# Homomorphic Comparison for Point Numbers with User-Controllable Precision and Its Applications

^{1}

^{2}

^{3}

^{4}

^{*}

## Abstract

**:**

## 1. Introduction

#### 1.1. Contributions

- Controllable precision. A key observation by Chung and Kim [9] is that when real numbers are expressed as a continued fraction (CF), partial quotients consisting of their CF representation can be taken as small integers (e.g., ${\mathbb{Z}}_{1024}$). Thus, encoding point numbers as CFs enables depth-efficient, real-valued computation, even with a small plaintext space. Our new observation is that CF representation allows users and servers to adjust the precision of point-number computation by controlling the number of partial quotients rather than by configuring the FHE parameters. Moreover, it is well known that a CF is the best approximation of a real number among all rational numbers with the same or smaller denominators. In practice, separating precision from the parameter setup may be beneficial because it is more convenient for the user and the design is more modular. We make use of this observation in depth-efficient homomorphic comparisons, including equality and greater-than, to obtain such benefits.
- Depth-efficient homomorphic comparisons of point numbers. We present three homomorphic comparison protocols—equality, less-than, and greater-than—that efficiently compare the encryption of two CF-encoded point numbers reporting an encrypted result. The key idea is that if two real numbers are the same, their CF representation will be the same; in essence, the equality test for two numbers in CF form is the same as that of the numbers in decimal form. Our equality test thus requires a multiplicative depth of $O(\mathrm{log}\kappa +\mathrm{log}n)$, where $\kappa $ is the bit length of the partial quotients and n is the number of partial quotients. Similarly, we devise less-than and greater-than algorithms by comparing two partial quotients at the same position from left to right. These algorithms also have multiplicative depths of $O(\mathrm{log}\kappa +\mathrm{log}n)$. Our results imply that the CF encoding of point numbers is much more suitable for homomorphic comparisons than for homomorphic computations, since comparison algorithms do not require heavy computation. Indeed, CF-based homomorphic computations need to run Gosper’s algorithm, which involves modular arithmetic over FHE encryptions. See ([9] §3.1) for details.)

#### 1.2. High-Level Sketch of Our Approach

**Example**

**1.**

#### 1.3. Applications

**Sorting.**Sorting is one of the most frequently used basic data manipulations. Well-known applications of sorting include conducting private auctions [10] and comparing genetic sequences [11], and more generic primitives, such as top-k queries [12] and (weighted) set intersection [13,14]. In [15], Chatterjee et al. studied a way to accelerate an FHE-based sorting algorithm. Unfortunately, their proposed approach requires 235 s to perform a bubble sort on five FHE ciphertexts whose underlying messages are 32-bit integers. In [16], Cetin et al. introduced a new sorting algorithm to optimize a multiplicative depth for efficient homomorphic sorting. The merge sort, which is known as the most efficient sorting algorithm, requires a depth of $O\left(N{\mathrm{log}}^{2}N\right)$ for data of size N, but the algorithm of Cetin et al. requires a multiplicative depth of $O(\mathrm{log}N+\mathrm{log}\ell )$, where ℓ is the size of the data.

**Machine learning.**Millions of people are generating tremendous amounts of data through the increased use of various electronic devices that are normally resource-constrained. Considering the continuously increasing power of modern computers, it is not probable that individuals will be able to keep up with this pace. Thus, one cost-effective approach to handle this asymmetry in computational resources is to rely on cloud computing. A natural solution to prevent privacy breaches of personal data stored in the cloud is to encrypt the data and delegate computations on encrypted data to the cloud.

**Private database queries.**Other useful applications of homomorphic comparisons include range queries over encrypted databases [21], algorithms for optimization problems in supply chain management [22,23], and privacy-preserving signal processing [24,25]. Note that these examples are a nonexhaustive list of promising applications of secure comparisons using FHE.

#### 1.4. Closely Related Work

**Structure of the paper.**In Section 2, we introduce definitions, cryptographic tools, and key building blocks for our construction along with a precise description of the system model and security goal. Section 3 provides a brief review of CFs. We then describe our proposed secure comparison algorithms in Section 4. Useful applications and results of our solutions are discussed in Section 5. Finally, Section 6 concludes the work.

