Homomorphic encryption
From Wikipedia, the free encyclopedia
Homomorphic Encryption is a form of encryption where one can perform a specific algebraic operation on the plaintext by performing a (possibly different) algebraic operation on the ciphertext. Depending on one's viewpoint, this can be seen as a positive or negative attribute of the cryptosystem. Homomorphic encryption schemes are malleable by design and are thus unsuited for secure data transmission. On the other hand, the homomorphic property of various cryptosystems can be used to create secure voting systems (pdf), collision-resistant hash functions and private information retrieval schemes.
There are several efficient Homomorphic cryptosystems:
- RSA Cryptosystem
- El Gamal cryptosystem
- Goldwasser-Micali cryptosystem
- Benaloh cryptosystem
- Okamoto-Uchiyama cryptosystem
- Paillier cryptosystem
- Naccache-Stern cryptosystem
- Damgård-Jurik cryptosystem
- Boneh-Goh-Nissim cryptosystem
Contents |
[edit] Examples
In the following examples, we use the notation to denote the encryption of the message x.
[edit] Unpadded RSA
If the public key is m,e, then the encryption of a message x is given by . Then we have the homomorphic property
[edit] El Gamal
If the public key is p,g,h=ga, and a is the secret key, then the encryption of a message x is . Then we have the homomorphic property
[edit] Goldwasser-Micali
If the public key is the modulus m, and quadratic non-residue x, then the encryption of a bit b is . Then we have the homomorphic property
where denotes addition modulo 2, (i.e. exclusive-or).
[edit] Benaloh
If the public key is the modulus m, the base g and the blocksize r, then the encryption of a message x is . Then we have the homomorphic property
[edit] Paillier
If the public key is the modulus m and the base g, then the encryption of a message x is . Then we have the homomorphic property
[edit] Open question
While these examples allow one-to-one group operation on plaintexts (either addition or multiplication in these examples), no one has created a cryptosystem which preserves the ring structure of the plaintexts, i.e. allows both addition and multiplication. The best result in this direction is the Boneh-Goh-Nissim cryptosystem which, through operations on the cipthertext, allows addition of plaintext followed by a single multiplication followed by an arbitrary number of additions. This allows them to evaluate polynomials of degree 2 on the plaintext through operations on the ciphertext.