Research perspectives on fully homomorphic encryption models for cloud sector 1

Abstract

As there is a continuous delivery of big data, the researchers are showing interest in the applications of cloud computing concerning privacy, and security. On the other hand, many researchers and experts of cybersecurity have commenced on a quest for improving the data encryption to the models of big data and applications of cloud computing. Since many users of the cloud become public cloud services, confidentiality turns out to be a more compound problem. To solve the confidentiality problem, cloud clients maintain the data on the public cloud. Under this circumstance, Homomorphic Encryption (HE) appears as a probable solution, in which the information of the client is encrypted on the cloud in such a process that it permits few manipulation operations without decryption. The main intent of this paper is to present the systematic review of research papers published in the field of Fully Homomorphic Encryption (FHE) over the past 10 years. The encryption scheme is considered full when it consists of plaintext, a ciphertext, a keyspace, an encryption algorithm, and a decryption algorithm. Hence, the review mostly concentrates on reviewing more powerful and recent FHE. The contributions using different algorithms in FHE like Lattice-based, integer-based, Learning With Errors (LWE), Ring Learning With Errors (RLWE), and Nth degree Truncated polynomial Ring Units (NTRU) are also discussed. Finally, it highlights the challenges and gaps to be addressed in modeling and learning about competent, effectual, and vigorous FHE for the cloud sector and pays attention to directions for better future research.

Keywords

Big data cloud computing fully homomorphic encryption FHE-based algorithms LWE NTRU

1. Introduction

Over the last decade, cloud computing has presented itself as a dominant computing platform, providing various benefits for both providers and clients [59]. One of the evident major benefits is that consumers may allocate their complicated calculations and gain at low cost from the latest technology and computational powers. The major advantage is that clients can assign their compound computations and it has an advantage over the best models and less expensive in computation power. One of the significant security problems is the security of sensible data. Some of the information leakages leak to tremendous harm to its owners. To encrypt it before maintaining it on a remote cloud server, it is advised for encrypting to save the privacy of the provided data. For preserving data privacy while transferring to the cloud, the traditional encryption models such as2

²
Advanced Encryption Standard.

[51], RSA3

Rivest–Shamir–Adleman.

[31], and 3DES4

⁴

Data Encryption Standard.

[64] are used to permit the clients, but if the requests are given by the clients to cloud for performing a compound treatment on its data, the user must share the private key using the remote server in the cloud. The classical usage of cryptography is not the best solution concerning privacy, especially when the cloud is considered as an untrusted part.

For solving the complexity, smart computations need to be performed on encrypted data, and this concept was initially developed by “Rivest, Adleman, and Dertozous” in the year 1978 [45], and those were conjectured the presence of privacy homomorphism. At present, the concept of FHE5

⁵

Fully Homomorphic Encryption.

is used instead of privacy homomorphism. These FHE algorithms are taken into consideration as the advanced version algorithms. It is used for cryptography, which is the kind of smart encryption cryptography that helps arbitrary computations on ciphertexts where decryption is not required. In the view of distributed computation and cloud computing, it is considered an extremely precious one. In cloud computing and big data, FHE [47] application is majorly employed. In general, FHE is employed to outsource sophisticated calculations on sensitive information maintained in the cloud, since it is particularly used in big data applications such as private information retrieval, and secure search on encrypted big data. This is an open issue until the Gentry has given a solution in 2009 [69].

In 2009, an IBM researcher named Craig Gentry has demonstrated the first feasible FHE model [26], which allows ring operations namely ciphertext addition and multiplication [27]. Initially, Gentry introduced the SWHE6

⁶

Somewhat Homomorphic Encryption.

model that supports only constrained amount tasks that are done on ciphertexts. The functions that are assessed homomorphically on ciphertexts in SWHE are bounded degree and polynomials of small. In Gentry’s framework, the second phase includes the process of decryption squashing. Later, the major notion of Gentry named bootstrapping is introduced, which is used for analyzing the decryption polynomial not only secret key bits and ciphertext bits but also performing encryption of those bits that produces a new ciphertext [25]. The count of permissible homomorphic operations becomes unconstrained with this refresh process of ciphertext and attains the FHE model [34,60]. However, there are many probabilistic encryption algorithms, the encryption of a similar message two times gives the result as two discrete ciphertexts by attaining immense probability.

The public key is augmented with a big set of vectors in which the encryption algorithms are partially homomorphic but not fully homomorphic. A ciphertext of the underlying scheme can be post-processed using this public key and the post-processed ciphertext can be decrypted with a low-degree polynomial, thereby achieving a bootstrappable scheme. Gentry’s developed FHE consists of several steps: First, it constructs the SWHE scheme that supports evaluating low-degree polynomials on the encrypted data. Next, it squashes the decryption procedure so that it can be expressed as a low-degree polynomial which is supported by the scheme, and finally, it applies a bootstrapping transformation to obtain a fully homomorphic scheme.

In 2010, Marten van Dijk et al. [20] have presented a second FHE scheme, which uses many of the tools of Gentry’s construction, but which does not require ideal lattices. Instead, they show that the SWHE component of Gentry’s ideal lattice-based scheme can be replaced with a very simple SWHE scheme that uses integers. The scheme is therefore conceptually simpler than Gentry’s ideal lattice scheme but has similar properties with regards to homomorphic operations and efficiency. The SWHE component is similar to an encryption scheme. It is not even additively homomorphic, however, it supports only additions, but it can be modified to support a small number of multiplications.

The lattice-based approach has shown a path to pursue in cryptography because it is based on simple mathematical operations, which result in low computational costs. SHE7

⁷

Selective Harmonic Elimination.

schemes add noise to the ciphertext in each homomorphic operation, thus, at a certain level the amount of noise is so high, that decryption becomes impossible. Therefore, to achieve FHE from a SHE scheme, one needs to keep the noise level below a certain bound and to that end, Gentry introduced two concepts called squashing and bootstrapping. Gentry’s bootstrapping technique is currently the only known method of obtaining pure FHE schemes, and it may offer performance advantages even in cases that do not require pure FHE (such as when using the new noise-control technique of Brakerski-GentryVaikuntanathan) [6]. The SWHE can only evaluate functions of bounded complexity. The ciphertexts in these ring-based SWHE include some “noise” to ensure security, and this noise grows when applying homomorphic operations until it becomes so large that it overwhelms the decryption algorithm and causes decryption errors. Squashing consists of multiplying the ciphertext by the elements of a set of vectors, which will reduce the polynomial degree of the decryption circuit to a level that the scheme can handle. To overcome the growth of noise, Gentry used a bootstrapping transformation, where the decryption procedure is run homomorphically on a given ciphertext, using encryption of the secret key that can be found in the public key, resulting in a new ciphertext that encrypts the same message but has potentially smaller noise.

The comparison of relinearization with the parallel computing acceleration provides good execution efficiency, which has certain practical value and realistic significance. The significant benefits of relinearization with parallel computing are used to improve the execution efficiency of the algorithm, realize efficient encryption and a decryption operation, and effectively reduce the time homomorphic operation. The parallel FHE supports floating-point operation, which can be used to conduct fast and efficient encryption and decryption operations of massive floating-point data. It has high security and practicality, and it applies to the cloud computing scenario. The main purpose of parallel computing is to reduce the time complexity of homomorphic operations in FHE. Compared to the traditional encryption algorithms, this method does not require frequent encryption and decryption operations between the cloud and user, which can reduce the overhead of communication and computation resources. The user’s private data are saved in the form of ciphertext in the cloud, and the service provider cannot know the data content, which can prevent them from exploring the user’s privacy through illegal embezzling and tampering of user data. It has provided a security basis for the users to fully utilize the cloud computing resources to conduct massive data analysis and processing, and in particular, it can be combined with the secure multi-party computation protocol to solve the parallel computing acceleration of privacy security issue when the user outsources the computation service. The multiplication operation creates a significant noise, which is handled by using relinearization and modulus switching. The relinearization operation is reduced to the computation of many polynomial multiplications; a fast large degree polynomial multiplication is the key to achieve high performance.

The contribution of the present paper is given below.

To process the data or product services to the user, a reliable and efficient review of FHE using various algorithms is introduced.

To enhance the performance of FHE models, various FHE-based algorithms such as Lattice-based, integer-based, LWE,8

⁸

Learning With Errors.

RLWE,9

⁹

Ring Learning With Errors.

and NTRU10

¹⁰

Nth degree Truncated polynomial Ring Units.

are introduced.

To provide service for large-scale and heterogenous data securely, an efficient performance analysis is done.

To overcome the challenges of existing FHE-based algorithms, a new model needs to be introduced for effective and vigorous FHE for the cloud sector, whose research direction is mentioned.

The organization of the entire paper is designed in the following manner: Section 2 specifies different categorizations of FHE. In Section 3, the literature review on FHE is mentioned. Analysis of diverse FHE models is specified in Section 4. The research gaps and challenges of FHE are shown in Section 5. The conclusion of the paper is given in Section 6.

2. Different categorization of fully homomorphic encryption

2.1. Fully homomorphic encryption

The title page should provide the following information:

FHE is an encryption technique, which is defined based on mathematical operations such as multiplication and addition. This kind of representation is initially introduced in Gentry’s research work. This FHE model performs basic arithmetic operations that can be done on encrypted information, therefore it is employed as a privacy-preserving approach. Moreover, it also performs arithmetic computations on an unlimited amount of data. In some of the contributions, multiplicative, additive, and XOR models were discussed, whereas the other researchers concentrated on hybrid encryption models that consist of biometric usage and quantum computing while developing the keys. When homomorphic multiplication is performed on the ciphertext, the length of the ciphertext increases. The computation time of homomorphic addition and multiplication is proportional to the ciphertext length. As a result, both time and space complexity grow as the computation with multiplication proceeds because the ciphertext length continues to increase as well.

Bootstrapping and relinearization

Bootstrapping and relinearization operations are used only for the maintenance of ciphertext and do not modify the underlying plaintext. All the existing FHE schemes have the same property; every ciphertext includes some amount of noise that grows with every arithmetic operation. To keep the amount of noise within the threshold, we need an operation called bootstrapping to reduce the noise. If the amount of noise reached the predetermined threshold, the decryption result is incorrect. However, bootstrapping takes huge computation time. Bootstrapping involves heavy computation, which takes a few seconds to a few minutes. Owing to this heavy computation, many researchers are trying to build a practical application with a low depth circuit in which the homomorphic operations are completed without invoking the bootstrapping. By performing homomorphic multiplication, the length of the ciphertext increases, and the computation time and memory cost of multiplication also increases. Relinearization approximately involves the same amount of computation cost as that of homomorphic multiplication. A simple strategy to handle the ciphertext length is to relinearize the ciphertext after every multiplication; however, this strategy is not always optimal. The relinearization can reduce the length of the ciphertext but incurs almost the same amount of the cost as that of the homomorphic multiplication. Therefore when comparing bootstrapping and relinearization, bootstrapping is more expensive.

