Search

US-12627462-B2 - Secure provision of keys for fully homomorphic encryption

US12627462B2US 12627462 B2US12627462 B2US 12627462B2US-12627462-B2

Abstract

The present disclosure relates to a method including: the generation, by a computing device, of a first key and a bootstrapping key; the provision of the first key and an identifier of the bootstrapping key to an electronic device and the provision of the bootstrapping key and the identifier to a server; the fully homomorphic encryption, by the electronic device, of a first data value, stored in the electronic device, by using the first key; and the provision, by the electronic device, of the encrypted first data value and of the identifier, to the server.

Inventors

  • Amedeo Veneroso
  • Vincenzo Pascariello
  • Alfonso Tramontano

Assignees

  • STMICROELECTRONICS S.R.L.

Dates

Publication Date
20260512
Application Date
20230509
Priority Date
20220517

Claims (20)

  1. 1 . A method, comprising: generating, by a computing device, a first key and a bootstrapping key; communicating, by the computing device, the first key and an identifier of the bootstrapping key to an electronic device; communicating, by the computing device, the bootstrapping key and the identifier to a server; performing, by the electronic device, a fully homomorphic encryption of a first data value stored in the electronic device using the first key to generate an encrypted first data value; and communicating, by the electronic device, the encrypted first data value and the identifier to the server.
  2. 2 . The method of claim 1 , further comprising: receiving, by the electronic device, a second data value from the server; and performing, by the electronic device, a fully homomorphic decryption of the second data value using the first key to generate a third data value, the third data value corresponding to a result of a first operation applied to the first data value.
  3. 3 . The method of claim 2 , further comprising performing, by the server, the first operation on the second data value in accordance with a fully homomorphic processing algorithm based on the encrypted first data value and the bootstrapping key.
  4. 4 . The method of claim 3 , wherein the fully homomorphic processing algorithm is performed by a neural network implemented within the server.
  5. 5 . The method of claim 4 , wherein one or more neurons of the neural network are configured to perform a bootstrapping operation using the bootstrapping key.
  6. 6 . The method of claim 3 , wherein the first key is a sequence of N words of bits, each of the N words having a number of M bits, and wherein applying the fully homomorphic processing algorithm comprises: generating a total of J+1 random numbers, where J+1 equals the product of N and M; calculating the sum of the product of bits of the first key with corresponding ones of the generated random numbers; and adding a data value to be encrypted to the sum.
  7. 7 . The method of claim 6 , wherein the order of the additions in the calculating the sum of the product of bits is randomly selected by a cryptographic processor of the server.
  8. 8 . The method of claim 7 , where the calculating further comprises calculating a sum of the random numbers for which the corresponding bit of the first key is zero.
  9. 9 . The method of claim 2 , wherein the electronic device includes a cryptographic processor, wherein the fully homomorphic encryption of the first data value comprises: generating, by the cryptographic processor, an intermediary first data value by encoding the first data value; and applying, by the cryptographic processor, a fully homomorphic encryption algorithm to the intermediary first data value using the first key to generate the encrypted first data value.
  10. 10 . The method of claim 9 , wherein the fully homomorphic decryption of the second data value comprises: applying, by the cryptographic processor, a fully homomorphic decryption algorithm to the second data value using the first key to generate an intermediary third data value; and decoding, by the cryptographic processor, the intermediary third data value to generate a third data value.
  11. 11 . The method of claim 1 , wherein the electronic device includes a secure circuit, and wherein the method further comprises storing, by the electronic device, the first key in the secure circuit after receiving the first key.
  12. 12 . The method of claim 1 , wherein the first key is stored in a memory of the electronic device masked with a random mask, wherein the first key is demasked during performing of the fully homomorphic encryption.
  13. 13 . A system, comprising: a computing device configured to: generate a first key and a bootstrapping key, and communicating the bootstrapping key and an identifier of the bootstrapping key to a server; and an electronic device comprising a cryptographic processor and a memory coupled to the cryptographic processor and storing a program, the program comprising instructions that when executed by the cryptographic processor enable the electronic device to: receive the first key and the identifier from the computing device, perform a fully homomorphic encryption of a first data value stored in the electronic device using the first key to generate an encrypted first data value, and communicate the encrypted first data value and the identifier to the server.
  14. 14 . The system of claim 13 , further comprising the server, the server configured to: compute a second data value in accordance with a fully homomorphic processing algorithm based on the encrypted first data value; and communicate the second data value to the electronic device, wherein the electronic device is configured to perform a fully homomorphic decryption of the second data value using the first key to generate a third data value, the third data value corresponding to a result of a first operation applied to the first data value.
  15. 15 . The system of claim 14 , wherein the first key is a sequence of N words of bits, each of the N words having a number of M bits, and wherein applying the fully homomorphic processing algorithm comprises: generating a total of J+1 random numbers, where J+1 equals the product of N and M; calculating the sum of the product of bits of the first key with corresponding ones of the generated random numbers; and adding a data value to be encrypted to the sum.
  16. 16 . The system of claim 15 , wherein the order of the additions in the calculating the sum of the product of bits is randomly selected by a cryptographic processor of the server.
  17. 17 . The system of claim 13 , wherein the electronic device comprises a secure circuit, and wherein the secure circuit is configured to store the first key after receiving the first key.
