Abstract
We initiate the study of fully homomorphic encryption for RAMs (RAM-FHE). This is a public-key encryption scheme where, given an encryption of a large database D, anybody can efficiently compute an encryption of P(D) for an arbitrary RAM program P. The running time over the encrypted data should be as close as possible to the worst case running time of P, which may be sub-linear in the data size. A central difficulty in constructing a RAM-FHE scheme is hiding the sequence of memory addresses accessed by P. This is particularly problematic because an adversary may homomorphically evaluate many programs over the same ciphertext, therefore effectively “rewinding” any mechanism for making memory accesses oblivious. We identify a necessary prerequisite towards constructing RAM-FHE that we call rewindable oblivious RAM (rewindable ORAM), which provides security even in this strong adversarial setting. We show how to construct rewindable ORAM using symmetric-key doubly efficient PIR (SK-DEPIR) (Canetti-Holmgren-Richelson, Boyle-Ishai-Pass-Wootters: TCC ’17). We then show how to use rewindable ORAM, along with virtual black-box (VBB) obfuscation for specific circuits, to construct RAM-FHE. The latter primitive can be heuristically instantiated using existing indistinguishability obfuscation candidates. Overall, we obtain a RAM-FHE scheme where the multiplicative overhead in running time is polylogarithmic in the database size N. Our basic scheme is single-hop, but we also extend it to obtain multi-hop RAM-FHE with overhead$$N^\epsilon $$ for arbitrarily small$$\epsilon >0$$. We view our work as the first evidence that RAM-FHE is likely to exist.
| Original language | English |
|---|---|
| Title of host publication | Advances in Cryptology – CRYPTO 2019 - 39th Annual International Cryptology Conference, Proceedings |
| Editors | Daniele Micciancio, Alexandra Boldyreva |
| Publisher | Springer Verlag |
| Pages | 589-619 |
| Number of pages | 31 |
| ISBN (Print) | 9783030269470 |
| DOIs | |
| State | Published - 2019 |
| Externally published | Yes |
| Event | 39th Annual International Cryptology Conference, CRYPTO 2019 - Santa Barbara, United States Duration: 18 Aug 2019 → 22 Aug 2019 |
Publication series
| Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
|---|---|
| Volume | 11692 LNCS |
| ISSN (Print) | 0302-9743 |
| ISSN (Electronic) | 1611-3349 |
Conference
| Conference | 39th Annual International Cryptology Conference, CRYPTO 2019 |
|---|---|
| Country/Territory | United States |
| City | Santa Barbara |
| Period | 18/08/19 → 22/08/19 |
Bibliographical note
Publisher Copyright:© 2019, International Association for Cryptologic Research.
Funding
Justin Holmgren is supported in part by the Simons Collaboration on Algorithms and Geometry and by NSF grant CCF-1714779. This research was done in part while affiliated with MIT, supported in part by the NSF MACS project CNS-1413920. Mor Weiss is supported in part by ISF grants 1861/16 and 1399/17, and AFOSR Award FA9550-17-1-0069. Daniel Wichs and Ariel Hamlin are supported by NSF grants CNS-1314722, CNS-1413964, CNS-1750795 and the Alfred P. Sloan Research Fellowship.
| Funders | Funder number |
|---|---|
| National Science Foundation | CNS-1413920, CCF-1714779 |
| Air Force Office of Scientific Research | CNS-1750795, CNS-1413964, FA9550-17-1-0069, CNS-1314722 |
| Alfred P. Sloan Foundation | |
| Iowa Science Foundation | 1861/16, 1399/17 |