## 2. Definitions and Cryptographic Tools

#### 2.1. System Model

#### 2.2. Fully Homomorphic Encryption

- Key generation.
- This algorithm takes the security parameter $\lambda $ and outputs a public encryption key $pk$, a public evaluation key $ek$, and a secret decryption key $sk$. We write the algorithm as $(pk,ek,sk)\leftarrow \mathtt{Kg}\left({1}^{\lambda}\right)$ and assume that the public key specifies the plaintext space $\mathtt{P}$ and the ciphertext space $\mathtt{C}$.
- Encryption.
- The algorithm $\overline{x}\leftarrow {\mathtt{En}}_{pk}\left(x\right)$ takes the public key $pk$ and a message $x\in \mathtt{P}$ and outputs a ciphertext $\overline{x}\in \mathtt{C}$.
- Decryption.
- The algorithm ${x}^{\ast}\leftarrow {\mathtt{De}}_{sk}\left(\overline{x}\right)$ takes the secret key $sk$ and a ciphertext c and outputs a message ${x}^{\ast}\in \mathtt{P}$.
- Homomorphic evaluation.
- This algorithm takes the evaluation key $ek$, a function $f:{\left({\{0,1\}}^{\ast}\right)}^{n}\to {\{0,1\}}^{\ast}$, and a set of n ciphertexts ${\overline{x}}_{1},\dots ,{\overline{x}}_{n}$, and outputs a ciphertext ${\overline{x}}_{f}$, denoted by ${\overline{x}}_{f}\leftarrow {\mathtt{Ev}}_{ek}(f,{\overline{x}}_{1},\dots ,{\overline{x}}_{n}).$

**Definition**

**1**

#### 2.3. Security Model

**Definition**

**2.**

#### 2.4. Homomorphic Comparison of Integers

#### 2.4.1. Equality

#### 2.4.2. Greater-Than and Less-Than

## 3. Rationale of CF Encoding

#### 3.1. Definitions

**Definition**

**3.**

- ${x}_{i}$ is called a partial quotient of X for each i.
- A CF X is finite if the number of partial quotients of some X is finite.

**Definition**

**4**

#### 3.2. Some Properties

**Theorem**

**1**

**Theorem**

**2**

**Theorem**

**3.**

**Proof.**

## 4. Homomorphic Comparison between FHE-Encrypted Point Numbers

#### 4.1. Comparisons of Two CF-Encoded Point Numbers **in the Clear**

#### 4.1.1. When $n=m$

**Case**

**1.**

**Case**

**2.**

**Case**

**3.**

#### 4.1.2. When $n\ne m$

**Theorem**

**4.**

Algorithm 1: Comparing two continued fractions in the clear | |

Input.$X=[{x}_{0};{x}_{1},\dots ,{x}_{n-1}]$ and $Y=[{y}_{0};{y}_{1},\dots ,{y}_{m-1}]$ | |

Output. The result of the comparison of X and Y | |

1: Find k such that k is the smallest index for which ${x}_{k}\ne {y}_{k}$ | |

2: if $\exists k$ then | |

3: Set $c\leftarrow {(-1)}^{k}({x}_{k}-{y}_{k})$ | |

4: if $c<0$ then | |

5: return $X<Y$ | |

6: else | |

7: return $X>Y$ | |

8: else | |

9: if $n=m$ then | |

10: return $X=Y$ | |

11: else if $n<m$ then | |

12: if n is odd then | |

13: return $X<Y$ | |

14: else | ▹n is even |

15: return $X>Y$ | |

16: else | |

17: if m is odd then | |

18: return $X<Y$ | |

19: else | ▹m is even |

20: return $X>Y$ |

#### 4.2. Our Homomorphic Comparisons over FHE Encryptions

#### 4.2.1. Equality Tests

**Lemma**

**1.**

**Proof.**

- (The first round.) A user sends two FHE encryptions $(\overline{X},\overline{Y})$ to a server.
- (The second round.) The server responds to the user by sending the result of homomorphically evaluating ${\mathtt{EQ}}_{\mathbb{R}}$ at the two FHE encryptions $\overline{X}$ and $\overline{Y}$.

