A Verifiable Fully Homomorphic Encryption Scheme for Cloud Computing Security

Performing smart computations in a context of cloud computing and big data is highly appreciated today. Fully homomorphic encryption (FHE) is a smart category of encryption schemes that allows working with the data in its encrypted form. It permits us to preserve confidentiality of our sensible data and to benefit from cloud computing powers. Currently, it has been demonstrated by many existing schemes that the theory is feasible but the efficiency needs to be dramatically improved in order to make it usable for real applications. One subtle difficulty is how to efficiently handle the noise. This paper aims to introduce an efficient and verifiable FHE based on a new mathematic structure that is noise free.


I. INTRODUCTION
Cloud computing has manifested as a powerful computing model in the last decade, with numerous advantages both to clients and providers.One of the obvious huge advantage is that clients can delegate their complex computations and benefit from the best technologies and computation powers at low costs.The cost benefits presented by cloud technologies is one of the major arguments that justify the spreading of cloud computing in many industries.During the last few years, enterprises culture of accepting cloud computing was developed and many companies had shown their ready to adhere cloud and benefit from its capacities, but businesses are now finding that there is a number of security issues that have to be treated when venturing into the cloud.
Privacy of sensible data is one of most important security issues.Leakage of some data can cause huge damages to its owners.In general, to save privacy of our data it is advised to encrypt it before storing it on a remote cloud server.Using classical encryption schemes as RSA, AES, 3DES… allows clients to preserve data privacy during transmission to the cloud, but if a client requests the cloud to perform a complex treatment on its data, he should share his private key with the remote cloud server.This traditional use of cryptography may not be the best solution in terms of privacy, especially if we consider the cloud as an untrusted part.
One solution to this problematic is doing smart computations on encrypted data, this idea was early introduced by Rivest, Adleman and Dertozous in 1978 [1], authors conjectured the existence of a privacy homomorphism.Today we are using the notion of Fully Homomorphic Encryption (FHE) rather than privacy homomorphism.1) are considered as the next generation algorithms for cryptography, it is a type of smart encryption cryptosystems that support arbitrary computations on ciphertexts without ever needing to decrypt or reveal it.In a context of cloud computing and distributed computation this is a highly precious power.In fact, a significant application of fully homomorphic encryption is to big data and cloud computing.Generally, FHE is used in outsourcing complex computations on sensitive data stored in a cloud as it can be employed in specific applications for big data like secure search on encrypted big data and private information retrieval.It was an open problem until the revolutionary work of Gentry in 2009 [2].In his thesis, Gentry proposed the first adequate fully homomorphic encryption scheme by exploiting properties of ideal lattices.
Gentry's construction is based on his bootstrapping theorem which provides that given a somewhat homomorphic encryption scheme (SWHE) that can evaluate homomorphically its own decryption circuit and an additional NAND gate, we can pass to a "levelled" fully homomorphic encryption scheme and so obtain a FHE scheme by assuming circular security.The purpose of using bootstrapping technique is to allow refreshment of ciphertexts and reduce noise after its growth.
Gentry's construction is not a single algorithm but it considered as a framework that inspires cryptologists to build new fully homomorphic encryption schemes [3, 4, 5, 6…].A FHE cryptosystem that uses Gentry's bootstrapping technique can be classified in the category of noisebased fully homomorphic encryption schemes [7].If this class of cryptosystems has the advantage to be robust and more secure, it has the drawback to be not efficient in terms of runtime and ciphertext size.In several works followed Gentry's one, many techniques of noise management are invented to improve runtime efficiency and to minimise ciphertext and key size's [8,9,10...], but the problematic of designing a practical and efficient fully homomorphic encryption scheme remains the same until now.
In the literature we can locate a second category called free-noise fully homomorphic encryption schemes which do not need a technique of noise management to refresh ciphertexts.In a free-noise fully homomorphic encryption scheme one can do infinity of operations on the same ciphertext without noise growing.This class of encryption schemes is known as faster than the previous one, involves simple operations to evaluate circuits on ciphertexts and do not require a noise management technique, but it suffers from security problems because the majority of designed schemes are cryptanalyzed today.
A verifiable encryption scheme is a cryptosystem that allows us to prove some properties about an encrypted value without disclosing it.If the verification option is combined with homomorphic capacities in the same encryption scheme, it becomes a verifiable fully homomorphic encryption scheme (VFHE).Consequently, a VFHE scheme (figure 2) is a very smart scheme that we can use to outsource complex computations on sensible data to a remote cloud server.It allows the client to verify the correctness of its delegated computations.
In this work, we will adopt the free-noise approach to design an efficient verifiable fully homomorphic encryption scheme.We will try to overcome the problem of weak security through using the ring of quaternions.

II. OUR TECHNIQUES AND RESULTS
We propose an efficient and verifiable noise-free fully homomorphic encryption scheme that uses the ring of Lipschitz's quaternions and permits computations over encrypted data under a symmetric key; our scheme permits us to verify if the computation was performed in its correct form.We exploit properties of non-commutativity of Lipschitz integers to build our efficient encryption scheme.