FHE $FHE = (FHE . KyGen, FHE . En, FHE . De, FHE . Evl)$ is termed as the quadruple of Probabilistic Polynomial Time (PPT) algorithms, which is given below.

1. Key generation: The algorithm considers a unary representation of the security parameter, which is denoted as $(pky, sky, evky) \leftarrow FHE . KyGen (1^{ky})$ . This results in the public encryption key, which is given by $pky$ , the secret decryption key is indicated by $sky$ , and a public evaluation key, which is represented as $evky$ when the concrete FHE requires this key.

2. Encryption: It considers the message $msg$ from p and the public key $pky$ results in a ciphertext $cp \in CP . Cp \leftarrow FHE . En (msg, pky)$ .

3. Decryption: It considers ciphertext $cp$ and secret key $sky$ , which provides an output message ${msg}^{'} . {msg}^{'} \leftarrow FHE . De (cp, sky)$ .

4. Evaluation: It considers an evaluate function f, which requires an evaluation key if required and an array ${cp}_{m}$ with a series of a ciphertexts ${cp}_{m} = ({cp}_{1}, \dots, {cp}_{a})$ that provides a novel ciphertext ${cp}_{out} = {cp}_{f}$ , ${cp}_{f} = f ({cp}_{m}) . {cp}_{out} \leftarrow FHE . Evl (f, evky, {cp}_{m})$ . Based on the respective FHE model, the evaluation function f is defined.

2.2. Categorization of fully homomorphic encryption

As mentioned earlier, FHE is determined by computing the mathematical operations, and it is classified into three types namely Multiplicative HE,11

¹¹
Homomorphic Encryption.

XOR HE, and additive HE, which is shown in Fig. 1.

Fig. 1.

Categorization of fully homomorphic encryption and its algorithms.

Multiplicative Homomorphic Encryption: During the discussion of HE, it is significant to make a note that various researchers confer discrete cryptographic approaches. In this case, the RSA public-key encryption algorithm [54] is one of the common algorithms discussed by the researchers. Simultaneously, a multiplicative homomorphism has also relied on ElGamal cryptographic system [49] that is dependent on the asymmetric public-key encryption algorithm. This algorithm provides the key in a cyclic group by a defined generator index in order. The ElGamal encryption’s exponent is an order function (d) and the public key is a cyclic group’s function (G), an exponent product (L), and generator (T).

XOR Homomorphic Encryption: It is defined based on the Goldwasser-Micali approach [61], which is an encryption model and it has relied on computational probability. This encryption model is based on the assumption that finds the solution for the quadratic residues, which is the computational demanding task and the consequent ciphertext is of more sized when compared over plain text.

Additive Homomorphic Encryption: Based on the Parlier encryption model, an additive homomorphism is computed, which is an asymmetric probabilistic encryption model by the features that are the same as the ElGamal model. However, this model employs discrete private and public keys for message encryption and decryption. Also, the encryption model is relied on the Greatest Common Divisor (GCD) computation using two prime numbers that are selected at random.

2.3. Different types of FHE algorithms

In FHE, there are diverse types of algorithms like “lattice-based FHE, integer-based FHE, LWE, RLWE, and NTRU”, which are used in different applications, especially the cloud sector.

Lattice-based FHE [ 1 ]: It employs the structure of vector space for encrypting the messages in the form of noisy lattices. Thus, it ensures the security of the messages by having less computational complexity since it is used to perform basic operations in the vector space like addition and multiplication. The steps for performing lattice-based FHE are given below.

Key Generation: This lattice-based FHE determines five integer parameters that are declared as global. The count of coordinates of plaintext vectors is denoted as M, the ring feature over which the coordinates are built is indicated $rng$ , and the maximum count of homomorphic operations, which has to be performed is denoted as $Co$ . Moreover, the count of softly disturbed matrices in the public key is given by m, and an upper bound to the random vector coordinates that are used for inserting noise is denoted as $ε_{max}$ .

Assume $Co = m \times M \times ε_{max} + (M - 1) \times rng$ , $a = 2 \times {Co}_{o} \times (2 Co + 1)$ and the prime number is given by $b = a \times rng + ε$ , in which $ε < 10$ . Later, two random $M \times M$ matrices are generated over $GF (b) : C$ and D, in which the term C is invertible and $N = [C | D]$ . Also, a random scrambling matrix is generated which is the $M \times M$ diagonal invertible matrix over $GF (b)$ . By multiplying N to the left of the random invertible matrix $R_{in}, \ddot{N_{in}} = [C_{in} | D_{in}]$ , On the other hand, a soft noise matrix $E_{in}$ is generated, a random $M \times M$ matrix ranging from −1 to 1, for each $in \in {1, 2, \dots, m}$ . Further, a softly distributed matrix is computed, $in = [C_{in} | D_{in} + E_{in} △]$ .

A hard noise matrix $E_{o}$ needs to be computed by producing a soft noise matrix and then substitute the diagonal values using a. Furthermore, the hardly distributed matrix $\dot{N_{o}} = [C_{o} | D_{o} + E_{o} △]$ needs to be calculated. Later, permutation operation $pr (∙)$ , and measure $N_{in} = \Pr (\dot{N_{in}})$ , $in \in {1, 2, \dots, m}$ . Hence, $m + 1$ matrices ${N_{o}, N_{1}, \dots, N_{m}}$ is the public key. The private key includes the hidden matrix N, scrambling matrix, and the permutation $pr (∙)$ .

Encryption: Initially, the plain text message is developed as the message vector n in $A_{rng}^{m}$ . By using the hard noise matrix $N_{o}$ , n, is multiplied. The output is distributed by adding $n N_{o}$ to the addition of n soft noise vectors $\sum_{in} {rng}_{in} * N_{in}$ , in which the term ${rng}_{in}$ denotes n random vectors by having the coordinates less than $ε_{max}$ . Thus, the ciphertext is denoted in Eq. (1). $\begin{matrix} (1) & cp = n N_{o} + \sum_{in = 1}^{m} {rng}_{in} * N_{in} \end{matrix}$ Decryption: It is based on filtering the added noise. Initially, the permutation is reversed by Eq. (2). Here, the term $cp \in GF {(b)}^{2 M}$ . Therefore, the scrambled noise is computed by using Eq. (3). $\begin{array}{l} (2) & {cp}^{↓} = \Pr^{- 1} (cp) \\ (3) & c = c \dot{p_{d s}} - {cp}_{u d} \dot{C^{- 1}} D \end{array}$

In Eq. (3), the distributed and undistributed halves $c \dot{p}$ are represented as $c \dot{p_{d s}}$ and $c \dot{p_{u d}}$ , respectively. Thus, the unscrambled noise is expressed in Eq. (4). For each $\dot{c_{j}}$ in $c = [\dot{c_{1}}, \dots, \dot{c_{M}}]$ , the mathematical equation is denoted as shown in Eq. (5). Here, the term μ is represented in Eq. (6), in which $in \in 1, 2, 3, \dots, M$ . $\begin{array}{l} (4) & \dot{c} = c △ - 1 \\ (5) & \ddot{c_{j}} = \dot{c_{j}} - μ \\ (6) & μ = \{\begin{matrix} \dot{c_{j}} \mod a & \dot{c_{j}} \mod a < \frac{a}{2} \\ (\dot{c_{j}} \mod a) - a & Otherwise \end{matrix} n_{j} = \ddot{c_{j}} a^{1} \end{array}$ Hence, the original plain text is returned as shown in Eq. (7). $\begin{matrix} (7) & n = (n_{1}, \dots, n_{M}) \end{matrix}$

This cryptosystem endures lattice-based and the attacks of selected plaintext, thus it ensures the security of data. This system is appropriate for appliances with restricted competencies as of its less complexity.

Integer-based FHE [ 53 ]: This is relatively simple when compared over other FHE models and it is based on Approximate GCD issue: many $x_{in}$ , in which $x_{in} = g . h_{in} + {rd}_{in}$ , the secret key is determined. The advanced version of the original FHE model over integers is introduced in [18], in which the sizes of the public key was reduced by using the generation of pseudo-random number. Among the many steps present in the model, encryption is one of them, which consists of large integer multiplication and modular reduction, which are the two major building blocks. The construction and optimization of these two building blocks needed in the encryption phase are useful in the further research contribution for implementing the remaining steps in the FHE approach and it is also helpful for implementing remaining FHE models. Thus, the encryption phase is determined by Eq. (8). $\begin{matrix} (8) & cp \leftarrow msg + 2 rnd + 2 \sum_{in = 1}^{τ} x_{in} . d_{in} \mod x_{o} \end{matrix}$

In the above equation, the term $msg$ denotes the message bit, which is ranging from 0 to 1, the random noise parameter is given by $rnd$ , the integers generated from the public key as shown in the key generation phase is denoted as $x_{i} n$ , and the randomly selected integers that are less than $x_{i} n$ is denoted as $d_{i} n$ .

LWE-based FHE [ 8 ]: It generalizes learning parity with noise for the prime number $b ⩾ 2$ and a security parameter $m ⩾ 1$ . In this, a uniform matrix $B \in A_{b}^{n \times m}$ and a vector $d \in A_{\partial}^{n}$ is also given i.e., $B S + c$ , in which $S \in A_{b}^{m}$ , which is the secret vector and the vector includes small errors selected from the normal probability distribution is given by $d \in A_{\partial}^{n}$ . This LWE problem is used for recognizing the vector. It is very simple for solving the vector when there is no error. However, by implementing the error to the equation, it becomes quite complex and impossible for solving the problem.

The public key vector $(p, q) \in A_{\partial}^{m + 1}$ is produced when $s \in A_{b}^{m}$ is a secret key. By using this secret key, the public key is calculated as shown in Eq. (9), which $p \in A_{b}^{m}$ represents the arbitrary uniform vector and the random noise i.e., in small amount sampled from the diverse normal distribution. $\begin{matrix} (9) & (p, q) = (p, ⟨ ps ⟩ + 2 c) \end{matrix}$ In encryption, the security is based on the assumption of LWE, which is straightforward. With the help of the public key $(p, q)$ , the message bit encryption $msg = 0 or 1$ is performed for producing the ciphertext $cp$ , and the respective ciphertext equation is denoted in Eq. (10). $\begin{matrix} (10) & cp = (p, ⟨ ps ⟩ + 2 c + msg (\mod b)) \in A_{\partial}^{m + 1} \end{matrix}$

In decryption, two masks are used for deciphering the text namely secret mask and even masks. The secret mask $⟨ ps ⟩$ is an inner product of the secret vector s and the coefficient vector p. Even mask employs two mod operations for producing the message bit $msg$ as either 0 or 1. The computation of a secret mask is done and it is subtracted from the second part of the ciphertext $cp$ , which results in $2 c + msg (\mod b)$ decryption algorithm. The removal of even the mask is quite simple and leaving the message bit $msg$ .