#### 4.2.2. Greater-Than and Less-Than Tests

**Lemma**

**2.**

**Proof.**

- A user sends two FHE encryptions $(\overline{X},\overline{Y})$ to a server.
- The server responds to the user by sending the result of homomorphically evaluating ${\mathtt{GT}}_{\mathbb{R}}$ (reps. ${\mathtt{LT}}_{\mathbb{R}}$) for the two FHE encryptions $\overline{X}$ and $\overline{Y}$.

#### 4.3. Efficiency

**Remark**

**1.**

**Experimental setup.**Our experiments use a variant of the BGV FHE scheme [40] to implement the equality and comparison circuits on real numbers. A complete C++ implementation of the underlying FHE scheme is provided by Halevi and Shoup based on the number theoretic library NTL [51] (version 10.3.0), named HElib [52]. We also utilize Open Multi-Processing (OpenMP) [53] to take advantage of available processing cores to run code concurrently and efficiently. While HElib supports bootstrapping, we use a leveled variant of the BGV-type scheme that supports homomorphic evaluations up to a predefined level.

**Microbechmarks.**In the following, we demonstrates simple experiments for comparing the run times in the same setting. For this purpose, we select several random CFs by varying the number of partial quotients and express these numbers in decimal form with various degrees of precision. Then, we encrypt each encoding to generate two ciphertexts for these numbers. During setting up an instance of the FHE scheme, we chose the minimum FHE parameters that may guarantee correct evaluations. In Table 3, we compare the average run times with each encoding with various degrees of precision.

#### 4.4. Security

**Theorem**

**5**

**Theorem**

**6.**

**Proof.**

## 5. Applications

#### 5.1. Sorting on Encrypted Databases

**The construction.**Two fundamental operations of classical sorting algorithms are comparisons and swaps. Thus, the main goal of our construction is to use our comparison algorithms ${\mathtt{GT}}_{\mathbb{R}}$ and ${\mathtt{LT}}_{\mathbb{R}}$ to construct a swapping algorithm for two encrypted values. A swap operation takes a sequence of point numbers and outputs an ordered sequence. Without loss of generality, we consider only ascending order, but descending order can be easily obtained with small changes. For two encrypted point numbers $\overline{X}$ and $\overline{Y}$, swapping in ascending order is defined as

**Efficiency.**We focus on Gizem et al.’s two sorting algorithms, called direct sort and greedy sort [16]. The reason for considering the scheme is that different from existing algorithms with $O\left(N{\mathrm{log}}^{2}N\right)$ multiplicative depth, their scheme incurs merely $O(\mathrm{log}N+\mathrm{log}\ell )$ multiplicative depth for the size of the input list N and the bit size of the elements ℓ. More specifically, to sort N values, ${a}_{0},\dots ,{a}_{N-1}$, the protocol first builds an $N\times N$ matrix whose components $(i,j)$ are ${\mathtt{GT}}_{\mathbb{Z}}({a}_{i},{a}_{j})$ for $i,j\in \{0,1,N-1\}$. Because the sum of the i-th row of the matrix means the number of elements greater than ${a}_{i}$, it can sort all values according to this sum. Moreover, combining their algorithms with merge sort can provide better performance.

#### 5.2. Database Queries on Encrypted Databases

- What are the names of all patients whose preprandial plasma glucose levels were above 11.3450098875 mmol/L?
- What is the average age of female patients whose postprandial plasma glucose is below 13.10134111097 mmol/L?

**Search queries.**Search queries (a.k.a., retrieval queries) consist of a list of attributes, their owner table names, and a search condition. One way to offer reasonable performance is to encrypt only the private constant values in the search condition statement. Then, on receiving such a such query, the cloud database server can identify which attributes in a given table are compared to the encryptions of constants. In principle, search queries can be grouped into conjunctive queries and disjunctive queries. Conjunctive queries require that all predicates in a search condition should be satisfied, whereas disjunctive queries require that at least one predicate in a search condition only have to be satisfied.

