We are not able to resolve this OAI Identifier to the repository landing page. If you are the repository manager for this record, please head to the Dashboard and adjust the settings.
International Association for Cryptologic Research (IACR)
Abstract
Homomorphic encryption has the purpose to allow computations on
encrypted data, without the need for decryption other than that
of the final result. This could provide an elegant solution to the problem of privacy
preservation in data-based applications, such as those provided
and/or facilitated by machine learning techniques, but several
limitations and open issues hamper the fulfillment of this plan.
In this work we assess the possibility for homomorphic
encryption to fully implement its program without the need
to rely on other techniques, such as multiparty computation, which
may be impossible in many actual use cases
(for instance due to the high level of communication required).
We proceed in two steps:
i) on the basis of the well-known structured program theorem
[Bohm and Jacopini] we identify the relevant minimal
set of operations homomorphic encryption must be able to perform
to implement any algorithm; and ii) we analyse the possibility to
solve -and propose an implementation for- the most fundamentally
relevant issue as it emerges from our analysis, that is, the
implementation of conditionals (which in turn require comparison
and selection/jump operations) in full homomorphic encryption.
We show how this issue has a serious impact and clashes with the
fundamental requirements of homomorphic encryption.
This could represent a drawback for its use as a
complete solution in data analysis applications,
in particular machine learning. It will thus possibly require
a deep re-thinking of the homomorphic encryption program for
privacy preservation.
We note that our approach to comparisons is novel, and for the first
time completely embedded in homomorphic encryption,
differently from what proposed in previous studies
(and beyond that, we supplement it with the necessary
selection/jump operation).
A number of studies have indeed dealt with comparisons,
but have not managed to perform them in pure homomorphic encryption.
Typically their comparison protocols do not utilise homomorphic
encryption for the comparison itself, but rely on other
cryptographic techniques, such as secure multiparty
computation, which
a) require a high level of communication
between parties (each single comparison in a machine
learning training and prediction process must be
performed by exchanging several messages), which
may not be possible in various use cases, and
b) required the data owner to decrypt
intermediate results, extract significant
bits for the comparison, re-encrypt and send the
result back to the other party for the accomplishment
of the algorithm. Such ``decryption\u27\u27 in the middle
foils the purpose of homomorphic encryption.
Beside requiring only homomorphic encryption,
and not any intermediate decryption, our protocol
is also provably safe (as it shares the same safety as
the homomorphic encryption schemes), differently
from other techniques such as OPE/ORE and variations,
which have been proved not secure
Is data on this page outdated, violates copyrights or anything else? Report the problem now and we will take corresponding actions after reviewing your request.