Key Generation: Initially, selects $m \in A_{\partial}$ for producing the secret key vector, which is denoted as $s \in A_{b}^{m}$ . To select the additional parameters for computing the public key $(p, q)$ , a new key generation algorithm is followed, which is shown in Eq. (11), in which the term $p \in A_{b}^{m}$ , which is selected at random. $\begin{matrix} (11) & (p, q) = (p, ⟨ ps ⟩ + 2 c) \in s \in A_{\partial}^{m + 1} \end{matrix}$

This results in the secret key $sky = s$ and public key $pky = (p, q)$ .

Encryption: This process is implemented on the actual image’s secret shares. The public key $pky = (p, q)$ is recalled in the encryption procedure. The message bit $msg$ is considered for encrypting each image’s pixel, and the ciphertext $(s, t)$ as shown in Eq. (12). $\begin{matrix} (12) & s = p and t = q + msg \end{matrix}$

The ciphertext as a pair of s and t is obtained for each image pixel. Decryption: The cipher image is recalled, which includes the encrypted pixel and it is indicated by $(s, t)$ and the secret key vector is given by s. For message bit decryption $msg$ from the other secret parameters and ciphertext, the computation of $msg = t - ⟨ ss ⟩ \mod 2$ , in which $t = q + msg = (⟨ ps ⟩ + 2 c) + msg$ since $q = ⟨ ps ⟩ + 2 c$ and $s = p$ . The message bit is shown as per Eq. (13). $\begin{matrix} (13) & msg = ⟨ ps ⟩ + 2 c + msg - ⟨ ps ⟩ (\mod 2) = 2 c + msg (\mod 2) \end{matrix}$

The result of $msg$ from the computation is the message that is decrypted from the ciphertext. This process is repeated for each pixel in the encrypted image, thus the actual image is reconstructed.

Evaluation: To produce a new encrypted image, the homomorphic operations are performed on the encrypted image, whereas the decryption provides the result with similar functionality. This homomorphic operation is subjected to the corresponding pixels of the two encrypted images. Let $cp 1 = ⟨ s 1, t 1 ⟩$ and $cp 2 = ⟨ s 2, t 2 ⟩$ . The addition operation on these two encrypted images is straightforward, which produces the new ciphertext $s 3$ and $t 3$ . The decryption of a new ciphertext $cp 3$ will provide the message bit $msg 3$ , which is the same as $msg 1 + msg 2$ .

The multiplication operation is also performed on the same two encrypted images, which is described as the set of tuples $⟨ e 1, e 2, e 3 ⟩$ and the product of the message is acquired from the product of $⟨ s 1, t 1 ⟩$ and $⟨ s 2, t 2 ⟩$ the respective product equation is denoted in Eq. (14). $\begin{matrix} (14) & \begin{matrix} prd & = (t 1 - ⟨ p 1 s ⟩ \mod 2) . (t 2 - ⟨ p 2 s ⟩ \mod 2) \\ = (t 1, t 2) - [(t 1 . ⟨ p 1 s ⟩) + (t 2 . ⟨ p 2 s ⟩)] + ⟨ p 1 s ⟩ ⟨ p 2 s ⟩ = e_{0} - e_{1} + e_{2} \end{matrix} \end{matrix}$

In the above equation, the term $e_{0}$ represents the integer, $e_{1}$ represents the vector of m dimension, and $e_{2}$ represents the vector of $m^{2}$ dimension. By using the new secret key $S_{i j}$ , the product ciphertext $⟨ e_{1}, e_{2}, e_{3} ⟩$ is decrypted from the secret key s. The decryption procedure is mathematically represented in Eq. (15). $\begin{matrix} (15) & msg = [e_{0} - (e_{1} * s) + (e_{2} * s_{i j})] \mod 2 \end{matrix}$

RLWE-based FHE [ 72 ]: It requires four parameters for construction namely the degree parameter of 2-power m, a prime number b $b \equiv 1 (\mod 2 n)$ for defining the ring ${Rg}_{b} = \frac{Rg}{bRg} = \frac{F_{b} [x]}{(f_{m} (x))}$ for ciphertext space, an integer r with $r < b$ determining the ring ${Rg}_{r} = \frac{(\frac{A}{r A}) [x]}{(f_{m} (x))}$ of the plain text space, and the parameter σ for determining discrete Gaussian distribution $χ = {GD}_{A^{m}, σ}$ .

Key Generation: Consider an element $s \leftarrow χ$ , later sample a uniformly random element $k_{1} \in {Rg}_{b}$ and an error $er \leftarrow χ$ . Set $kl = (k_{0}, k_{1})$ with $k_{0} = - (k_{1} + rer)$ as the public key, and $sl = s$ represents the secret key.

Encryption: The sample $u, f, g \leftarrow χ$ needs to be done from plaintext $msg \in {Rg}_{r}$ and the public key $kl = (k_{0}, k_{1})$ and the computation of the new ciphertext is acquired by Eq. (16). $\begin{matrix} (16) & Enc (msg, kl) = ({cp}_{0}, {cp}_{1}) = (k_{0} u + rg + msg, k_{1} u + rf) \end{matrix}$

In Eq. (16), the term $msg \in {Rg}_{r}$ is considered as an element of ${Rg}_{b}$ in a general process because of $r < b$ . Consider the two ciphertexts as $cp = ({cp}_{0}, \dots, {cp}_{ξ})$ and ${cp}^{'} = ({cp}_{0}^{'}, \dots, {cp}_{η}^{'})$ . By padding with zeros, if required, the homomorphic addition is done by $cp + {cp}^{'} = ({cp}_{0} + {cp}_{0}^{'}, \dots, {cp}_{max (ξ, η)} + {cp}_{max (ξ, η)}^{'})$ . Similarly, the multiplication process is done by $cp * {cp}^{'} = (\hat{c} p_{0}, \dots, c {\hat{p}}_{ξ + η})$ , in which all the $c {\hat{p}}_{i}$ ’s elements are determined by using Eq. (17). $\begin{matrix} (17) & \sum_{i - 0}^{ξ + η} c {\hat{p}}_{i} v^{i} = (\sum_{i - 0}^{ξ} {cp}_{i} v^{i}) . (\sum_{i = o}^{η} {cp}_{j}^{'} b^{j}) \in {Rg}_{b} [v] \end{matrix}$

Decryption: To the ciphertext $cp = ({cp}_{0}, \dots, {cp}_{ξ})$ , the decryption with $sl = s$ is calculated using $dec = (cp, sl) = {[msg]}_{b} (\mod r) \in {Rg}_{r}$ , in which $msg = \sum_{i = 0}^{ξ} {cp}_{i} s^{I} \in {Rg}_{b}$ . The term $dec = (cp, sl) = {[⟨ cp, s ⟩]}_{b} (\mod r)$ can be rewritten for acquiring the secret key vector $s : = (1, s, s^{2}, \dots)$ .

NTRU-based FHE [ 43 ]: It is the only post-quantum public-key encryption, which is appropriate for practical implementation. A brief description of NTRU-based FHE is given below, which consists of “key generation, encryption, decryption, and evaluation”.

Key Generation: Select the decreasing series of prime numbers $b_{0} > b_{1} > \dots b_{c}$ . To acquire the private key, sample $u_{(i)} (x)$ and $g^{(i)} (x)$ , set $f^{(i)} (x) = 2 u^{(i)} (x) + 1$ and the public is produced by $e^{(i)} (x) = 2 g^{(i)} (x) \times f^{(i)} {(x)}^{- 1}$ . Moreover, the evaluation key is attained by $ξ_{τ}^{(i)} (x) = e^{(i)} (x) \times s_{τ}^{(i)} + 2^{(i)} {er}_{τ} (x) = 2^{τ} f^{(i - 1)} (x)$ , in which $i = 0, 1, \dots, c$ and $τ = 0, \dots [{log}_{2} b_{i}]$ . The public key $e (x)$ , when the pair $f (x)$ is the respective system’s private key, and there is an additional evaluation key $ξ_{τ}^{(i)} (x)$ .

Encryption: The message is encoded to binary polynomial $msg (x)$ , and the random samples $s (x)$ and $er (x)$ . The encrypted message is denoted as ${cp}^{(i)} (x) = e^{(i)} (x) \times s^{(i)} (x) = 2 {er}^{(i)} (x) + msg (x) \mod b_{i}$ . Decryption: This decryption of the message is acquired by computing $msg (x) = {cp}^{(i)} (x) \times f^{(i)} (x) \mod a$ .

Evaluation: It is done in the following steps.

${cp}_{1}^{(i)} (x) = enc [{msg}_{1} (x)]$ and ${cp}_{2}^{(i)} (x) = enc [{msg}_{2} (x)]$ . The addition is performed by $enc [{msg}_{1} (x) + {msg}_{2} (x)] = {cp}_{1}^{(x)} + {cp}_{2}^{(i)} (x)$ and the multiplication is done by $enc [{msg}_{1} (x) \times {msg}_{2} (x)] = {[\frac{b_{i} {cp}^{i + 1} (x)}{b_{i - 1}}]}_{2}$ , ${cp}^{(i)} = {cp}_{1}^{(i)} (x) + {cp}_{2}^{(i)} (x)$ , and ${cp}^{(i + 1)} = \sum_{τ} ξ_{τ}^{(i)} {cp}^{(i - 1)} (x)$ .

3. Literature review on fully homomorphic encryption

3.1. Lattice-based fully homomorphic encryption

In 2013, Wang et al. [67] have proffered a novel approach called lattice-based linearly homomorphic signature approach over a binary field for designing an effective post-quantum linearly homomorphic signature model with the pre-image sampling function. By using the homomorphism of the lattice-based hash function employed in the developed signature model, linear homomorphism was attained. It has demonstrated that the developed model has fulfilled private property. Also, the proposed model was compared over the presented linearly homomorphic signature model. Here, the developed model has few benefits concerning computational cost, signature length, and size of the public key.

In 2014, Wang et al. [68] have introduced a novel hard issue named Bi-ISIS12

¹²
Bilateral Inhomogeneous Small Integer Solution.

that has been seen as an advanced version of the small integer solution lattices problem. The major intuition of the proposed model was that instead of selecting a rectangle matrix, a square matrix was selected using less rank for providing Bi-ISIS problems without impacting the hardness of the basic SIS issue. Two novel hardness problems such as decisional and Bi-ISIS problems were introduced based on this new issue. A new lattice-based key exchange protocol was built as a direct application of these issues that were analogous to the traditional Diffie-Hellman key exchange protocol.