  18. 18 . The system of claim 13 , wherein the electronic device includes a cryptographic processor configured to: generate an intermediary first data value by encoding the first data value; and apply a fully homomorphic encryption algorithm to the intermediary first data value using the first key to generate the encrypted first data value.
  19. 19 . An electronic device, comprising: a cryptographic processor; and a memory storing a program and coupled to the cryptographic processor, the program comprising instructions that when executed by the cryptographic processor enable the electronic device to: receive a first key from a computing device; generate an intermediary first data value by encoding a first data value; apply a fully homomorphic encryption algorithm to the intermediary first data value using the first key to generate an encrypted first data value; and communicate the encrypted first data value and an identifier of a bootstrapping key generated by the computing device to a server.
  20. 20 . The electronic device of claim 19 , wherein the electronic device is further configured to receive a second data value from the server, wherein the second data value is computed by the server in accordance with a fully homomorphic processing algorithm based on the encrypted first data value, and wherein the electronic device is further configured to perform a fully homomorphic decryption of the second data value using the first key to generate a third data value, the third data value corresponding to a result of a first operation applied to the first data value by the server.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This application claims priority to French Application No. 2204682 filed on May 17, 2022, which application is hereby incorporated by reference herein in its entirety. TECHNICAL FIELD The present disclosure relates generally to the field of encryption, and in particular to the field of fully homomorphic data encryption. BACKGROUND Fully homomorphic encryption is an encryption form that permits operations to be validly performed on the encrypted data without first decrypting the data. This permits the operations to be performed in a non-secure environment, such as using a server belonging to a third party, without the confidentiality of the data being compromised. The data is stored by an electronic device and encrypted by the electronic device before being furnished to the server. The data resulting from the computations by the server on the encrypted data is returned to the electronic device still in a data-encrypted form. Once decrypted, the resulting data is the same as if it had been obtained by applying the computing operations directly to the unencrypted data. Fully homomorphic encryption can be used for privacy-preserving out-sourced storage and computation. This allows data to be encrypted and outsourced to other environments for processing while remaining encrypted. Fully homomorphic encryption algorithms present the advantage of returning the result with relatively low noise, which is not the case for other homomorphic encryption algorithms. Using a bootstrapping key in the execution of the operations on the encrypted data obtains this advantage. However, there are technical problems in implementing fully homomorphic encryption algorithms. SUMMARY There is a need in the art for a method and device to implement fully homomorphic algorithms that overcome one or more problems in the prior art. One embodiment provides a method including the generation, by a computing device, of a first key and a bootstrapping key; the provision of the first key and an identifier of the bootstrapping key to an electronic device and the provision of the bootstrapping key and the identifier to a server; the fully homomorphic encryption, by the electronic device, of a first data value, stored in the electronic device, by using the first key; and the provision, by the electronic device, of the encrypted first data value and of the identifier, to the server. According to an embodiment, the method above further includes performing, by the server, the first operation on the second data value according to a fully homomorphic processing algorithm based on the encrypted first data value and the bootstrapping key. According to an embodiment, the method above further includes the reception, by the electronic device, of a second data value from the server; and the generation of a third data value by fully homomorphic decryption of the second data value using the first key, the third data value corresponding to the result of a first operation applied to the first data value. According to an embodiment, the electronic device includes a secure circuit, the method further including, after the provision of the first key, the storage of the first key in the secure circuit. According to an embodiment, the electronic device includes a cryptographic processor where the fully homomorphic encryption of the first data value includes the generation, by the cryptographic processor, of an intermediary first data value by encoding the first data value; and the application of a fully homomorphic encryption algorithm to the intermediary first data value, by the cryptographic processor and using the first key, the encryption resulting in the encrypted first data value. According to an embodiment, the fully homomorphic decryption of the second value includes the application of a fully homomorphic decryption algorithm to the second data value by the cryptographic processor and using the first key, the decryption resulting in an intermediary third data value; and the decoding of the intermediary third data value, by the cryptographic processor, resulting in the third data value. According to an embodiment, the fully homomorphic processing of the encrypted first data value is performed by a neural network implemented in the server. According to an embodiment, one or more neurons of the neural network are configured to perform a bootstrapping operation using the bootstrapping key. According to an embodiment, the first key is a sequence of N words of bits, each of the N words including a number of M bits, and wherein the encryption algorithm includes a) the generation of J+1 random numbers, where J+1 is equal to N*M; b) the calculation of the sum of the product of bits of the secret key with corresponding ones of the random numbers; and c) the addition of the data value to be encrypted to the sum. According to an embodiment, the order of the additions in step b) is selected randomly by the cryptographic processor. Ac