**Aggregate queries.**Aggregate functions return a single resulting value based on a group of data that is formed by applying search queries; Examples include $\mathtt{sum},\mathtt{avg}$, and $\mathtt{count}$. For the purpose of arithmetic with CFs, we can use Gosper’s arithmetic algorithm in [62] between CFs. The algorithm allows arithmetic operations to be performed not only between two CFs but also between a CF and a rational number. More concretely, the algorithm receives two numbers $X,Y\in \mathbb{R}$ in CF form and outputs $F(X,Y):=(\alpha +\beta X+cY+\delta XY)/(\u03f5+fX+\zeta Y+\eta XY)$, where $\alpha ,\beta ,c,\delta ,\u03f5,f,\zeta ,\eta \in \mathbb{Z}$. For example, setting $\beta =1,c=-1,\u03f5=1$ indicates $F(X,Y)=X-Y$, setting $\delta =-1,\u03f5=1$ indicates $F(X,Y)=-X\xb7Y$, and setting $\alpha =2,\beta =1,\zeta =3$ indicates $F(X,Y)=(2+X)/3Y$. This implies that $F(X,Y)$ can express every primitive arithmetic operation, Therefore, we can evaluate every primitive arithmetic operation along with a two-variable linear fractional transformation.

## 6. Summary of Results

## Author Contributions

## Funding

## Acknowledgments

## Conflicts of Interest

## References

- Yao, A.C. How to generate and exchange secrets (extended abstract). In Proceedings of the 27th Annual Symposium on Foundations of Computer Science (SFCS 1986), Toronto, ON, Canada, 27–29 October 1986; pp. 162–167. [Google Scholar]
- Fouque, P.; Stern, J.; Wackers, J. CryptoComputing with rationals. In Financial Cryptography, Proceedings of the 6th International Conference, Bermuda, March, 11–14 March 2002; Springer: Berlin/Heidelberg, Germany, 2002; pp. 136–146. [Google Scholar]
- Catrina, O.; Saxena, A. Secure computation with fixed-point numbers. In Financial Cryptography and Data Security, Proceedings of the 14th International Conference, Tenerife, Canary Islands, 25–28 January 2010; Springer: Berlin/Heidelberg, Germany, 2010; pp. 35–50. [Google Scholar]
- Aliasgari, M.; Blanton, M.; Zhang, Y.; Steele, A. Secure computation on floating point numbers. In Proceedings of the NDSS Symposium 2013, San Diego, CA, USA, 24–27 February 2013. [Google Scholar]
- Dimitrov, V.; Kerik, L.; Krips, T.; Randmets, J.; Willemson, J. Alternative implementations of secure real numbers. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016; pp. 553–564. [Google Scholar]
- Ayday, E.; Raisaro, J.L.; McLaren, P.; Fellay, J.; Hubaux, J. Privacy-Preserving Computation of Disease Risk by Using Genomic, Clinical, and Environmental Data; Usenix HealthTech: Washington, DC, USA, 2013. [Google Scholar]
- Kamm, L.; Willemson, J. Secure floating point arithmetic and private satellite collision analysis. Int. J. Inf. Sec.
**2015**, 14, 531–548. [Google Scholar] [CrossRef] [Green Version] - Archer, D.W.; Bogdanov, D.; Pinkas, B.; Pullonen, P. Maturity and performance of programmable secure computation. IEEE Secur. Priv.
**2016**, 14, 48–56. [Google Scholar] [CrossRef] - Chung, H.; Kim, M. Encoding of rational numbers and their homomorphic computations for FHE-based applications. Int. J. Found. Comput. Sci.
**2018**, 29, 1023–1044. [Google Scholar] [CrossRef] - Bogetoft, P.; Damgård, I.; Jakobsen, T.P.; Nielsen, K.; Pagter, J.; Toft, T. A practical implementation of secure auctions based on multiparty integer computation. In Proceedings of the International Conference on Financial Cryptography and Data Security, Anguilla, UK, 27 February–2 March 2006; pp. 142–147. [Google Scholar]
- Jha, S.; Kruger, L.; Shmatikov, V. Towards practical privacy for genomic computation. In Proceedings of the 2008 IEEE Symposium on Security and Privacy (sp 2008) 2008, Oakland, CA, USA, 18–22 May 2008; pp. 216–230. [Google Scholar]