In 2016, Singh et al. [62] have distributed decryption servers and a specific threshold count of insiders should cooperate for ciphertext decryption. With the combination of an extra randomized algorithm Tsplit, and threshold public-key encryption was named RTPKE,13

¹³

Resplittable Threshold Public Key Encryption.

which was introduced by Hanakora during the formation of selected ciphertext attack secure proxy re-encryption model. Here, a lattice-based RTPKE model was introduced in the identity-based setting.

3.2. Integer-based fully homomorphic encryption

In 2019, Aung et al. [5] have solved the open issue of designing the FHE model over integers for non-binary plaintexts in for prime Q(Q-FHE-OI) by not having the SSSP14

¹⁴
Sparse Subset Sum Problem.

hardness. In this, the authors have provided an advanced version of the SWHE model over integers for supporting non-binary plaintexts. The advanced version of the SWHE model named bootstrapping algorithm was introduced by implementing many generalization functions in binary arithmetic. For any constant-sized prime without SSSP hardness, the Q-FHE-OI model was acquired in which the bootstrapping model was asymptotically effective when compared over earlier best results.

In 2015, Santos et al. [58] have determined the development of the DGHV15

¹⁵

Dijk, Gentry, Halevi and Vaikuntanathan’s.

model variant implemented using Python and GMPY2 library. This approach was initially introduced in the year 2010 and later modified into two variants that decreased the size of public keys prohibition at the computational power cost. In 2015, Chelon and Stehle [16] have determined a novel AGCD16

¹⁶

Approximate Greatest Common Divisor.

-based FHE that was superior to AGCD-based models. The proposed models security has not relied on the presumed hardness of the so-called Sparse Subset Sum complexity, and the cipher text’s bit length based on the security parameter. In 2010, Dijk et al. [20], have built an easy FHE model with only elementary modular arithmetic. To develop the FHE model from bootstrappable SHE, Gentry’s approach was used. The bootstrappable encryption model employed addition and multiplication over integers rather than ideal lattices over a polynomial ring. To determine an approximate integer GCD, the security has been reduced and provided the integer list, which were the multiples of hidden integer, output that hidden integer.

3.3. LWE-based fully homomorphic encryption

In 2020, Li [39] has constructed two leveled CLFHE17

¹⁷
Certificate Less Fully Homomorphic Encryption.

models with an estimated eigenvector approach developed by Waters, Gentry, and Sahai. Based on the hardness of the LWE issue, the authors have verified that one model has fulfilled the adaptive semantic security and anonymity in the random oracle approach, and the other one fulfilled the two measures in the benchmark approach.

In 2016, Kim et al. [37] have recommended FHE that was an advanced version of cryptography, which has enabled arithmetic operations directly on the encrypted variables by not performing decryption. However, the proposed model provided many new problems, which were not analyzed for traditional controllers. In many scenarios, an encrypted variable has a limited lifetime, which is reduced as an arithmetic operation that was performed on it. The solution given by the proposed model was to run many controllers and orchestrate them sequentially. Thus, the efficiency of the developed model was demonstrated by considering an example of a quadruple water tank.

In 2019, Song et al. [63] have used the concept of packed ciphertexts for building a multi-bit FHE using a short public key based on the LWE problem. Especially, the proposed FHE model was constructed on the fundamental encryption model, which selected the samples of LWE from the Gaussian distribution, and the error of Gaussian was added to it. It resulted in reducing the count of LWE samples. The authors have confirmed that the proposed FHE model’s security was based on the hardness of the LWE problem and it was feasible. Moreover, a key switching procedure was formed for multi-bit FHE based on the concepts used by Brakerski for the key switching optimization process.

In 2019, Cheon et al. [14] have suggested a novel hybrid of dual and MITM18

¹⁸

Meet-In-The Middle.

attack that enhanced the modified variant on the similar LWE parameter regime. For NTRU, the MITM attack was used because of Odlyzko to LWE and provided continuous analysis to it. The performance of the proposed attack relied on the error size and modulus, thus it worked well for vast error to the huge LWE samples of modulus. Further, a sage module was implemented for analyzing the complexity of the attack of the proposed model based on the LWE-estimator, which has shown significant performance for the LWE parameter of FHE.

In 2016, Ding et al. [21] have developed an approach named non-matrix key switching that consisted of pure key switching and key switching re-linearization. The removal of compound matrix operations of the traditional key switching approaches was done. This key switching approach was merged with modulus switching for constructing a leveled FHE model with bootstrapping from LWE. The proposed model provided complete door operation for making the structure of the circuit layer very clear. To upgrade the arithmetic circuit to any layer, bootstrapping was used, and made the computing ability of the proposed model efficient.

3.4. RLWE-based fully homomorphic encryption

In 2015, Lu et al. [44] have developed encryption related to all the data of phenotype and genotype. FHE model was used for permitting the cloud for performing meaningful calculations for the encrypted data. From the frequency table, for Genome-Wide Association Study (GWAS), the analysis of typical statistics was done. The solution of the proposed model analyzed the frequency tables by considering both clinical and encrypted genomic data as input data. To assess these frequency tables effectively, a packing technique was introduced. Here, chi-square testing and linkage disequilibrium were considered as examples and revealed the idea of how to perform these algorithms effectively and securely in the setting of outsourcing. For secure calculations of GWAS, cryptographic solutions were based on FHE.

In 2015, Chen et al. [10] have utilized FFT19

¹⁹
Fast Fourier Transform.

with a linearithmic complexity of

O (N log N)

during the high-speed polynomial multiplier designing. To simplify the control of the structure, a constant geometry FFT datapath was employed in the calculation. The aim of the proposed work was three-fold. For ring-LWE encryption, parameter sets that supported both an efficient modular reduction structure and the security requirements and SWHE were provided. Later, for acquiring a high-speed polynomial multiplier, the structure of versatile pipelined assisted with an enhanced dataflow was introduced. The outcomes have revealed that the developed model produced the best speed when compared to conventional algorithms.

In 2014, Zhang et al. [73] have introduced an efficient FHE from the assumption of RLWE without employing the bootstrapping, and standard squashing models of Gentry. For enhancing the earlier FHE model of Brakerski, the proposed FHE model was used. For decreasing the ciphertext length, the re-linearization approach was used, whereas for maintaining the noise level and reduce the decryption complexity by not developing the extra assumptions, the modulus reduction approach was employed. Further, the proposed FHE was extended to TFHE20

²⁰

Threshold FHE.

using the properties of key-homomorphic that permitted the parties for cooperatively decrypting the ciphertext by not learning anything except the plaintext.

In 2019, Agarkar and Agrawal [2] have attempted for addressing the problems of privacy and security at the prosumer side of the smart grid network. The proposed model was distinct from the earlier contributions in two approaches. A lightweight encryption-based privacy preservation model named LRSPPP21

²¹

Lightweight R-LWE-based Secure and Privacy-Preserving Scheme for Prosumer side network.

was introduced. A new messaging model was determined in LRSPPP that effectively minimizes the count of messages, therefore, making it lightweight. Later, the developed privacy preservation model has employed RLWE lattice cryptography. There was no proof of RLWE-based encryption for prosumer’s privacy protection in the smart grid. The analysis of performance and security has revealed that LRSPPP was outperformed over three conventional models.

In 2019, Jin et al. [33] have designed a new model called RLWE-based HE communication protocol for user authentication and in a cloud computing-based IoT convergence environment, message management is done. A performance evaluation was performed on communication protocol in the conventional IoT environment and the developed communication protocol for ensuring security and safety. The research has verified security and safety by doing a performance evaluation of the present IoT environment and the suggested communication protocol. The research has performed on developed communication protocol’s decoding for verifying that it offered robust security and an equivalent level of effectiveness. Moreover, the communication protocol was designed for a safe communication structure to the user’s data transfer.

In 2017, Jiang et al. [32] have considered two aspects. Initially, a scheme has been shown for representing the testing and training data to perform statistical learning. The developed model initially transferred the data into integers and then encoded them into polynomial thus the decryption, homomorphic operation, and encryption was done effectively. The parameters of FHE was selected from RLWE for reaching the needs of efficiency. The user has to upload the encrypted information to the cloud server, later the server trained and tested the encrypted data that returned the predicted and evaluation outcomes to the user. Further, a comparison model was introduced on the encrypted data that have security on the known plaintext and ciphertext attack.

3.5. NTRU-based fully homomorphic encryption

In 2020, Che et al. [9] have suggested an NTRU-type MKFHE22

²²
Multi-Key Fully Homomorphic Encryption.

model over prime cyclotomic rings without key switching that can repel the subfield attack and reduce the error rapidly at the time of evaluation procedure. Initially, a complete analysis of the factors impacting the error while the homomorphic analysis was given in the LTV12 model, which was done based on the assumptions of DSPR23

²³

Decisional Small Polynomial Ratio.

and RLWE over prime cyclotomic rings. Later, a technique named LBD&DEC24

²⁴

Low Bit Discarded & Dimension Expansion of Ciphertexts.

was introduced and the basic structure of homomorphic multiplication decryption related to NTRU was developed that can remove the key-switching modulus reduction approaches. By using modulus-reduction and LBD &DEC techniques, a leveled NTRU-type MKFHE model was developed. The results have revealed that the developed model decreased the error magnitude rapidly and minimized the ciphertext dimension.

3.6. Other fully homomorphic encryption algorithm

In 2017, Chenet al. [13] have constructed QPC-PKC SWHE25

²⁵
Quadratic Parameters With Correction-Public Key Compression Somewhat Homomorphic Encryption.

based on the construction methods of SWHE and the parameter constraints were introduced. The exactness and semantical security of the developed QPC-PKC SWHE model were then verified based on the error-free accurate assumption of GCD. At last, the performance of the developed model was evaluated during the sizes of the public key, and the running times of the proposed model were assessed experimentally. The outcomes have shown that the size of the public key was decreased when compared to conventional models, and the efficiency of the developed model was enhanced.

In 2016, et al. [7] have developed two architectures of optimized multiplier for a huge integer multiplication process. The first structure was the low-latency hardware of an integer- FFT multiplier. Next, for creating the new hardware design for huge integer multiplication in integer-based FHE models, LHW26

²⁶

Low Hamming Weight.

parameters were applied. Both the structures were developed, analyzed, and compared over the Xilinx Virtex-7 FPGA platform. Furthermore, both the developed improvements were used for assessing the vast multiplication during the encryption of FHE over integers. The analysis has shown quick improvement on low-latency structure when compared to the actual integer-based FHE implementations.

In 2018, Gai and Qiu [24] have concentrated on blend arithmetic operations issues over real numbers and a new solution called tensor-based FHE was introduced. To perform blend arithmetic operations over real numbers, the developed model named FHE was employed the laws of a tensor. For revealing the usage of the developed model, both experimental analysis and theoretical proofs were provided.

