)

i i i i i

pk = se x x δ δ δ τ .

Encrypt: Encryption party Pi randomly selects the integer vector

( )

_{, 1} 0,2

)

i

i i j _j

b b α τ

τ ≤ ≤ 

= _{∈ } ,

randomly selects integer

(

2 ,2i i

)

i

s Z_∈ ₋ ρ ρ

 , ciphertext

(

2 2 1 i , ,

)

mod ,0

n n

i i j i j i j i

c ← m+ ⋅ +s ⋅

∑

_{≤ ≤}_τb x⋅ x .

Decrypt: The encryption party Pi can decrypt ski= pi according to ski= pi;

the decryption party P can decrypt

(

mod

)

mod 2n i i

m ← c p _{according to} sk p= _.

4.2. Proof of Correctness

1)

(

pk sk,

)

is the public-private key pair generated by P. It can be seen from 3.2 that P can perform correct encryption and decryption.

2) Pi can correctly decrypt ci using the key ski= pi prove:

, , ,0 1

2 2 mod

i

n n

i i i i j i j i

j

c m s b x x

τ ≤ ≤

 

=_ + ⋅ + ⋅ ⋅ _



∑



Since xi,0 is the largest, it can be written as

(

)

(

)

(

)

, , ,0

1

, , , ,0 0 ,0

1

2 2

2 2 2 2

i

n n

i i i i j i j i i j

n n n n

i i i j i i j j j i j i i i i j

c m s b x k x

m s b p q r k p q x r

τ

χ δ

≤ ≤

= + ⋅ + ⋅ ⋅ + ⋅

= + ⋅ + ⋅ ⋅ − + + ⋅ +

∑

(7)

Finishing can get 2n

i i i

c m= + A p B+ _{, where}

, , ,0

1 i 2

n i j i j i j i i

A s= +

∑

≤ ≤τb ⋅ r +k r , 2 1 i , ,

(

)

,0 0

n

i j i j j j i i j

B= ⋅

∑

_{≤ ≤}_τb q⋅ χ −δ +k q x . According to the defined parameters, 2n

i i

m + A p< _{, then}

(

mod

)

mod 2n

i i i

c p =m _.

So Pi can correctly decrypt ci using the key ski= pi.

3) P can correctly decrypt ci using the key sk p= prove:

As can be seen from 2),

(

)

, , ,0 , , ,0 0

1 1

2 2 2

i i

n n n

i i i i j i j i i i i j i j j j i i

j j

c m s b r k r p b q k q x

τ τ

χ δ

≤ ≤ ≤ ≤   = + _ + ⋅ + _+ ⋅ ⋅ − +         

∑

According to 3.2,

(

χ_j−δ_j

)

modp r= _j_, χ_j−δ_j_{can be written as} r l p_j+ ⋅_j _,

j

l ∈Z _{, and} x₀=q p₀⋅ _{, so it is sorted into:} 2n i i

c m= + A pB+ _{, where}

(

)

, , , ,0

1 i 2

n

i j i j i j i i j j i i

A s= +

∑

_{≤ ≤}_τb ⋅ r +p q r⋅ ⋅ +k r ,

, , ,0 0

1 2

i

n

i j i j i j j i i

B p= ⋅

∑

≤ ≤τ b q l⋅ ⋅ +k q q .

According to the defined parameters, 2n i

m + A p< , then

(

mod

)

mod 2n

i i

c p =m_{. So}_P_{can correctly decrypt} c_i using the key sk p= _.

4.3. Test of Homomorphism

1) P has the homomorphism of the decrypted ciphertext. Proof from 3.3 is known.

2) The encrypting party Pi has homomorphism to the encrypted ciphertext.

Proof: From 4.2 (2), 2n

i i i

c m= + A p B+ , with ciphertext ci,1=mi,1+2nA p B1+ i 1 and ciphertext ci,2=mi,2+2nA2+p Bi 2, then

(

)

(

)

(

)

(

)

(

)

(

)

(

)

(

)

,1 ,2

,1 1 1 ,2 2 2

,1 ,2 1 2 1 2

,1 ,2

mod mod 2

2 2 mod mod 2

2 mod mod 2

n

i i i

n n n

i i i i i

n n

i i i i

i i

c c p

m A p B m A p B p

m m A A p B B p

m m + = + + + + + = + + + + + = +

(

)

(

)

(

)(

)

(

)

(

)

(

)

(

)

,1 ,2

,1 1 1 ,2 2 2

,1 ,2 ,1 2 1 ,2 1 2

,1 2 1 2 1 ,2 2 2

,1 ,2

mod mod 2

2 2 mod mod 2

2 2

2 2 mod mod 2

n i i i

n n n

i i i i i

n n

i i i i

n n n

i i i i i

i i

c c p

m A p B m A p B p

m m m A A m A A

m B A B B m A p B

m p p m = + + + + + + + + + + + = = +

Therefore, Pi has homomorphism to the encrypted ciphertext.