- Burkhart, M.; Dimitropoulos, X. Fast privacy-preserving top-k queries using secret sharing. In Proceedings of the International Conference on Computer Communications and Networks, Zurich, Switzerland, 2–5 August 2010; pp. 1–7. [Google Scholar]
- Many, D. Privacy-Preserving Collaboration in Network Security. Master’s Thesis, ETH Zürich, Zürich, Switzerland, 2009. [Google Scholar]
- Huang, Y.; Evans, D.; Katz, J. Private set intersection: Are garbled circuits better than custom protocols? In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, San Diego, CA, USA, 5–8 February 2012. [Google Scholar]
- Chatterjee, A.; Kaushal, M.; Sengupta, I. Accelerating sorting of fully homomorphic encrypted data. In Progress in Cryptology—INDOCRYPT, Proceedings of the 14th International Conference on Cryptology in India, Mumbai, India, 7–10 December 2013; Springer: Berlin/Heidelberg, Germany, 2013; pp. 262–273. [Google Scholar]
- Çetin, G.S.; Doröz, Y.; Sunar, B.; Savas, E. Depth optimized efficient homomorphic sorting. In Progress in Cryptology—LATINCRYPT; Springer: Cham, Switzerland, 2015; pp. 61–80. [Google Scholar]
- Bost, R.; Ada Popa, R.; Tu, S.; Goldwasser, S. Machine learning classification over encrypted data. In Proceedings of the NDSS Symposium 2015, San Diego, CA, USA, 8–11 February 2015. [Google Scholar]
- Wu, D.; Feng, T.; Naehrig, M.; Lauter, K. Privately evaluating decision trees and random forests. PoPETs
**2016**, 2016, 335–355. [Google Scholar] [CrossRef] [Green Version] - Rahulamathavan, Y.; Phan, R.C.; Veluru, S.; Cumanan, K.; Rajarajan, M. Privacy-preserving multi-class support vector machine for outsourcing the data classification in cloud. IEEE Trans. Dependable Sec. Comput.
**2014**, 11, 467–479. [Google Scholar] [CrossRef] [Green Version] - Erkin, Z.; Veugen, T.; Toft, T.; Lagendijk, R. Generating private recommendations efficiently using homomorphic encryption and data packing. IEEE Trans. Inf. Forensics Secur.
**2012**, 7, 1053–1066. [Google Scholar] [CrossRef] - Kim, H.I.; Choi, M.; Kim, H.J.; Chang, J.W. A secure range query processing algorithm for the encrypted database on the cloud. In Advanced Multimedia and Ubiquitous Engineering; Springer: Singapore, 2016; pp. 101–110. [Google Scholar]
- Catrina, O.; de Hoogh, S. Secure multiparty linear programming using fixed-point arithmetic. In Proceedings of the ESORICS, Athens, Greece, 20–22 September 2010; pp. 134–150. [Google Scholar]
- Kerschbaum, F.; Schröpfer, A.; Zilli, A.; Pibernik, R.; Catrina, O.; de Hoogh, S.; Schoenmakers, B.; Cimato, S.; Damiani, E. Secure collaborative supply-chain management. IEEE Comput.
**2011**, 44, 38–43. [Google Scholar] [CrossRef] [Green Version] - Piva, A.; Katzenbeisser, S. Signal processing in the encrypted domain. EURASIP J. Inf. Secur.
**2007**, 2007, 082790. [Google Scholar] [CrossRef] - Franz, M.; Katzenbeisser, S. processing encrypted floating point signal. In Proceedings of the thirteenth ACM multimedia workshop on Multimedia and Security, Buffalo, NY, USA, 29–30 September 2011; pp. 103–108. [Google Scholar]
- Paillier, P. Public-key cryptosystems based on composite degree residuosity classes. In Advances in Cryptology—EUROCRYPT; Springer: Berlin/Heidelberg, Germany, 1999; pp. 223–238. [Google Scholar]
- Jäschke, A.; Armknecht, F. Accelerating homomorphic computations on rational numbers. In Proceedings of the ACNS, London, UK, 19–22 June 2016; Springer: Cham, Switzerland, 2016; pp. 405–423. [Google Scholar]
- Costache, A.; Smart, N.; Vivek, V.; Waller, A. Fixed point arithmetic in SHE scheme. In Proceedings of the 23rd International Conference, St. John’s, NL, Canada, 10–12 August 2016; Volume 250. [Google Scholar]