In 2014, Yang et al. [71] have offered a novel targeted FHE based on the problem of the discrete logarithm. To examine the homomorphic encryption, public-key encryption cryptosystems were categorized. A new technique named “Double Decryption Algorithm” was used in the proposed model for fulfilling the fully or targeted the properties of FHE without using the models introduced by Brakerski like the relinearization model, and the other models developed by Gentry namely somewhat homomorphic and bootstrapping models. The proposed model was inspired by the BGN27

²⁷

Boneh, Goh, and Nissim.

and ElGamal cryptography, the desired property of FHE were acquired by choosing the novel set and added an extra component to the ciphertext. Moreover, semantic security proof was also determined.

In 2019, Rahaman et al. [56] have recommended the selection of a privacy-preserving service framework for cloud-based service models. A cloud provider selected the best service from the services set based on QoS28

²⁸

Quality-of-Service.

information in the cloud-based service model. In the service provider’s view, the QoS information related to services was sensitive. The process of service selection in the cloud was biased. During a service procurement process, a service provider may pay a deceptive cloud provider employee for taking undue advantage. Thus, it was significant for executing the works of service selection by maintaining QoS information privately. To guarantee security, and service, the MapReduce model was introduced for performing parallel execution. Several experiments were performed for assessing the performance of the suggested model.

In 2020, Alabdulatif et al. [3] have developed a novel framework named privacy-preserving distributed analytics for big data in the cloud. FHE was employed as prominent and powerful cryptography, which can perform analysis works on encrypted data. To split both analysis and data computations into subset cloud computing nodes, which can run independently, the proposed distributed model has scalability. During the high-level analysis preservation accuracy, the proposed model quickly accelerated the encrypted data processing performance. The results have demonstrated that the suggested approach has high efficiency in terms of both accuracy and performance analysis.

In 2015, Chen et al. [12] have kept based forwarded the leveled FHE model RLWE for improving the efficiency of FHE in the future by constantly applying both batches approaches accessible. The proposed model thus permitted several plaintext values that were double packing into each ciphertext for supporting single-instruction-multiple-data-type operations that decreased the ciphertext expansion ratio efficiently. To attain arbitrary homomorphic permutation operations, an efficient evolutionary method was introduced on a packed ciphertext and also provided using multiple given key-switching hints. In 2016, Sun et al. [65] have introduced a leveled FHE based on RLWE by the approximate eigenvector approach under the similar public key that the security was decreased to the shortest vector issue on the ideal lattices in the worst scenario. By the secret key switching, the leveled FHE under discrete public keys was realized without reducing the dimension. The public of the leveled FHE was combined with the identity, and an effective identity-based leveled FHE model was put forward from the assumptions of RLWE. The analysis has shown that the proposed identity-based leveled FHE was outperformed over plaintext attacks.

In 2016, Gupta and Pal [19] have suggested the symmetric FHE model based on polynomial over integer rings, which was termed as SWHE because of noise accumulation after some operations that were made FHE with the process of a refresh. For proper decryption, large ciphertexts were refreshed and this was done after a specific amount of homomorphic operations. Based on the complexity of large integer factorization, the hardness of the model was dependent. Moreover, it was needed polynomial addition that was computationally expensive. The test outcomes were revealed for supporting the proposed claim. In 2019, Mainardi et al. [48] have offered an attack over the primitives of FHE, in which a distinguisher to a single plaintext value was present. Two noise-free homomorphic encryption models that hold the property and offered the complete process of the attack over them. The efficiency and performance of the proposed attacks have validated the implementations of red the prototype of the mentioned models, and recommended a counter metric adapted to the models at hand.

In 2015, Hayward and Chiang [30] have offered processing dispatcher implementation that considered a set of operations iteratively performed on FHE encrypted data and divided them among the count of processing engines. A private cloud was developed for helping the processing engines and by using engines, the processing time was measured. The time employed for transferring the data and the time taken for doing the computations using these four levels of parallelization were given. Moreover, the time taken for computation servers spent in each of the operations such as subtraction, division, addition, and multiplication were deployed. By performing parallel processing, the time taken for the analysis was given. The results have revealed that the developed model enhanced its performance over the computations performed on a single node.

In 2018, Xu et al. [70] have introduced fully DFHMT29

²⁹

Dynamic Fully Homomorphic encryption-based Merkle Tree.

construction that can validate an unlimited count of data elements and enhanced when compared over the existing one concerning the computational overhead. The algorithms of DFHMT was split into initialization, tree expansion, verification, query, and insertion, which eliminated the disadvantages of static FHMT. The performance of DFHMT was contrasted over existing approaches of SADS30

³⁰

Streaming Authenticated Data Structures.

using few experiments. The outcomes have demonstrated that DFHMT outperformed SADS models.

In 2017, Harris et al. [28] have considered symmetric models and concentrated on MORE31

³¹

Matrix Operation for Randomization and Encryption.

technique for constructing a novel approach to overcome the conflicts of MORE. The developed model was given in brief and assessed. The outputs have revealed that the developed model prevented robust attacks without degrading the performance of the system regarding energy usage and latency.

In 2016, Cheon et al. [15] have suggested and evaluated the approximate polynomial common divisor issue that was viewed as a polynomial analogue for the approximate integer common divisor issue. Extensive cryptanalysis was performed as it was new, and it was done by applying discrete known attacks over the structurally same issues. A small root-finding approach was introduced to the multivariate modular equation model and implemented to the developed issue. These evaluations confirmed that the developed issue was complex with suitable parameters.

In 2012, Kaosar et al. [36] have been introduced privacy-preserving data mining algorithms for acquiring the best result during privacy maintenance. To partition the datasets horizontally, both party ARM32

³²

privacy-preserving Association rule mining.

was used and these two parties were necessitated for comparing their count of an item set in a secured manner. A secure comparison approach was introduced using the FHE model, which offer a similar security level to the Yao based solution, but provided the best efficiency because of resources reusage.

In 2014, Doroz et al. [22] have presented the complete analysis of a huge multiplication model in custom hardware. A new architecture was designed for realizing a million-bit multiplication model based on the Schonhage-Strassen algorithm. By using NTT,33

³³

Number Theoretical Transform.

the proposed model was constructed, which made the use of the architecture of innovative cache along with the processing elements customized for matching the access patterns and computation of NTT-based recursive multiplication technique. In 2019, Li et al. [40] have recommended an improved ciphertext retrieval approach based on FHE for ensuring the privacy of the user and the data integrity when the ciphertext retrieval was in an untrusted cloud environment. The proposed model can encrypt two bits at a time and, enhance the retrieval efficiency. Also, it has less keyspace and decreased storage space. In the meantime, the property of the homomorphic model was given in brief. The results have proven that the developed model was characterized by enhancing efficiency, security, and less expensive.

In 2019, Rajan et al. [57] have introduced a dynamic multi keyword-based search algorithm, which included improved FHE and prims algorithm. Keywords were sorted and constructed searchable index for both files and keywords based on keyword frequency present in the document. By using prim’s algorithm, the dynamic tree was constructed based on file and keyword. With the help of two way Hash table for effective search and document retrieval, the encrypted files in the tree were indexed to keywords. By using modified ring-based FHE, the files were encrypted. The test outcomes have shown that the developed model provided the throughput encryption and decryption that taken less indexing time for the files index.

In 2019, Min et al. [52] have offered a parallel FHE algorithm, which helped floating-point numbers. The developed model not only improved the supported data types with the conventional FHE algorithms but also employed the multi-node features in the cloud environment for performing parallel encryption by performing the ciphertext computation groupwise. The outcomes have revealed that the developed encryption model attained maximum speed with high efficiency.

In 2018, Chen et al. [11] have employed multi-bit plaintext space using fixed-point number encoding. Later, by scaling the fixed-point arithmetic, the bootstrapping algorithm was merged with FHE. For decreasing the plaintext at the time of training, a 1-bit gradient descent approach was employed, whereas, for sigmoid function, a minimax polynomial approximation was utilized. In 2017, Sun et al. [66] have introduced a usual structure of the mobile healthcare network and determined three typical secure medical calculations that consisted of the average heart rate, chi-square tests, and long QT syndrome detection. FHE was leverage for attaining calculations on ciphertext and to encrypt the healthcare sector information. To compute the aforementioned three medical data, an effective Downlin’s FHE model was used. In the proposed model, only one ciphertext was returned to the receiver, thus homomorphic decryption was required only once. Initially, chi-square tests were done using homomorphic additions and multiplications that were employed for knowing whether varicose veins were related to overweight or not.

In 2013, Liang [41] have constructed a the symmetric QFHE34

³⁴

Quantum FHE.

based on QOTP,35

³⁵

Quantum One-Time Period.

in which the evaluation process relied on a secret key. The proposed model permitted any unitary transformation on any n-qubit state, which has been encrypted. The proposed model was compared over traditional homomorphic encryption and it has confirmed that it has perfect security. Therefore, a QOTP-based symmetric QHE model was built, in which the evaluate model was independent of the secret key.

In 2020, Harris et al. [29] have considered HE for processing over encrypted information for attaining the privacy of the user. Later, a solution was presented, which offered more security to the symmetric HE algorithms. The solution implemented the primitives of dynamic architecture and diffusion, which improved the traditional symmetric HE models to overcome the disadvantages. Based on polynomial computations, Domingo Ferrer was the famous symmetric HE model simultaneously suffered from few risks and particularly sensitive to known plaintext attacks.

In 2017, Krishna et al. [38] have developed a new method for Asymmetric mode encrypting data. To generate a field with more prime numbers, a generator matrix was employed. The ternary vector, generator matrix, and prime number were employed as global variables, which were utilized for computing the subkeys and public key. A digital signature model was introduced by the private key and global variables that supported the feature such as user authenticity. In homomorphic encryption, this method was employed in which the calculations were performed on ciphertext and produced an encrypted result during decryption that matched the outcome of operations done on the plaintext.

In 2015, Liang [42] have suggested the QFHE model that allowed the transformation of arbitrary quantum on any encrypted information. This model has been confirmed as the perfect one for security. The decryption key was discrete from the encryption key in the developed model. However, this encryption was not shown. The evaluation algorithm was unique to the encryption key, thus the proposed model was appropriate in computing among two parties.

In 2020, Amuthan and Sendhil [4] have introduced HGSW-DM-FHE36

³⁶

Hybrid Gentry, Sahai, and Waters and DM-based FHE.

to hold attacks in fog computing namely false data injection. From other appliances, as the data aggregation process was not impacted when the appliance fails, the developed HGSW-DM-FHE model was extremely fault-tolerant. Thus, the suggested model was defined as the efficient and secured approach when compared to other models. In 2019, Kanna and Vasudevan [35] have intended to introduce a new approach called privacy preservation by developing the FH-ECC37

³⁷

Fully Homomorphic-Elliptic Curve Cryptography.

algorithm. By converting the original data into the format of ciphertext using the ECC algorithm, the data owner was encrypted, and applied FH operations on the encrypted data prior to maintaining the data in the cloud. The access control rules of the user are verified by the cloud service provider when the user sends the data request to the cloud, it should allow the data. The encrypted data was given to the user when the access policy was verified from that the ciphertext was taken out. To generate the actual text, ECC decryption and FH operations were applied.

