Efficient Fully homomorphic encryption scheme using Ring-LWE

Data can be stored and processed in an encrypted format using fully homomorphic encryption, which makes cloud computing provider can process data well without even knowing data information. However, most existing homomorphic encryption schemes based on ring learning with errors, focus on the special classes of rings, such as power-of-two cyclotomic rings, which significantly limits its application efficiency in cloud computing. Therefore, in this letter, to solve this problem above, an efficient fully homomorphic encryption scheme is proposed based on ring learning with errors in arbitrary cyclotomic rings. Particularly, a “somewhat homomorphic encryption” scheme is firstly proposed based on ring learning with errors. A novel fully homomorphic encryption scheme is further presented using key-switching. With theoretical and experimental verification, the proposed scheme has advantage of high efficiency of encryption and decryption. The security of our scheme strictly reduces to hardness of decision ring learning with errors problem in the random oracle model.


Introduction
Fully homomorphic encryption is a cryptographic primitive that facilitates arbitrary computation on encrypted data, while users have no need to decrypt. This encryption technology gives a new solution for many problems, such as privacy protection problem in cloud computing as 'Figure1', private information retrieval, etc. In 2009, Craig Gentry [1]proposed the first fully homomorphic encryption scheme on ideal lattices, which promotes the progress of constructing fully homomorphic encryption. In this paper, Gentry first obtained a "somewhat homomorphic" scheme, supporting only a limited number of ciphertext multiplications, and then using "bootstrapping" technology, one can construct a fully homomorphic encryption scheme. As a result of Gentry's research, a series of homomorphic encryption schemes based on different kinds of mathematical problems has been constructed. In 2012, Brakerski and [2] first proposed a fully homomorphic encryption scheme from ring learning with errors on CRYPTO. In 2013, Coron [3][4][5]constructed a fully homomorphic encryption from approximate maximum common factor problem on EUROCRYPT. In 2013, Gentry [6]first proposed an identity-based fully homomorphic Encryption scheme using approximate eigenvectors, but this scheme ciphertext expansion serious.In 2014,GUANG Yan [7]design an identity-based fully homomorphic encryption with pre-image sampling trapdoor one-way function to extract the private key ,but this scheme can't support multi-bit encryption. In 2016, Kang Yuanji [8] construct an identity-based fully homomorphic encryption from ring learning with errors, but only support the ciphertext homomorphic operations by same identity. In 2018, WANG Weili [9]construct an multi-identity-based fully homomorphic encryption from obfuscation, which supports cipher operation in different identities, and can carry out multiple homomorphic operations, but the scheme encryption and decryption efficiency is not high.
Therefore, in this letter, to solve the efficiency problem well, firstly, a "somewhat homomorphic encryption" scheme is proposed based on ring learning with errors problem. And then, a fully homomorphic encryption scheme is presented using key-switching technology. In this paper, non-power-of-two cyclotomic rings is innovatively exploited, instead of power-of-two cyclotomic rings as usual. Finally, the security of the proposed scheme strictly reduces to hardness of decisional ring learning with errors problem in the random oracle model.

Notation
In this paper, the concept of circular field in algebraic number theory are used. For any positive integer m ,the mth primitive unit root is added to  to obtain the mth circular domain, which is denoted as .For arbitrary , On the basis of the trace function ,give the definition of dual R  of R is given, The ring of integers of K . q R  : The good basis is consist of sufficient short basis，

Ring Learning with Errors Definition 1 Ring Learning with Errors
Let  be a family of distribution over K R . The search version of the Ring-LWE problem, denoted RLWE q  , , is defined as follows: give access to arbitrarily many independent samples from s A  , for some arbitrary q s R   and    , find s .

Definition 2 Decision Ring Learning with Errors
The average-case decision version of the ring learning with errors problem, denoted DRLWE q  , , is to distinguish with non-negligible advantage between arbitrarily many independent samples from s is uniformly random , and the same number of uniformly random and independent samples from

Theorem 1
Let K be the th

Somewhat Homomorphic Encryption Scheme
Somewhat homomorphic encryption RSHE include three polynomial time algorithms which is key generation algorithms KeyGen, encryption algorithms Enc and decryption algorithms Dec.

3.2.Fully homomorphic encryption using Key Switching
After once homomorphic multiplication, ciphertext vector is mult ( , the ring elements add to three. It can be predict, with the continuation of homomorphic multiplication, the ciphertext elements multiply exponential growth. With the key-switching technology, the ciphertext can be stay two ring elements.
, the ciphertext after key-switching technology is , , x f gets.  (1) Game 1: Game1 changes the generation of the generation of public key in Game0. In Game 1 , pk have no longer available from px s a  1 , but choose from the uniformly random distribution over q R  . The attacker is unable to distinguish between Game0 and the modified Game 1, so: