Thunderbird: Efficient Homomorphic Evaluation of Symmetric Ciphers in 3GPP by combining two modes of TFHE

IACR Transactions on Cryptographic Hardware and Embedded Systems Pub Date : 2024-07-18 DOI:10.46586/tches.v2024.i3.530-573

Benqiang Wei, Xianhui Lu, Ruida Wang, Kun Liu, Zhihao Li, Kunpeng Wang

{"title":"Thunderbird: Efficient Homomorphic Evaluation of Symmetric Ciphers in 3GPP by combining two modes of TFHE","authors":"Benqiang Wei, Xianhui Lu, Ruida Wang, Kun Liu, Zhihao Li, Kunpeng Wang","doi":"10.46586/tches.v2024.i3.530-573","DOIUrl":null,"url":null,"abstract":"Hybrid homomorphic encryption (a.k.a., transciphering) can alleviate the ciphertext size expansion inherent to fully homomorphic encryption by integrating a specific symmetric encryption scheme, which requires selected symmetric encryption scheme that can be efficiently evaluated homomorphically. While there has been a recent surge in the development of FHE-friendly ciphers, concerns have arisen regarding their security. A significant challenge for the transciphering community remains the efficient evaluation of symmetric encryption algorithms that have undergone extensive study and standardization.In this paper, we present an evaluation framework, dubbed Thunderbird, which for the first time presents efficient homomorphic implementations of stream ciphers SNOW 3G and ZUC that are standardized in the 3G Partnership Project (3GPP). Specifically, Thunderbird combines gate bootstrapping mode and leveled evaluation mode of TFHE to cater to various function types within symmetric encryption algorithms. In the gate bootstrapping mode, we propose a variant of the homomorphic full adder that consumes only a single blind rotation, which may be of independent interest. In the leveled evaluation mode, we employ the CMux gate combining with hybrid packing technique to efficiently achieve lookup tables, significantly reducing the need for gate bootstrapping, and adapt the current optimal circuit bootstrapping to expedite the Thunderbird framework. We have implemented the Thunderbird framework in the TFHEpp public library. Experimental results demonstrate that SNOW 3G and ZUC can homomorphically generate a keyword in only 7 seconds and 9.5 seconds, which are 52x and 32x faster than the trivial gate bootstrapping mode, respectively. For the homomorphic evaluation of the AES-128 algorithm using Thunderbird, we achieve a speedup of 1.9x in terms of latency and use less evaluation key compared to the state-of-the-art work.","PeriodicalId":321490,"journal":{"name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","volume":" 47","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IACR Transactions on Cryptographic Hardware and Embedded Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.46586/tches.v2024.i3.530-573","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Hybrid homomorphic encryption (a.k.a., transciphering) can alleviate the ciphertext size expansion inherent to fully homomorphic encryption by integrating a specific symmetric encryption scheme, which requires selected symmetric encryption scheme that can be efficiently evaluated homomorphically. While there has been a recent surge in the development of FHE-friendly ciphers, concerns have arisen regarding their security. A significant challenge for the transciphering community remains the efficient evaluation of symmetric encryption algorithms that have undergone extensive study and standardization.In this paper, we present an evaluation framework, dubbed Thunderbird, which for the first time presents efficient homomorphic implementations of stream ciphers SNOW 3G and ZUC that are standardized in the 3G Partnership Project (3GPP). Specifically, Thunderbird combines gate bootstrapping mode and leveled evaluation mode of TFHE to cater to various function types within symmetric encryption algorithms. In the gate bootstrapping mode, we propose a variant of the homomorphic full adder that consumes only a single blind rotation, which may be of independent interest. In the leveled evaluation mode, we employ the CMux gate combining with hybrid packing technique to efficiently achieve lookup tables, significantly reducing the need for gate bootstrapping, and adapt the current optimal circuit bootstrapping to expedite the Thunderbird framework. We have implemented the Thunderbird framework in the TFHEpp public library. Experimental results demonstrate that SNOW 3G and ZUC can homomorphically generate a keyword in only 7 seconds and 9.5 seconds, which are 52x and 32x faster than the trivial gate bootstrapping mode, respectively. For the homomorphic evaluation of the AES-128 algorithm using Thunderbird, we achieve a speedup of 1.9x in terms of latency and use less evaluation key compared to the state-of-the-art work.

查看原文本刊更多论文

雷鸟通过结合两种 TFHE 模式，在 3GPP 中对对称密码进行高效的同态评估

混合同态加密（又称转加密）可以通过整合特定的对称加密方案来缓解完全同态加密固有的密文大小膨胀问题，这就要求所选的对称加密方案能够有效地进行同态评估。虽然近来对 FHE 友好型密码的开发激增，但人们对其安全性也产生了担忧。在本文中，我们提出了一个名为 "雷鸟"（Thunderbird）的评估框架，它首次提出了流密码 SNOW 3G 和 ZUC 的高效同态实现方法，这两种流密码已在 3G 合作项目（3GPP）中标准化。具体来说，Thunderbird 结合了 TFHE 的门引导模式和分级评估模式，以满足对称加密算法中各种函数类型的需要。在门引导模式中，我们提出了一种同态全加法器的变体，它只消耗一次盲旋转，这可能会引起独立的兴趣。在分级评估模式中，我们采用了 CMux 栅极与混合打包技术相结合的方法，有效地实现了查找表，大大减少了对栅极引导的需求，并对当前的最优电路引导进行了调整，以加速雷鸟框架的实现。我们在 TFHEpp 公共库中实现了雷鸟框架。实验结果表明，SNOW 3G 和 ZUC 只需 7 秒和 9.5 秒就能同态生成一个关键字，比琐碎的门引导模式分别快 52 倍和 32 倍。在使用 Thunderbird 对 AES-128 算法进行同态评估时，我们在延迟方面实现了 1.9 倍的提速，并且与最先进的工作相比使用了更少的评估密钥。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IACR Transactions on Cryptographic Hardware and Embedded Systems

自引率

0.00%

发文量