In 2019, Prema [55] have enhanced node privacy in vehicular networks by having decreased communication overhead. Homomorphic encryption with pseudonym was employed in VANETs38

³⁸

Vehicular Ad Hoc Network.

for performing the messages, which represented for altering with the desired frequency. Both the logical and physical address represented variation over time, and the pseudonym changed frequently with vehicle mobility. The vehicle information associated with its speed and location was made known globally in the network. However, the data was particular to the message, and the vehicle transferred to the network was unknown. By using the developed FHE model, the message was encrypted for enhancing security and decreased overhead. Moreover, the computations were also considered thus any one of the pseudonyms didn’t match with the remaining pseudonyms and made the attacker inefficient for tracking the vehicle information. The analysis of the developed FHE was outperformed than the Paillier cryptosystem.

Fig. 2.

Chronological review of fully homomorphic encryption.

4. Analysis of diverse fully homomorphic encryption models

4.1. Chronological review

The complete review of discrete algorithms based on FHE is graphically represented in Fig. 2. In the year 2020, the different contributions of FHE are 11.3%. The contributions in the year 2019 seem to be 27.2% for FHE-based algorithms. FHE-based algorithms contributed in the year 2018 is 6.8%. Here, it has been observed that the contribution of various FHE-based algorithms in the year 2017 is 13.6%. Moreover, the contribution in the year 2016 is found to be 15.9% for effective FHE-based algorithms. In the year 2015, and 2014, the contributions of FHE-based algorithms is 9%. The contributions of FHE-based algorithms in the year 2013 is 6.8%. The classification of FHE-based algorithms that are contributed in the year 2012 is 6.8%. Thus, it is seen that the contributions of various FHE-based algorithms in the year 2019 are seemed to be more and the contributions in the year 2012 is seemed to be less and more researches need to be implemented in the upcoming years.

4.2. Algorithmic classification and its improvements

The categorization of FHE-based algorithms is shown in Fig. 3, in which different types of methods are used. FHE-based algorithms such as “lattice-based FHE, integer-based FHE, LWE-based FHE, RLWE-based FHE, and NTRU-based FHE” algorithms are commonly used. Some of the lattice-based algorithms are the lattice-based linearly homomorphic structure, lattice-based key extension protocol, and RTPKE. MKFHE algorithm comes under NTRU-based FHE. In RLWE, the algorithms such as GWAS39

³⁹
Genome-Wide Association Studies.

protocol, RLWE (FFT), RLWE (TFHE), LRSPPP, RL-based HE, and RLWE-based statistical learning is contributed. Therefore, for FHE in the cloud sector, several enhanced algorithms are needed to be enhanced.

Fig. 3.

Diagrammatic representation of fully homomorphic encryption-based algorithms.

4.3. Implementation platforms

In Fig. 4, the diagrammatic representation of various environments employed for FHE-based algorithms in the cloud sector is depicted. From the pie chart, the MATLAB is used in 31% of the earlier contribution to implementing FHE.In the earlier contributions, the environment called C programming language is used in 23% of the researches. Moreover, the environment used in earlier researches is 15% for FHE in the cloud sector. The other languages like “Java, Python, Spartan-6, and Google Cloud Platform (GCP)” are used for classifying FHE-based algorithms. From the analysis, MATLAB is frequently employed for executing FHE in the past researches when compared to other platforms.

Fig. 4.

Pie chart representation of platforms used for FHE-based algorithms.

4.4. Performance measures

In Table 1, the analysis of performance metrics for FHE-based algorithms is tabulated. Here, the evaluation metrics like “latency, execution time, encryption time, computational cost, and decryption time” are majorly utilized in past researches. The measures which are used at rare are mentioned in the miscellaneous tab. The accuracy is taken in 6.6% of the earlier contributions. The execution time is considered in 51.1% of the earlier researches. Moreover, the encryption time is taken into consideration by 8.8%, whereas decryption time is considered in 6.6% of the earlier research works. The computational time is taken in 4.4% of the past researches of FHE. Hence, it seems that execution time is considered in several research works earlier and it can analyze the efficiency of the FHE-based algorithm.

Table 1
Analysis of performance metrics concerned for fully homomorphic encryption in the cloud sector

Citations Latency Execution time Computational cost Encryption time Decryption time Miscellaneous

[13] - - - - - Public key size, and runtime performance

[39] - - - - - -

[9] - - - - - Correctness and security

[7] ✓ ✓ - - - Hamming weight

[24] - ✓ - - - Error Magnitude and Error

[71] - - - - - -

[37] - ✓ - - - -

[56] - ✓ - - - -

[3] - - - - - True Positive Rate (TPR), True Negative Rate (TNR) and F-score

[44] - ✓ - - - -

[67] - - - - - -

[68] - - - - - Storage, extension, and shared key

[62] - - - - - Ciphertext size and public key size

[63] - - - - - -

[14] - ✓ - - - -

[21] - - - - - -

[12] - - - - - -

[10] ✓ - - - - Length of polynomial, hamming weight, LUT, slice, BRAM, cycles, period

[73] - - - - - Magnitude of noise, and ciphertext size

[65] - ✓ - - - -

[72] - ✓ - - - Performance of secure hamming, size increase rate, and Response

[19] - - - - - -

[2] - ✓ - - - PCC, CG, and Prosumer

[33] - ✓ - - - Speed

[48] - ✓ - - - Average speed up, and parallel portion

[5] - ✓ - - - Depth, and space

[30] - ✓ - - - -

[70] - ✓ - - - time of inserting, and time of verification

[28] ✓ ✓ - - - Storage overhead and energy consumption

[15] - ✓ - - - -

[36] - ✓ - ✓ ✓ -

[22] - - - - - Total cycles and time area

[40] - ✓ - - - Efficiency

[57] - - - ✓ ✓ Throughput

[32] - ✓ - - - -

[52] - - - ✓ - Speed up rate

[11] - ✓ - - - -

[66] - ✓ - - - -

[41] - - - - - -

[29] - ✓ - - - -

[38] - - - - - -

[42] - - - - - -

[4] - - ✓ - - Communication overhead

[35] - ✓ - ✓ ✓ -

[55] - - ✓ - - -

[58] - ✓ - - - -

[16] - - - - - Encryption noise and addition noise

[20] - - - - - -

Citations	Latency	Execution time	Computational cost	Encryption time	Decryption time	Miscellaneous
[13]	-	-	-	-	-	Public key size, and runtime performance
[39]	-	-	-	-	-	-
[9]	-	-	-	-	-	Correctness and security
[7]	✓	✓	-	-	-	Hamming weight
[24]	-	✓	-	-	-	Error Magnitude and Error
[71]	-	-	-	-	-	-
[37]	-	✓	-	-	-	-
[56]	-	✓	-	-	-	-
[3]	-	-	-	-	-	True Positive Rate (TPR), True Negative Rate (TNR) and F-score
[44]	-	✓	-	-	-	-
[67]	-	-	-	-	-	-
[68]	-	-	-	-	-	Storage, extension, and shared key
[62]	-	-	-	-	-	Ciphertext size and public key size
[63]	-	-	-	-	-	-
[14]	-	✓	-	-	-	-
[21]	-	-	-	-	-	-
[12]	-	-	-	-	-	-
[10]	✓	-	-	-	-	Length of polynomial, hamming weight, LUT, slice, BRAM, cycles, period
[73]	-	-	-	-	-	Magnitude of noise, and ciphertext size
[65]	-	✓	-	-	-	-
[72]	-	✓	-	-	-	Performance of secure hamming, size increase rate, and Response
[19]	-	-	-	-	-	-
[2]	-	✓	-	-	-	PCC, CG, and Prosumer
[33]	-	✓	-	-	-	Speed
[48]	-	✓	-	-	-	Average speed up, and parallel portion
[5]	-	✓	-	-	-	Depth, and space
[30]	-	✓	-	-	-	-
[70]	-	✓	-	-	-	time of inserting, and time of verification
[28]	✓	✓	-	-	-	Storage overhead and energy consumption
[15]	-	✓	-	-	-	-
[36]	-	✓	-	✓	✓	-
[22]	-	-	-	-	-	Total cycles and time area
[40]	-	✓	-	-	-	Efficiency
[57]	-	-	-	✓	✓	Throughput
[32]	-	✓	-	-	-	-
[52]	-	-	-	✓	-	Speed up rate
[11]	-	✓	-	-	-	-
[66]	-	✓	-	-	-	-
[41]	-	-	-	-	-	-
[29]	-	✓	-	-	-	-
[38]	-	-	-	-	-	-
[42]	-	-	-	-	-	-
[4]	-	-	✓	-	-	Communication overhead
[35]	-	✓	-	✓	✓	-
[55]	-	-	✓	-	-	-
[58]	-	✓	-	-	-	-
[16]	-	-	-	-	-	Encryption noise and addition noise
[20]	-	-	-	-	-	-

5. Research gaps and challenges

In the latest cryptography system, FHE is considered as one of the holy grails [6]. For security and privacy issues in cloud services, it is extremely expected to be a golden key. During the implementation of FHE, there is a major confront, which is that several contributions have employed theoretical notions and those concepts don’t work in reality. Another challenge in this field is the implementation of the bootstrapping procedure. This bootstrapping process has been released by IBM 3 years later after completing the implementation, which is not a trivial activity. By Ducas and Chillotti [17,23], the remaining applications related to bootstrapping are performed, which has implemented bootstrapping only when only one gate is considered for a particular scenario. To model the functions, secure parameters have been used and this makes testing and running complex. For the keys, gigabyte magnitude is required [23]. Some of the existing FHE challenges are mentioned below.

Efficiency: RSA, ElGamal, Paillier are the PHE algorithms, which are efficient and secured in real-time applications. However, these models have some restrictions as most of them support only one operation type, thus these models can be used in real-time applications that will have more restrictions, and many applications need the performance of more than one operation. Therefore, these models have to be employed with the combination of HE algorithms for attaining the needs of the application [50]. Data has been encrypted during the data transmission, in terms of cloud service approaches such as PaaS40

⁴⁰
Platform as a Services.

and SaaS.41

⁴¹

Software as a Service.

For ensuring the security of applications and data specific services, the HE approach is efficient. When considering the IaaS,42

⁴²

Infrastructure as a Service.

particularly VM,43

⁴³

Virtual Machine.

it is probable for file encryption models using APIs44

⁴⁴

Application Program Interfaces.

merged with an operating system or employed solutions such as SafeNet ProtectV. In the cloud with HE, the authors are far from being running the HE on VMs as it is needed a secret key for transferring in the provided time.