- Bonte, C.; Bootland, C.; Bos, J.W.; Castryck, W.; Iliashenko, I.; Vercauteren, F. Faster homomorphic function evaluation using non-integral base encoding. In Cryptographic Hardware and Embedded Systems; Springer: Cham, Switzerland, 2017; pp. 579–600. [Google Scholar]
- Chen, H.; Laine, K.; Player, R.; Xia, Y. High-precision arithmetic in homomorphic encryption. In Proceedings of the Cryptographers’ Track at the RSA Conference, San Francisco, CA, USA, 16–20 April 2018; Springer: Cham, Switzerland, 2018; pp. 116–136. [Google Scholar]
- Cheon, J.H.; Kim, A.; Kim, M.; Song, Y.S. Homomorphic encryption for arithmetic of approximate numbers. In Advances in Cryptology—ASIACRYPT; Springer: Cham, Switzerland, 2017; pp. 409–437. [Google Scholar]
- Cheon, J.H.; Kim, D.; Kim, D.; Lee, H.; Lee, K. Numerical method for comparison on homomorphically encrypted numbers. In Advances in Cryptology—ASIACRYPT; Springer: Cham, Switzerland, 2019; pp. 415–445. [Google Scholar]
- Microsoft. SEAL: Simple Encrypted Arithmetic Library. 2014. Available online: https://www.microsoft.com/en-us/research/project/simpleencrypted-arithmetic-library/ (accessed on 2 February 2019).
- Togan, M.; Plesca, C. Comparison-based computations over fully homomorphic encrypted data. In Proceedings of the International Conference on Communications, Bangkok, Thailand, 10–12 October 2014; pp. 1–6. [Google Scholar]
- Gentry, C. Fully homomorphic encryption using ideal lattices. In Proceedings of the Annual ACM Symposium on Theory of Computing, Bethesda, MD, USA, 31 May–2 June 2009; pp. 169–178. [Google Scholar]
- Coron, J.; Mandal, A.; Naccache, D.; Tibouchi, M. Fully homomorphic encryption over the integers with shorter public keys. In Advances in Cryptology—CRYPTO, Proceedings of the 31st Annual Cryptology Conference, Santa Barbara, CA, USA, 14–18 August 2011; Springer: Berlin/Heidelberg, Germany, 2011; pp. 487–504. [Google Scholar]
- Ducas, L.; Micciancio, D. FHEW: Bootstrapping homomorphic encryption in less than a second. In Advances in Cryptology—EUROCRYPT, Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, 26–30 April 2015; Springer: Berlin/Heidelberg, Germany, 2015; pp. 617–640. [Google Scholar]
- Van Dijk, M.; Gentry, C.; Halevi, S.; Vaikuntanathan, V. Fully homomorphic encryption over the integers. In Advances in Cryptology—EUROCRYPT, Proceedings of the Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques, Monaco and Nice, France, 30 May–3 June 2010; Springer: Berlin/Heidelberg, Germany, 2010; pp. 24–43. [Google Scholar]
- Brakerski, Z.; Vaikuntanathan, V. Fully homomorphic encryption from Ring-LWE and security for key dependent messages. In Advances in Cryptology—CRYPTO, Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tallinn, Estonia, 15–19 May 2011; Springer: Berlin/Heidelberg, Germany, 2011; pp. 505–524. [Google Scholar]
- Brakerski, Z.; Gentry, C.; Vaikuntanathan, V. (Leveled) fully homomorphic encryption without bootstrapping. In Proceedings of the 3rd Innovations in Theoretical Computer Science Conference, New York, NY, USA, 8–10 January 2012; pp. 309–325. [Google Scholar]
- Bos, J.W.; Lauter, K.E.; Loftus, J.; Naehrig, M. Improved security for a ring-based fully homomorphic encryption scheme. In IMA International Conference on Cryptography and Coding; Springer: Berlin/Heidelberg, Germany, 2013; pp. 45–64. [Google Scholar]
- Goldwasser, S.; Micali, S. Probabilistic encryption. J. Comput. Syst. Sci.
**1984**, 28, 270–299. [Google Scholar] [CrossRef] [Green Version] - Goldreich, O. Foundations of Cryptography-Volume II Basic Applications; Cambridge University Press: Cambridge, UK, 2004. [Google Scholar]
- Cheon, J.H.; Kim, M.; Kim, M. Optimized search-and-compute circuits and their application to query evaluation on encrypted data. IEEE Trans. Inf. Forensics Secur.
