David Bruce Cousins

A Scalable Implementation of Fully Homomorphic Encryption Built on NTRU

In this paper we report on our work to design, implement and evaluate a Fully Homomorphic Encryption (FHE) scheme. Our FHE scheme is an NTRU-like cryptosystem, with additional support for efficient key switching and modulus reduction operations to reduce the frequency of bootstrapping operations. Ciphertexts in our scheme are represented as matrices of 64-bit integers. The basis of our design is a layered software services stack to provide high-level FHE operations supported by lower-level lattice-based primitive implementations running on a computing substrate. We implement and evaluate our FHE scheme to run on a commodity CPU-based computing environment. We implemented our FHE scheme to run in a compiled C environment and use parallelism to take advantage of multi-core processors. We provide experimental results which show that our FHE implementation provides at least an order of magnitude improvement in runtime as compared to recent publicly known evaluation results of other FHE software implementations.

Understanding encrypted networks through signal and systems analysis of traffic timing

Recent studies have shown that signal-processing techniques are quite valuable for the modeling and analysis of modern networks and network traffic [1] [2]. However, to date most of these studies have focused on characterizing the multi-scale and long-memory stochastic nature of single streams or traces of non-encrypted network traffic. The key approach used has been to transform traces of packet arrival times and/or packet size into encoded time signals, which then allow analysts to perform standard statistical and timefrequency-scale signal analyses. In this paper we summarize some of our results which show that under this analysis, traces from both wireless and wire-line networks leak useful information about the properties of the network and applications under examination, even when the actual packets are encrypted or attempts are made to mask the traffic timing. Furthermore, when multiple signal techniques are used between individual time streams, even more information about the underlying routing and flows can be uncovered.

An FPGA co-processor implementation of Homomorphic Encryption

One of the goals of the DARPA PROCEED program has been accelerating the development of a practical Fully Homomorphic Encryption (FHE) scheme. For the past three years, this program has succeeded in accelerating various aspects of the FHE concept toward practical implementation and use. FHE is a game-changing technology to enable secure, general computation on encrypted data on untrusted off-site hardware, without the data ever being decrypted for processing. FHE schemes developed under PROCEED have achieved multiple orders of magnitude improvement in computation, but further means of acceleration, such as implementations on specialized hardware, such as an FPGA can improve the speed of computation even further. The current interest in FHE computation resulted from breakthroughs demonstrating the existence of FHE schemes [1, 2] that allowed arbitrary computation on encrypted data. Specifically, our contribution to the Proceed program has been the development of FPGA based hardware primitives to accelerate the computation on encrypted data using an FHE cryptosystem based on NTRU-like lattice techniques [3] with additional with additional support for efficient key switching and modulus reduction operations to reduce the frequency of bootstrapping operations [4]. Cipher texts in our scheme are represented as rectangular matrices of 64-bit integers. This bounding of the oper-and sizes has allowed us to take advantage of modern code generation tools developed by Mathworks to implement VHDL code for FPGA circuits directly from Simulink models. Furthermore the implicit parallelism of the scheme allows for large amounts of pipelining in the implementation in order to achieve efficient throughput. The resulting VHDL is integrated into an AXI4 bus “Soft System on Chip” using Xilinx platform studio and a Microblaze soft core processor running on a Virtex7 VC707 evaluation board. This report presents new Simulink primitives that had to be developed to deal with these new requirements.

Practical implementations of program obfuscators for point functions

Point function obfuscators have recently been shown to be the first examples of program obfuscators provable under hardness assumptions commonly used in cryptography. This is remarkable, in light of early results in this area, showing impossibility of a single obfuscation solution for all programs. Point functions can be seen as functions that return 1 if the input value is equal to a secret value stored in the program, and 0 otherwise. In this paper, we select representative point function obfuscators from the literature, state their theoretical guarantees, and report on their (slightly) optimized implementations. We show that implementations of point function obfuscators, satisfying different obfuscation notions, can be used with practical performance guarantees. Notable implementation results due to our design and coding optimizations are: (a) very fast obfuscators based on group theory, and (b) obfuscators based on lattice theory with running time <; 8s, using inexpensive computing resources.

Practical Implementation of Lattice-Based Program Obfuscators for Point Functions

Lattice-based cryptography has recently produced several time-efficient cryptosystems that are provably secure under assumptions that are not known to be more easily solvable by quantum computers. An interesting research direction is improving their storage complexity, as current solutions are far from practical with respect to this metric. In this paper we show that program obfuscators for point functions based on lattice theory which are time-efficient, storage-efficient, and provably secure under studied modifications of assumptions commonly studied in lattice-based cryptography (i.e., LWE and LWR assumptions). Point function obfuscators have recently been shown to be the first examples of program obfuscators provable under hardness assumptions commonly used in cryptography. Point functions can be seen as functions that return 1 if the input value is equal to a secret value stored in the program, and 0 otherwise. Notable implementation results due to our design and coding optimizations are: (a) a point function obfuscator based on a modified LWR assumption with running time 0.01s and storage less than 100B, and (b) a point function obfuscator based on modified LWE assumption with running time 0.2s and storage less than 35KB, both using commodity computing resources.

Scalable, Practical VoIP Teleconferencing With End-to-End Homomorphic Encryption

We present an approach to scalable, secure voice over IP (VoIP) teleconferencing on commodity mobile devices and data networks with end-to-end homomorphic encryption. We assume an honest-but-curious threat model where an adversary, despite observing all communications between participants and having access to teleconferencing servers, is unable to obtain unencrypted data and subsequently listen to the conversation. Prior secure VoIP teleconferencing services have relied on: 1) teleconferencing clients to maintain point-to-point encrypted links with other clients or 2) a teleconferencing server which can access and manipulate VoIP streams unencrypted. Our approach mixes VoIP data streams at a single teleconferencing server only while encrypted. Data streams are never decrypted at the teleconferencing server. Innovation comes from an efficient VoIP encoding to reduce circuit depth for homomorphic mixing of encrypted VoIP data, parameterization for low bandwidth usage and integration into an existing open-source VoIP infrastructure. We experimentally evaluate on commodity iPhones, mixing at the VoIP servers on lowest cost Amazon AWS cloud server instances and communicating on commercial data networks and 802.11n access points.

Designing an FPGA-Accelerated Homomorphic Encryption Co-Processor

In this paper we report on our advances designing and implementing an FPGA-based computation accelerator as part of a Homomorphic Encryption Processing Unit (HEPU) co-processor. This hardware accelerator technology improves the practicality of computing on encrypted data by reducing the computational bottlenecks of lattice encryption primitives that support homomorphic encryption schemes. We focus on accelerating the Chinese Remainder Transform (CRT) and inverse Chinese Remainder Transform (iCRT) for power-of-2 cyclotomic rings, but also accelerate other basic ring arithmetic such as Ring Addition, Ring Subtraction and Ring Multiplication. We instantiate this capability in a Xilinx Virtex-7 FPGA that can attach to a host computer through either a PCI-Express port or Ethernet. We focus our experimental performance analysis on the NTRU-based LTV Homomorphic Encryption scheme. This is a leveled homomorphic encryption scheme, but our accelerator is compatible with other lattice-based schemes and recent improved bootstrapping designs to support arbitrary depth computation. We experimentally compare performance with a reference software implementations of the CRT and iCRT bottlenecks and when used in a practical application of encrypted string comparison.