Robustness: Based on the encryption key’s size, the strength of the HE models is defined. For instance, in the RSA cryptosystem, the public key’s size should be more than 1024 bits [46]. However, the employment of a vast size public key will make the system quite slow for reality usage.

Delay: The selection of a large public key ensures the HE system’s robustness. Consequently, this selection will impact the ciphertext size, data processing time, and encryption and decryption time. To evaluate the HE model’s speed, the following assumptions must be considered. The encryption key’s size will affect the encrypted message’s size and encryption time. Based on the encrypted message’s size, the application delay of the processing server is attained. The time of decryption is based on the private key’s size and the encrypted text’s size transferred by the cloud provider.

Generally, the selection of SWHE and FHE is done based on the application, which is required for encrypting homomorphically. There is no doubt about the significance of the FHE-based model, but the confront is that by not doing any modification, these cryptosystems are not so realistic. For instance, the language of the main function used for encryption and decryption, type of plaintext, mathematical operations employed, key size, and size of the text used for encryption. It is quite significant to consider the realistic implementation even these various operations and parameters are used for implementation. Moreover, it should not be forgotten that this compound approach has first relied on SWHE. Thus, a new model needs to be introduced, which should be initially based on the SWHE model. However, there are no issues in the practical implementation of the SWHE model, which doesn’t mean that SWHE is easy when compared to FHE as the developed cryptosystems must ensure some confidentiality, security level, and data integrity. This also remains unchanged for revealing all the conventional attacks over SWHE or FHE models and also for recognizing the attack types. The basic problems can be recognized by the researchers underlying the traditional method’s security like ElGamal and RSA encryption models. The encryption of messages using the FHE scheme may result to suffer from hacking by unauthorized users. This problem is the key subject to another very attractive research area called the encrypted key generation process. It paves the way to promote more security in the cloud sector through the general data sanitization and restoration process. This key-encryption process is hard to achieve in reasonable implementation as it secures the overall data with an encrypted key by a new enhanced algorithm under FHE.

FV-NFLlib [20] is a software library implementing a homomorphic encryption scheme (HE). FV-NFLlib implements the FV45

⁴⁵

Fan-Vercauteren.

scheme, and is based on the NFLlib C++ library dedicated to ideal lattice cryptography. The limitation of FV is that the operations are not easily parallelizable, and the multiplicative depth is large. The data blocks in the blockchain are saved in every node in the form of a file system. Homomorphic encryption is a method that computes encrypted data. It gets the same result from the computation of the original data, and it uses proxy re-encryption technology to protect the selected ciphertext from being attacked.

6. Conclusion

The present paper has introduced a literature survey of various contributions published in FHE. The evaluation was majorly concentrated on various classifications of FHE models. The classification of FHE such as multiplicative HE, XOR HE, and additive HE was focused and reviewed. By using various methods in FHE such as Lattice-based FHE, integer-based FHE, LWE-based FHE, RLWE-based FHE, and NTRU-based FHE, the contributions were discussed. In addition to this, the performance measures concentrated on diverse contributions were analyzed. Further, the analysis of various platforms that were used for implementing FHE was discussed. Finally, the research gaps and challenges of FHE were given that helps to introduce the best method of FHE for the cloud sector.

References

Abdallah and

X.S.

Shen, A lightweight lattice-based homomorphic privacy-preserving data aggregation scheme for smart grid, IEEE Transactions on Smart Grid 9(1) (2018), 396–405. doi:10.1109/TSG.2016.2553647.

A.A.

Agarkar and

Agrawal, LRSPPP: Lightweight R-LWE-based secure and privacy-preserving scheme for prosumer side network in smart grid, Heliyon 5(3) (2019).

Alabdulatif,

Khalil and

Yi, Towards secure big data analytic for cloud-enabled applications with fully homomorphic encryption, Journal of Parallel and Distributed Computing 137 (2020), 192–204. doi:10.1016/j.jpdc.2019.10.008.

Amuthan and

Sendhil, Hybrid GSW and DM based fully homomorphic encryption scheme for handling false data injection attacks under privacy preserving data aggregation in fog computing, Journal of Ambient Intelligence and Humanized Computing (2020).

K.M.M.

Aung,

H.T.

Lee,

B.H.M.

Tana and

Wang, Fully homomorphic encryption over the integers for non-binary plaintexts without the sparse subset sum problem, Theoretical Computer Science 771 (2019), 49–70. doi:10.1016/j.tcs.2018.11.014.

Brakerski and

Vaikuntanathan, Fully homomorphic encryption from ring-LWE and security for key dependent messages, in: Annual Cryptology Conference CRYPTO 2011: Advances in Cryptology – CRYPTO 2011, 2011, pp. 505–524. doi:10.1007/978-3-642-22792-9_29.

Cao,

Moore,

O’Neill,

O’Sullivan and

Hanley, Optimised multiplication architectures for accelerating fully homomorphic encryption, IEEE Transactions on Computers 65(9) (2016), 2794–2806. doi:10.1109/TC.2015.2498606.

Challa,

VijayaKumari and

Sunny, Secure image processing using LWE based homomorphic encryption, in: 2015 IEEE International Conference on Electrical, Computer and Communication Technologies (ICECCT), Coimbatore, 2015, pp. 1–6.

Che,

Zhou,

Li,

Zhou,

Chen and

Yang, Modified multi-key fully homomorphic encryption based on NTRU cryptosystem without key-switching, Tsinghua Science and Technology 25(5) (2020), 564–578. doi:10.26599/TST.2019.9010076.

10.

D.D.

Chen

et al., High-speed polynomial multiplication architecture for ring-LWE and SHE cryptosystems, IEEE Transactions on Circuits and Systems I: Regular Papers 62(1) (2015), 157–166. doi:10.1109/TCSI.2014.2350431.

11.

Chen,

Gilad-Bachrach,

Han,

Huang,

Jalali,

Laine and

Lauter, Logistic regression over encrypted data from fully homomorphic encryption, BMC Medical Genomics (2018), 11.

12.

Chen,

Hu and

Lian, Double batch for RLWE-based leveled fully homomorphic encryption, Chinese Journal of Electronics 24(3) (2015), 661–666. doi:10.1049/cje.2015.07.038.

13.

Chen,

Lim and

Fan, A public key compression scheme for fully homomorphic encryption based on quadratic parameters with correction, IEEE Access 5 (2017), 17692–17700. doi:10.1109/ACCESS.2017.2749419.

14.

J.H.

Cheon,

Hhan,

Hong and

Son, A hybrid of dual and meet-in-the-middle attack on sparse and ternary secret LWE, IEEE Access 7 (2019), 89497–89506. doi:10.1109/ACCESS.2019.2925425.

15.

J.H.

Cheon,

Hong,

M.S.

Lee and

Ryu, The polynomial approximate common divisor problem and its application to the fully homomorphic encryption, Information Sciences 326 (2016), 41–58. doi:10.1016/j.ins.2015.07.021.

16.

J.H.

Cheon and

Stehlé , Fully homomophic encryption over the integers revisited, in: Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2015, pp. 513–536.

17.

Chillotti,

Gama,

Georgieva and

Izabachène, Faster fully homomorphic encryption: Bootstrapping in less than 0.1 seconds, in: International Conference on the Theory and Application of Cryptology and Information Security, 2016, pp. 3–33.

18.

J.-S.

Coron,

Mandal,

Naccache and

Tibouchi, Fully homomorphic encryption over the integers with shorter public keys, in: Annual Cryptology Conference CRYPTO 2011: Advances in Cryptology – CRYPTO 2011, 2011, pp. 487–504. doi:10.1007/978-3-642-22792-9_28.

19.

Dasgupta and

S.K.

Pal, Design of a polynomial ring based symmetric homomorphic encryption scheme, Perspectives in Science 8 (2016), 692–695. doi:10.1016/j.pisc.2016.06.061.

20.

Dijk,

Gentry,

Halevi and

Vaikuntanathan, Fully homomorphic encryption over the integers, in: Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2010, pp. 24–43.

21.

Ding,

Li,

Lü and

Li, A novel fully homomorphic encryption scheme based on LWE, Wuhan University Journal of Natural Sciences 21 (2016), 84–92. doi:10.1007/s11859-016-1142-0.

22.

Doröz,

Öztürk and

Sunar, A million-bit multiplier architecture for fully homomorphic encryption, Microprocessors and Microsystems 38(8) (2014), 766–775. doi:10.1016/j.micpro.2014.06.003.

23.

Ducas and

Micciancio, FHEW: Bootstrapping homomorphic encryption in less than a second, in: Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2015, pp. 617–640.

24.

Gai and

Qiu, Blend arithmetic operations on tensor-based fully homomorphic encryption over real numbers, IEEE Transactions on Industrial Informatics 14(8) (2018), 3590–3598. doi:10.1109/TII.2017.2780885.

25.

Garcia-Carrillo and

Marin-Lopez, Multihop bootstrapping with EAP through CoAP intermediaries for IoT, IEEE Internet of Things Journal 5(5) (2018), 4003–4017. doi:10.1109/JIOT.2018.2870984.

26.

Gentry, A fully homomorphic encryption scheme, Stanford University, 2009.

27.

Gentry, Fully homomorphic encryption using ideal lattices, in: STOC ’09: Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing, 2009, pp. 169–178. doi:10.1145/1536414.1536440.

28.

Hariss,

Noura and

A.E.

Samhat, Fully enhanced homomorphic encryption algorithm of MORE approach for real world applications, Journal of Information Security and Applications 34 (2017), 233–242. doi:10.1016/j.jisa.2017.02.001.

29.

Hariss,

Noura and

A.E.

Samhat, An efficient fully homomorphic symmetric encryption algorithm, Multimedia Tools and Applications 79 (2020), 12139–12164. doi:10.1007/s11042-019-08511-2.

30.

Hayward and

C.-C.

Chiang, Parallelizing fully homomorphic encryption for a cloud environment, Journal of Applied Research and Technology 13(2) (2015), 245–252. doi:10.1016/j.jart.2015.06.004.

31.

Huang and

Wang, A novel and efficient design for an RSA cryptosystem with a very large key size, IEEE Transactions on Circuits and Systems II: Express Briefs 62(10) (2015), 972–976. doi:10.1109/TCSII.2015.2458033.

32.

Jiang,

Xu,

Wang and

Lin, Statistical learning based fully homomorphic encryption on encrypted data, Soft Computing 21 (2017), 7473–7483. doi:10.1007/s00500-016-2296-6.

33.

B.-W.

Jin ,

J.-O.

Park and

H.-J.

Mun , A design of secure communication protocol using RLWE-based homomorphic encryption in IoT convergence cloud environment, Wireless Personal Communications 105 (2019), 599–618. doi:10.1007/s11277-018-6083-9.

34.

Jin,

Zhu and

Luo, Verifiable fully homomorphic encryption scheme, in: 2012 2nd International Conference on Consumer Electronics, Communications and Networks (CECNet), Yichang, 2012, pp. 743–746.