3) The decryption party P has homomorphism to the encrypted ciphertext. Proof: From 4.2 (3), 2n

i i

c m= + A pB+ _{, with ciphertext} _,1 _,1 2n ₁ ₁ i i

c =m + A pB+

(8)

(

)

(

)

(

)

(

)

(

)

(

)

(

)

(

)

,1 ,2

,1 1 1 ,2 2 2

,1 ,2 1 2 1 2

,1 ,2

mod mod 2

2 2 mod mod 2

2 mod mod 2

n i i

n n n

i i

n n

i i i i

c c p

m A pB m A pB p

m m A A p B B p

m m + = + + + + + = + + + + + = +

(

)

(

)

(

)(

)

(

)

(

)

(

)

(

)

,1 ,2

,1 1 1 ,2 2 2

,1 ,2 ,1 2 1 ,2 1 2

,1 2 1 2 1 ,2 2 2

,1 ,2

mod mod 2

2 2 mod mod 2

2 2

2 2 mod mod 2

n i i

n n n

i i

n n

i i i i

n n n

i i

c c p

m A pB m A pB p

m m m A A m A A

m B A B B m A pB p

m m p = = + + + + + + + + = + + + +

Therefore, the decryption party P has homomorphism to the encrypted ci-phertext.

4) The decryption party P has homomorphism for different encryption parties

i

P and the ciphertext of the encryption party Pj. Proof: From 4.2 (3),

2n i i

c m= + A pB+ , with ciphertext 2n

i i i j

c m= + A pB+ and ciphertext 2n

j j j j

c =m + A +pB _{, then}

(

)

(

)

(

)

(

)

(

) (

)

(

)

(

)

mod mod 2

2 2 mod mod 2

2 mod mod 2

n

i j

n n n

i i i j j j

n n

i j i j i j

i j

c c p

m A pB m A pB p

m m A A p B B p

m m + = + + + + + = + + + + + = +

( )

(

)

(

)(

)

(

)

(

)

(

)

(

)

mod mod 2

2 2 mod mod 2

2 2

2 2 mod mod 2

n i j

n n n

i i j j j j

n n

i j i j i j i j

n n n

i j i j i j j j i j

c c p

m A pB m A pB p

m m m A A m A A

p m B A B B m A pB p

m m

= + + + +

= + + +

+ + + + +

=

Therefore, the decryption party P has homomorphism to different encryption parties Pi and the ciphertext of the encryption party Pj.

4.4. Compression and Decryption Circuit

(9)

DOI: 10.4236/jcc.2018.69005 58 Journal of Computer and Communications KeyGen: With the KeyGen algorithm in Section 4.1, generate

(

)

*

0 ,0 ,1 ,2 ,

, , , , , , _i

i i i i i

pk = se x x δ δ  δτ .

On the basis of this, add three parameters κ θ Θ, , _{, and randomly generate a}

bit vector s=

(

s si,1, , ,i,2 si,Θ

)

with length Θ. Its Hamming weight is θ. The pseudo random number generator f2 and the seed se2 are initialized,

and an integer 1

)

, 0,2

i j

u _ κ +

∈  ,

2 ≤ ≤

j

Θ

is generated by using f se2

( )

2 . 1

, ,

1 j s ui j i j xpimod 2 κ+

≤ ≤Θ ⋅ =

∑

,

where xp_i = ⌈2κ/pi⌋. Let yi j, =ui j, 2κ.

Initialize pseudo-random number generator f3 and seed se3, use f se3

( )

3 to generate integer χi j′ ∈ , 0,2γi

)

, and randomly generate integer

(

)

, 2 ,2i i

i j

r_{′ ∈ −} ρ ρ _,

)

, 0,2i i

i j γ η pi

ξ _ +

′ ∈  , calculate

(

)

, , mod , 2 , ,

i j i j pi i j pi ri j si j

δ

′ =

χ

′ +

ξ

′ ⋅ − ′ − _,

then the result of the vector s is encrypted σi j, =χi j′, −δi j′, . The public key

(

*

)

2 ,1 3 , , , , ,

i i i j

pk= pk se u se

δ

′ _{, and the private key} sk s= _.