**2016**, 11, 188–199. [Google Scholar] [CrossRef] - Kim, M.; Lee, H.T.; Ling, S.; Wang, H. On the efficiency of FHE-based private queries. IEEE Trans. Dependable Sec. Comput.
**2018**, 15, 357–363. [Google Scholar] [CrossRef] - Kim, M.; Lee, H.T.; Ling, S.; Ren, S.Q.; Tan, B.H.M.; Wang, H. Search condition-hiding query evaluation on encrypted databases. IEEE Access
**2019**, 7, 161283–161295. [Google Scholar] [CrossRef] - Gentry, C.; Halevi, S.; Smart, N. Fully homomorphic encryption with polylog overhead. In Advances in Cryptology—EUROCRYPT; Springer: Berlin/Heidelberg, Germany, 2012; pp. 465–482. [Google Scholar]
- Smart, N.P.; Vercauteren, F. Fully homomorphic SIMD operations. Des. Codes Cryptogr.
**2014**, 71, 57–81. [Google Scholar] [CrossRef] [Green Version] - Hardy, G.; Wright, E. An Introduction to the Theory of Numbers; Clarendon Press: Oxford, UK, 1979. [Google Scholar]
- Graepel, T.; Lauter, K.; Naehrig, M. ML confidential: Machine learning on encrypted data. In Proceedings of the International Conference on Information Security and Cryptology, Seoul, Korea, 27–29 November 2013; Springer: Berlin/Heidelberg, Germany, 2013; pp. 1–21. [Google Scholar]
- Shoup, V. NTL: A Library for Doing Number Theory Version 11.3.2. 2018. Available online: http://www.shoup.net/ntl/ (accessed on 2 February 2019).
- Halevi, S.; Shoup, V. HElib: Software Library for Homomorphic Encryption. 2018. Available online: http://github.com/shaih/HElib.git (accessed on 2 February 2019).
- OpenMP Architecture Review Board. OpenMP Application Program Interface Version 3.0, 2018. Available online: http://www.openmp.org/mp-documents/spec30.pdf (accessed on 2 February 2019).
- Agrawal, R.; Asonov, D.; Srikant, R. Enabling sovereign information sharing using web services. In Proceedings of the 2004 ACM SIGMOD international conference on Management of data, Paris, France, 13–18 June 2004; pp. 873–877. [Google Scholar]
- Boneh, D.; Lewi, K.; Raykova, M.; Sahai, A.; Zhandry, M.; Zimmerman, J. Semantically secure order-revealing encryption: Multi-input functional encryption without obfuscation. In Advances in Cryptology—EUROCRYPT, Proceedings of the 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, 26–30 April 2015. [Google Scholar]
- Chenette, N.; Lewi, K.; Weis, S.A.; Wu, D.J. Practical order-revealing encryption with limited leakage. In Fast Software Encryption; Springer: Berlin/Heidelberg, Germany, 2016; pp. 474–493. [Google Scholar]
- Lewi, K.; Wu, D.J. Order-revealing encryption: New constructions, applications, and lower bounds. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016; pp. 1167–1178. [Google Scholar]
- Durak, F.B.; DuBuisson, T.M.; Cash, D. What else is revealed by order-revealing encryption? In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016; pp. 1155–1166. [Google Scholar]
- Song, D.X.; Wagner, D.; Perrig, A. Practical techniques for searches on encrypted data. In Proceedings of the 2000 IEEE Symposium on Security and Privacy, Berkeley, CA, USA, 14–17 May 2000; pp. 44–55. [Google Scholar]
- Boneh, D.; Gentry, C.; Halevi, S.; Wang, F.; Wu, D.J. Private database queries using somewhat homomorphic encryption. In Applied Cryptography and Network Security; Springer: Berlin/Heidelberg, Germany, 2013; pp. 102–118. [Google Scholar]
- Cheon, J.H.; Kim, M.; Kim, M. Search-and-compute on encrypted data. In Proceeding of the 2000 International Conference on Financial Cryptography and Data Security, San Juan, Puerto Rico, 26–30 January 2015; pp. 1–18. [Google Scholar]
- Gosper, R. Continued fraction arithmetic. In HAKMEM Item 101B, MIT Artificial Intelligence Memo 239; The MIT Press: Cambridge, MA, USA, 1977. [Google Scholar]