35.

G.P.

Kanna and

Vasudevan, A fully homomorphic–elliptic curve cryptography based encryption algorithm for ensuring the privacy preservation of the cloud data, Cluster Computing 22 (2019), 9561–9569. doi:10.1007/s10586-018-2723-9.

36.

M.G.

Kaosar,

Paulet and

Yi, Fully homomorphic encryption based two-party association rule mining, Data & Knowledge Engineering 76–78 (2012), 1–15. doi:10.1016/j.datak.2012.03.003.

37.

Kim,

Lee,

Shim,

J.H.

Cheon,

Kim,

Kim and

Song, Encrypting controller using fully homomorphic encryption for security of cyber-physical systems, IFAC-PapersOnLine 49(22) (2016), 175–180. doi:10.1016/j.ifacol.2016.10.392.

38.

A.V.N.

Krishna,

A.H.

Narayana and

K.M.

Vani, Fully homomorphic encryption with matrix based digital signature standard, Journal of Discrete Mathematical Sciences and Cryptography 20(2) (2017), 439–444. doi:10.1080/09720529.2015.1101882.

39.

Li, Leveled certificateless fully homomorphic encryption schemes from learning with errors, IEEE Access 8 (2020), 26749–26763. doi:10.1109/ACCESS.2020.2971342.

40.

Li,

Mou and

Lu, An improved ciphertext retrieval scheme based on fully homomorphic encryption, Wuhan University Journal of Natural Sciences 24 (2019), 218–222. doi:10.1007/s11859-019-1388-4.

41.

Liang, Symmetric quantum fully homomorphic encryption with perfect security, Quantum Information Processing 12 (2013), 3675–3687. doi:10.1007/s11128-013-0626-5.

42.

Liang, Quantum fully homomorphic encryption scheme based on universal quantum circuit, Quantum Information Processing 14 (2015), 2749–2759. doi:10.1007/s11128-015-1034-9.

43.

Liu, Efficient architecture and implementation for NTRU based system, 2015, Theses-Dissertations-Major-Papers.

44.

W.-J.

Lu,

Yamada and

Sakuma, Privacy-preserving genome-wide association studies on cloud environment using fully homomorphic encryption, BMC Medical Informatics and Decision Making (2015), 15. doi:10.1186/1472-6947-15-S5-S1.

45.

Ma,

Liang and

Wu, Homomorphic property-based concurrent error detection of RSA: A countermeasure to fault attack, IEEE Transactions on Computers 61(7) (2012), 1040–1049. doi:10.1109/TC.2011.121.

46.

Mahajan and

Sachdeva, A study of encryption algorithms AES, DES and RSA for security, Global Journal of Computer Science and Technology Network, Web & Security 1(15) (2013).

47.

Z.H.

Mahmood and

M.K.

Ibrahem, New fully homomorphic encryption scheme based on multistage partial homomorphic encryption applied, in: Cloud Computing, 2018 1st Annual International Conference on Information and Sciences (AiCIS), Fallujah, Iraq, 2018, pp. 182–186. doi:10.1109/AiCIS.2018.00043.

48.

Mainardi,

Barenghi and

Pelosi, Plaintext recovery attacks against linearly decryptable fully homomorphic encryption schemes, Computers & Security 87 (2019).

49.

Maitra,

M.S.

Obaidat,

Giri,

Dutta and

Dahal, ElGamal cryptosystem-based secure authentication system for cloud-based IoT applications, IET Networks 8(5) (2019), 289–298. doi:10.1049/iet-net.2019.0004.

50.

Mallaiah and

Ramachandram, Applicability of homomorphic encryption and CryptDB in social and business applications: Securing data stored on the third party servers while processing through applications, International Journal of Computer Applications 100(1) (2014), 5–19.

51.

Masoumi and

M.H.

Rezayati, Novel approach to protect advanced encryption standard algorithm implementation against differential electromagnetic and power analysis, IEEE Transactions on Information Forensics and Security 10(2) (2015), 256–265. doi:10.1109/TIFS.2014.2371237.

52.

Min,

Yang,

A.K.

Sangaiah,

Bai and

Liu, A privacy protection-oriented parallel fully homomorphic encryption algorithm in cyber physical systems, EURASIP Journal on Wireless Communications and Networking (2019).

53.

Moore,

O’Neill,

Hanley and

O’Sullivan, Accelerating integer-based fully homomorphic encryption using Comba multiplication, in: 2014 IEEE Workshop on Signal Processing Systems (SiPS), Belfast, 2014, pp. 1–6.

54.

Parihar and

Nakhate, Fast Montgomery modular multiplier for Rivest–Shamir–Adleman cryptosystem, IET Information Security 13(3) (2019), 231–238. doi:10.1049/iet-ifs.2018.5191.

55.

N.K.

Prema, Efficient secure aggregation in VANETs using fully homomorphic encryption (FHE), Mobile Networks and Applications 24 (2019), 434–442. doi:10.1007/s11036-018-1095-y.

56.

M.S.

Rahman,

Khalil,

Alabdulatif and

Yi, Privacy preserving service selection using fully homomorphic encryption scheme on untrusted cloud service platform, Knowledge-Based Systems 180 (2019), 104–115. doi:10.1016/j.knosys.2019.05.022.

57.

D.P.

Rajan,

S.J.

Alexis and

Gunasekaran, Dynamic multi-keyword based search algorithm using modified based fullyhomomorphic encryption and Prim’s algorithm, Cluster Computing 22 (2019), 11411–11424. doi:10.1007/s10586-017-1399-x.

58.

L.C.

Santos,

G.R.

Bilar and

F.D.

Pereira, Implementation of the fully homomorphic encryption scheme over integers with shorter keys, in: 2015 7th International Conference on New Technologies, Mobility and Security (NTMS), Paris, 2015, pp. 1–5.

59.

Shen,

Zhou,

He,

Zhang,

Sun and

Xiang, Block design-based key agreement for group data sharing in cloud computing, IEEE Transactions on Dependable and Secure Computing 16(6) (2019), 996–1010. doi:10.1109/TDSC.2017.2725953.

60.

Shen,

Wang,

Chen,

Wang and

Li, Efficient leveled (multi) identity-based fully homomorphic encryption schemes, IEEE Access 7 (2019), 79299–79310. doi:10.1109/ACCESS.2019.2922685.

61.

Simoens,

Bringer,

Chabanne and

Seys, A framework for analyzing template security and privacy in biometric authentication systems, IEEE Transactions on Information Forensics and Security 7(2) (2012), 833–841. doi:10.1109/TIFS.2012.2184092.

62.

Singh,

C.P.

Rangan and

A.K.

Banerjee, Lattice-based identity-based resplittable threshold public key encryption scheme, International Journal of Computer Mathematics 93(2) (2016), 289–307. doi:10.1080/00207160.2014.928286.

63.

Song,

Chen and

Chen, A multi-bit fully homomorphic encryption with shorter public key from LWE, IEEE Access 7 (2019), 50588–50594. doi:10.1109/ACCESS.2019.2909286.

64.

Sultan,

Yang,

A.A.E.

Hajomer and

Hu, Chaotic constellation mapping for physical-layer data encryption in OFDM-PON, IEEE Photonics Technology Letters 30(4) (2018), 339–342. doi:10.1109/LPT.2018.2789468.

65.

Sun,

Yu,

Wang,

Sun and

Zhang, Efficient identity-based leveled fully homomorphic encryption from RLWE, Security and communication networks 9(18) (2016), 5155–5165. doi:10.1002/sec.1685.

66.

Sun,

Zhang,

Sookhak,

Yu and

Xie, Utilizing fully homomorphic encryption to implement secure medical computation in smart cities, Personal and Ubiquitous Computing 21 (2017), 831–839. doi:10.1007/s00779-017-1056-7.

67.

F.H.

Wang,

Y.P.

Hu and

B.C.

Wang, Lattice-based linearly homomorphic signature scheme over binary field, Science China Information Sciences 56 (2013), 1–9.

68.

S.B.

Wang,

Zhu,

Ma and

R.Q.

Feng, Lattice-based key exchange on small integer solution problem, Science China Information Sciences 57 (2014), 1–12. doi:10.1007/s11432-014-5226-1.

69.

Wang,

Luo and

Li, A more efficient fully homomorphic encryption scheme based on GSW and DM schemes, Security and Communication Networks (2018), 14.

70.

Xu,

Wei,

Zhang,

Wang,

Zhou and

C.-Z.

Gao, Dynamic fully homomorphic encryption-based merkle tree for lightweight streaming authenticated data structures, Journal of Network and Computer Applications 107 (2018), 113–124. doi:10.1016/j.jnca.2018.01.014.

71.

Yang,

Zhang,

Yang,

Li and

Li, Targeted fully homomorphic encryption based on a double decryption algorithm for polynomials, Tsinghua Science and Technology 19(5) (2014), 478–485. doi:10.1109/TST.2014.6919824.

72.

Yasuda, Hamming distance computation for biometrics using ideal-lattice and ring-LWE homomorphic encryption, Information Security Journal: A Global Perspective 26(2) (2017), 85–103.

73.

Zhang,

Xu,

Jin,

Xie and

Zhao, Efficient fully homomorphic encryption from RLWE with an extension to a threshold encryption scheme, Future Generation Computer Systems 36 (2014), 180–186. doi:10.1016/j.future.2013.10.024.

Research perspectives on fully homomorphic encryption models for cloud sector 1

Abstract

Keywords

1. Introduction

2 Advanced Encryption Standard.

2.1. Fully homomorphic encryption

2.2. Categorization of fully homomorphic encryption

11 Homomorphic Encryption.

3. Literature review on fully homomorphic encryption

3.1. Lattice-based fully homomorphic encryption

12 Bilateral Inhomogeneous Small Integer Solution.

14 Sparse Subset Sum Problem.

17 Certificate Less Fully Homomorphic Encryption.

19 Fast Fourier Transform.

22 Multi-Key Fully Homomorphic Encryption.

25 Quadratic Parameters With Correction-Public Key Compression Somewhat Homomorphic Encryption.

4.1. Chronological review

4.2. Algorithmic classification and its improvements

39 Genome-Wide Association Studies.

40 Platform as a Services.

References

²
Advanced Encryption Standard.

¹¹
Homomorphic Encryption.

¹²
Bilateral Inhomogeneous Small Integer Solution.

¹⁴
Sparse Subset Sum Problem.

¹⁷
Certificate Less Fully Homomorphic Encryption.

¹⁹
Fast Fourier Transform.

²²
Multi-Key Fully Homomorphic Encryption.

²⁵
Quadratic Parameters With Correction-Public Key Compression Somewhat Homomorphic Encryption.

³⁹
Genome-Wide Association Studies.

⁴⁰
Platform as a Services.