III. MATHEMATICAL BACKGROUND A. Quaternionique field ℍ
A quaternion is a number in a general sense.Quaternions encompass real and complex numbers in a number system where multiplication is no longer a commutative law.
The quaternions were introduced by the Irish mathematician William Rowan Hamilton in 1843.
They now find applications in mathematics, physics, computer science and engineering.
Mathematically, the set of quaternions ℍ is a noncommutative associative algebra on the field of real numbers ℝ generated by three elements ,    satisfying relations: Concretely, any quaternion  is written uniquely in the form:  =  +  +  +  where , ,    are real numbers.

The quaternion
A quaternion  is invertible if and only if its modulus is non-zero, and we have

C. Ring of Lipschitz integers
The set of quaternions defined as follows: A modular quaternion of Lipschitz q ∈ ℍ(ℤ/nℤ) is invertible if and only if its module and the integer  are coprime numbers, i.e |q| 2 ∧ n = 1.
There are two ways of multiplying the quaternion matrices: The Hamiltonian product, which respects the order of the factors, and the octonionique product, which does not respect it.
The Hamiltonian product is defined as for all matrices with coefficients in a ring (not necessarily commutative).For example: The octonionique product does not respect the order of the factors: on the main diagonal, there is commutativity of the second products and on the second diagonal there is commutativity of the first products.In our article we will adopt the Hamiltonian product as an operation of multiplication of the quaternionique matrices.

E. Schur complement and inversibility of quaternionique matrices
Let ℛ be an arbitrary associative ring, a matrix  ∈ ℛ × is supposed to be invertible if ∃ ∈ ℛ × such that  =  =   where  is necessarily unique.
The Schur complement method is a very powerful tool for calculating inverse of matrices in rings.Let  ∈ ℛ × be a matrix per block satisfying: Suppose that  is invertible, we have: where The inversibility of  ensures that the matrix  is invertible if and only if   is invertible.The inverse of  is: ).
For a quaternionique matrix where the quaternion  is invertible as well as its Schur complement   =  −  −1  we have  is invertible and: ).
Therefore, to randomly generate an invertible quaternionique matrix, it suffices to:  Choose randomly three quaternions ,    for which  is invertible. Select randomly the fourth quaternion  such that the Schur complement   =  −  −1  of  in  is invertible.

IV. A VERIFIABLE FHE SCHEME
We place ourselves in a context where Bob wants to store confidential data in a very powerful but nonconfident cloud.Bob will later need to execute complex processing on his data, of which he does not have the necessary computing powers to perform it.At this level he thinks for, at first, the encryption of his sensitive data to avoid any fraudulent action.But the ordinary encryption, which he knows, does not allow the cloud to process his calculation requests without having decrypted the data stored beforehand, which impairs their confidentiality.Bob asks if there is a convenient and efficient type of encryption to process his data without revealing it to the cloud.
The answer to Bob's question is favorable, in fact since 2009 there exist so-called fully homomorphic encryption, the principle of which is quite simple: doing computations on encrypted data without thinking of any previous decryption.
As the cloud is unconfident, computations over encrypted data may be false or done incorrectly.Bob must have tools to verify the veracity of the demanded computations.For this purpose, the cloud must show Bob a proof, which can be verified by Bob on receipt, of the exactitude of the performed operations.This proof is an additional service offered by the used fully homomorphic scheme.
In order to profitably benefit from the technological advance of the cloud computing and to outsource its heavy calculations comfortably, Bob needs a robust highly secure and verifiable fully homomorphic encryption scheme whose operations, addition and multiplication, are done in a judicious time, whose noise generated during a treatment is manageable and of which he has a proof of exactitude of the performed operations on encrypted data.
To help Bob take full advantage of the powers of the cloud, we introduce a probabilistic symmetric and verifiable fully homomorphic encryption scheme without noise.The addition and multiplication operations generate no noise.We can describe our cryptosystem as follows:

Key generation
-Bob generates randomly two big prime numbers p and q.
-Bob generates randomly an invertible matrix such that  1 is an invertible matrix.
-Bob calculates the inverse of  and  1 , Which will be denoted  −1 and  1 −1 .

Encryption
Lets  ∈ ℤ N 2 ℤ ⁄ be a clear text.To encrypt  Bob proceed as follows: -Bob transforms  into a quaternion: -Bob generates a matrix: such that  1 and  2 ∈ ℍ(ℤ   ℤ ⁄ ) are randomly generated.
-Then he takes the first inputs of the resulting matrices  = () 1,1 and ′ = (′) 1,1 -Finally, he recovers his clear message by verifying if  =   =  ′ .If the verification is true, then the clear message returned is σ otherwise the ciphertext has been modified.