Approach | Encoding Method | Operations | Logic Function Representation | Error in Comparison | Multiplicative Depth | Precision Control |
---|---|---|---|---|---|---|

[27] | Fixed-point | >, <, = | Boolean circuit | 0 | $\mathcal{O}\left(n\right)$ | × |

[32] | Fixed-point | max, min, = | Polynomial approximation | ${2}^{-\alpha}$ | $\{\mathrm{min},\mathrm{max}\}:\Theta \left(\alpha \right)$, $\{=\}:\alpha \mathrm{log}\alpha $ | × |

[34] | Fixed-point | max, min, = | Boolean circuit | 0 | $\mathcal{O}\left(\mathrm{log}\ell \right)$ | × |

Our work | CF | $>,<,=$ | Boolean circuit | 0 | $\mathcal{O}(\mathrm{log}n+\mathrm{log}k)$ | ◯ |

Algorithms | Measures | Values |
---|---|---|

${\mathtt{EQ}}_{\mathbb{R}}$ | Plaintext space | ${\mathbb{Z}}_{2}^{\kappa}$ |

# of Ciphertexts | n | |

Multiplicative depth | $\lceil \mathrm{log}\kappa \rceil +\lceil \mathrm{log}n\rceil $ | |

${\mathtt{GT}}_{\mathbb{R}}/{\mathtt{LT}}_{\mathbb{R}}$ | Plaintext space | ${\mathbb{Z}}_{2}^{\kappa}$ |

# of Ciphertexts | n | |

Multiplicative depth | $\lceil \mathrm{log}\kappa \rceil +\lceil \mathrm{log}n\rceil +2$ |

n | ℓ | k | Equality Test | Comparison Test | ||
---|---|---|---|---|---|---|

Ours | Decimal | Ours | Decimal | |||

3 | 3 | 5 | 0.686 | 0.884 | ||

10 | 0.361 | 0.777 | 2.108 | 2.050 | ||

20 | 1.311 | 5.119 | ||||

5 | 5 | 0.652 | 0.888 | |||

10 | 0.679 | 0.707 | 2.223 | 2.095 | ||

20 | 1.354 | 5.222 | ||||

7 | 5 | 0.577 | 0.884 | |||

10 | 0.717 | 0.719 | 2.227 | 2.116 | ||

20 | 1.251 | 5.289 | ||||

5 | 3 | 5 | 0.671 | 0.920 | ||

10 | 0.440 | 0.720 | 2.142 | 2.163 | ||

20 | 1.310 | 5.173 | ||||

5 | 5 | 0.657 | 0.942 | |||

10 | 0.759 | 0.748 | 4.155 | 2.075 | ||

20 | 1.330 | 5.268 | ||||

7 | 5 | 0.634 | 0.946 | |||

10 | 0.768 | 0.748 | 4.248 | 2.076 | ||

20 | 1.298 | 5.268 | ||||

7 | 3 | 5 | 0.631 | 0.867 | ||

10 | 0.488 | 0.704 | 2.389 | 2.109 | ||

20 | 1.330 | 5.266 | ||||

5 | 5 | 0.639 | 0.934 | |||

10 | 0.854 | 0.759 | 4.366 | 2.038 | ||

20 | 1.323 | 5.254 | ||||

7 | 5 | 0.688 | 0.836 | |||

10 | 0.927 | 0.811 | 4.554 | 2.163 | ||

20 | 1.334 | 5.430 |

© 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Chung, H.; Kim, M.; Badawi, A.A.; Aung, K.M.M.; Veeravalli, B.
Homomorphic Comparison for Point Numbers with User-Controllable Precision and Its Applications. *Symmetry* **2020**, *12*, 788.
https://doi.org/10.3390/sym12050788

**AMA Style**

Chung H, Kim M, Badawi AA, Aung KMM, Veeravalli B.
Homomorphic Comparison for Point Numbers with User-Controllable Precision and Its Applications. *Symmetry*. 2020; 12(5):788.
https://doi.org/10.3390/sym12050788

**Chicago/Turabian Style**

Chung, Heewon, Myungsun Kim, Ahmad Al Badawi, Khin Mi Mi Aung, and Bharadwaj Veeravalli.
2020. "Homomorphic Comparison for Point Numbers with User-Controllable Precision and Its Applications" *Symmetry* 12, no. 5: 788.
https://doi.org/10.3390/sym12050788