Encrypt: Encrypt the plaintext *

i

m with an encryption algorithm to obtain the ciphertext *

i

c , and find

(

*

)

, , mod 2n

i j i i j

z = c y⋅ _{. The ciphertext} *

i

c and the extended ciphertext z=

(

z zi,1, , ,i,2  zi,Θ

)

are the output.

Decrypt: Decrypt, output secret civilization

(

)

(

*

)

, ,

1 mod 2n

i i j i j i j

m = c −

∑

_{≤ ≤Θ}s ⋅z . This results in a fully homomorphic encryption scheme.

5. Conclusion

Based on the DGHV scheme and the public key compression technology of Co-ron et al., this paper improves the encryption process, expands the number of encryption parties, and builds a multi-party encryption with a smaller public key size. The integer-homomorphic encryption scheme can encrypt the n-bit plain-text at a time, which is more in line with the needs of practical applications such as cloud computing. Whether it can further reduce the amount of calculation, whether it can achieve “multi-party encryption, multi-party decryption” will be the direction that will be improved in the future.

Conflicts of Interest

The authors declare no conflicts of interest regarding the publication of this pa-per.

References

[1] Rivest, R.L., Adleman, L. and Dertouzos, M.L. (1978) On Data Banks and Privacy Homomorphisms. In: Foundations of Secure Computation, Academia Press, Ghent, 169-179.

(10)

En-DOI: 10.4236/jcc.2018.69005 59 Journal of Computer and Communications

cryption. Application Research of Computers, 31, 1624-1631.

[3] Lin, C., Su, W.-B., Meng, K., Liu, Q. and Liu, W.-D. (2013) Cloud Computing Secu-rity: Architecture, Mechanism and Modeling. Chinese Journal of Computers, 36, 1765-1784.

[4] Elgamal, T. (1984) A Public Key Cryptosystem and a Signature Scheme Based on

Discrete Logarithms. IEEE Transactions on Information Theory, 31, 469-472. [5] Fellows, M.R. and Koblitz, N. (1994) Combinatorial Cryptosystems Galore!

Con-temporary Mathematics, 168, 51-62. https://doi.org/10.1090/conm/168/01688

[6] Benaloh, J. (1994) Dense Probabilistic Encryption. Proceedings of the Workshop on Selected Areas of Cryptography, Kingston, 1994, 120-128.

[7] Okamoto, T. and Uchiyama, S. (1998) A New Public-Key Cryptosystem as Secure as Factoring. In: Nyberg, K., Ed., International Conference on the Theory and Appli-cations of Cryptographic Techniques, Springer, Berlin, Heidelberg, 308-318. [8] Naccache, D. and Stern, J. (1998) A New Public Key Cryptosystem Based on Higher

Residues. Proceedings of the 5th ACM Conference on Computer and Communica-tions Security, San Francisco, CA, USA, 2-5 November 1998, 59-66.

https://doi.org/10.1145/288090.288106

[9] Damgård, I. and Jurik, M. (2001) A Generalisation, a Simplication and Some Ap-plications of Paillier’s Probabilistic Public-Key System. In: International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography, Springer-Verlag, Berlin, 119-136.

[10] Gentry, C. (2009) Fully Homomorphic Encryption Using Ideal Lattices. ACM Symposium on Theory of Computing, STOC 2009, Bethesda, MD, USA, 31 May-2 June 2009, 169-178.

[11] Dijk, M.V., Gentry, C., Halevi, S., et al. (2010) Fully Homomorphic Encryption over the Integers. Lecture Notes in Computer Science, 6110, 24-43.

https://doi.org/10.1007/978-3-642-13190-5_2

[12] Coron, J.S., Mandal, A., Naccache, D., et al. (2011) Fully Homomorphic Encryption over the Integers with Shorter Public Keys. In: Rogaway, P., Ed., CRYPTO 2011.

LNCS, Vol. 6841, 487-504.

[13] Coron, J., Naccache, D. and Tibouchi, M. (2012) Public Key Compression and Modulus Switching for Fully Homomorphic Encryption over the Integers. In: Da-vid, P. and Thomas, J., Eds., Advances in Cryptology-EUROCRYPT 2012, Springer, Berlin, Heidelberg, 446-464.

[14] Tang, Q.-Y. and Ma, C.-G. (2014) Feedback Attack against Fully Homomorphic Encryption System. Computer Engineering, 40, 79-84.