V. Security of the Scheme
Ciphertext indistinguishability is an important security property of many encryption schemes.Intuitively, if a cryptosystem possesses the property of indistinguishability, then an adversary will be unable to distinguish pairs of ciphertexts based on the message they encrypt.
It is easy to see that a fully homomorphic encryption scheme cannot be secure against adaptive chosen ciphertext attacks (IND-CCA2).

The adversary:
We are protecting ourselves from an adversary , who:  Is a probabilistic polynomial time Turing machine. Has all the algorithms. Has full access to communication media.

Chosen Ciphertext Attack
In this model, the attack assumes that the adversary  has access to an encryption oracle and that the adversary can choose an arbitrary number of plaintexts to be encrypted and obtain the corresponding ciphertexts.In addition, the adversary  gains access to a decryption oracle, which decrypts arbitrary ciphertexts at the adversary's request, returning the plaintext.

Startup
1.The challenger generates a secret key  based on some security parameter  (e.g., a key size in bits) and retains it.2. The adversary  may ask the encryption oracle for any number of encryptions, calls to the decryption oracle based on arbitrary ciphertexts, or other operations.3. Eventually, the adversary  submits two distinct chosen plaintexts  0 ,  1 to the challenger.

The Challenge
4. The challenger selects a bit  ∈ {0,1} uniformly at random, and sends the "challenge" ciphertext  = (,   ) back to the adversary.The adversary is free to perform any number of additional computations or encryptions.a.In the non-adaptive case (IND-CCA), the adversary may not make further calls to the decryption oracle before guessing.b.In the adaptive case (IND-CCA2), the adversary may make further calls to the decryption oracle, but may not submit the challenge ciphertext C. 5.In the end it will guess the value of .

+ 𝜀
where is a negligible function in the security parameter .
is the advantage of the given adversary in distinguishing the ciphertext.
In our situation, the adversary  should distinguish an encryption of zero from an encryption of one after asking the encryption oracle of a number of encryptions and the decryption oracle to decrypt arbitrary ciphertexts.The adversary  can do operations on the two given ciphertexts to distinguish zero from one, as he can do operations on the entire ciphertext matrices or just to use some entrees (the diagonal of ciphertexts matrices).In our case, even if the diagonal of  determines completely the invertibility of , an encryption of a cleartext  ∈ ℤ N 2 ℤ ⁄ is always non invertible because of the choice of the last component of the matrix ′′, which is null.Therefore, an adversary cannot then distinguish encryptions of units from encryptions of non-units.Consequently, the attack proposed on Li-Wang's scheme [10] in [12] do not work for our case.Based on these assumptions, we believe that our fully homomorphic encryption scheme is indistinguishable under chosen ciphertext attacks (IND-CCA1).
Concerning the security of the secret key: Given a random secret key of our encryption scheme:  = ( ).
Therefore, we obtain sixteen equations issued from matrix operations.
According to the decryption algorithm, the plaintext  can be obtained by the equation: (1)  = (  1).Since our fully homomorphic encryption scheme is probabilistic, these sixteen equations are randomly independent even if the encrypted messages are the same one.Therefore finding the secret key is equivalent to a problem of solving an over-defined system of quadratic multivariate polynomial equations in a noncommutative ring.As it is shown in table 1, our cryptosystem presents good performances compared to other existing schemes.Its ciphertext and key sizes depend linearly to cleartext space dimension.The other schemes use a small cleartext space which influences the runtime of the algorithm.In our case we are using a large cleartext space which allows us to encrypt big messages and perform computations directly on ciphertexts.We can observe that the complexity of Li-Wang's scheme is smaller than ours, but this scheme uses a smaller cleartext space and it is not a verifiable scheme.

VII. CONCLUSION AND PERSPECTIVES:
In this paper, we presented a new verifiable fully homomorphic encryption scheme.It is symmetric, noise free and probabilistic cryptosystem, for which the ciphertext space is a non-commutative ring quaternionic based.The cleartext can be a large number  ∈ ℤ N 2 ℤ ⁄ .Our encryption scheme finds its effective applications in the domain of smart computations on encrypted data in cloud computing as it can be applied also to big data security.It is an efficient and practical scheme whose security is based on the problem of solving an over-defined system of quadratic multivariate polynomial equations in a non-commutative ring.In the next work we will implement this cryptosystem and proof its security.

Figure 1 :
Figure 1: Fully Homomorphic Encryption diagram FHE schemes (figure1) are considered as the next generation algorithms for cryptography, it is a type of smart encryption cryptosystems that support arbitrary computations on ciphertexts without ever needing to decrypt or reveal it.In a context of cloud computing and distributed computation this is a highly precious power.In fact, a significant application of fully homomorphic encryption is to big data and cloud computing.Generally, FHE is used in outsourcing complex computations on sensitive data stored in a cloud as it can be employed in specific applications for big data like secure search on encrypted big data and private


Again, the adversary  wins the game if it guesses the bit .

Table 1 :
comparison of the performances of FHE schemes