homomorphic encryption - ist ... - heidelberg university · crypto 101fully homomorphic encryption...
TRANSCRIPT
Crypto 101 Fully Homomorphic Encryption CryptDB
Homomorphic EncryptionIst kunstliche Intelligenz gefahrlich?
Carine Dengler
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Table of Contents
1 Crypto 101
2 How-to Fully Homomorphic Encryption
3 CryptDBIntroCryptDB
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Intro
confidentiality
authentication
integrity
non-repudiation
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Symmetric Encryption
(K , P, C , KeyGen, Enc , Dec)
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Symmetric Encryption
(K , P, C , KeyGen, Enc , Dec)
keyspace
k ∈ K key
KeyGen outputs k ∈ K s.t. length k ≥ n
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Symmetric Encryption
PLAINTEXT
(K , P, C , KeyGen, Enc , Dec)
plaintext space
m ∈ P plaintext
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Symmetric Encryption
(K , P, C , KeyGen, Enc , Dec)
ciphertext space
c ∈ C ciphertext
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Symmetric Encryption
PLAINTEXT
(K , P, C , KeyGen, Enc , Dec)
encryption algorithm
Enc : K × P → C , (k ,m) 7→ c
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Symmetric Encryption
PLAINTEXT
(K , P, C , KeyGen, Enc , Dec)
encryption algorithm
Enc : K × P → C , (k ,m) 7→ c
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Symmetric Encryption
PLAINTEXT
(K , P, C , KeyGen, Enc , Dec)
encryption algorithm
Enc : K × P → C , (k ,m) 7→ c
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Symmetric Encryption
PLAINTEXT
(K , P, C , KeyGen, Enc , Dec)
decryption algorithm
Dec : K × C → P, (k, c) 7→ m
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Symmetric Encryption
(K , P, C , KeyGen, Enc , Dec)
DES (Data Encryption Standard)
AES (Advanced Encryption Standard)
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Asymmetric Encryption
(K , P, C , KeyGen, Enc , Dec)
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Asymmetric Encryption
(K , P, C , KeyGen, Enc , Dec)
(pk, sk) ∈ K s.t. length pk ≥ n and length sk ≥ n
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Asymmetric Encryption
PLAINTEXT
(K , P, C , KeyGen, Enc , Dec)
Enc(pk ,m) = c
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Asymmetric Encryption
PLAINTEXT
(K , P, C , KeyGen, Enc , Dec)
Dec(sk , c) = m
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Asymmetric Encryption
(K , P, C , KeyGen, Enc , Dec)
RSA
ElGamal
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Correctness
PLAINTEXTPLAINTEXT
Dec(k ,Enc(k ,m)) = m, k ∈ K ,m ∈ P
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Correctness
PLAINTEXTPLAINTEXT
Dec(sk ,Enc(pk,m)) = m, (pk, sk) ∈ K ,m ∈ P
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Kerckhoff’s Principle
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Table of Contents
1 Crypto 101
2 How-to Fully Homomorphic Encryption
3 CryptDBIntroCryptDB
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Intro
PLAINTEXT PLAINTEXT
∀f ∈ F and ci with Enc(pk,mi ) = ci ,mi ∈ P, i = 1, . . . , t :Eval(pk, f , c1, ..., ct) = cEval s.t.Dec(sk , cEval) = f (m1, ...,mt)
ElGamal
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Intro
(K ,P,C ,KeyGen,Enc ,Dec ,Eval , F)
∀f ∈ F and ci with Enc(pk,mi ) = ci ,mi ∈ P, i = 1, . . . , t :Eval(pk, f , c1, ..., ct) = cEval s.t.Dec(sk , cEval) = f (m1, ...,mt)
ElGamal
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Intro
PLAINTEXT PLAINTEXT
∀f ∈ F and ci with Enc(pk,mi ) = ci ,mi ∈ P, i = 1, . . . , t :Eval(pk, f , c1, ..., ct) = cEval s.t.Dec(sk , cEval) = f (m1, ...,mt)
ElGamal
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Intro
PLAINTEXT PLAINTEXT
∀f ∈ F and ci with Enc(pk,mi ) = ci ,mi ∈ P, i = 1, . . . , t :Eval(pk, f , c1, ..., ct) = cEval s.t.Dec(sk , cEval) = f (m1, ...,mt)
ElGamal
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Requirements
manipulations
leaked information
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Starting Point
f can be expressed as a boolean circuit
evaluate gates for x , y ∈ {0, 1}AND(x , y) = xyOR(x , y) = 1− (1− x)(1− y)NOT(x , y) = 1− x
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Starting Point
f can be expressed as a boolean circuit
evaluate gates for x , y ∈ {0, 1}AND(x , y) = xyOR(x , y) = 1− (1− x)(1− y)NOT(x , y) = 1− x
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Somewhat Homomorphic Encryption Scheme (Symmetric)
KeyGen(n) = p s.t. p ∈ Z, p odd
Enc(p,m) = m′ + pq, m ∈ {0, 1} with m′ n-bit lengthnumber s.t. m′ mod 2 = m mod 2, q random number
Dec(p, c) = (c mod p) mod 2
c mod p = m′ noise associated to c
m′ ∈ (−p2 ,
p2 )
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Somewhat Homomorphic Encryption Scheme (Symmetric)
KeyGen(n) = p s.t. p ∈ Z, p odd
Enc(p,m) = m′ + pq, m ∈ {0, 1} with m′ n-bit lengthnumber s.t. m′ mod 2 = m mod 2, q random number
Dec(p, c) = (c mod p) mod 2
c mod p = m′ noise associated to c
m′ ∈ (−p2 ,
p2 )
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Somewhat Homomorphic Encryption Scheme (Symmetric)
KeyGen(n) = p s.t. p ∈ Z, p odd
Enc(p,m) = m′ + pq, m ∈ {0, 1} with m′ n-bit lengthnumber s.t. m′ mod 2 = m mod 2, q random number
Dec(p, c) = (c mod p) mod 2
c mod p = m′ noise associated to c
m′ ∈ (−p2 ,
p2 )
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Somewhat Homomorphic Encryption Scheme (Symmetric)
KeyGen(n) = p s.t. p ∈ Z, p odd
Enc(p,m) = m′ + pq, m ∈ {0, 1} with m′ n-bit lengthnumber s.t. m′ mod 2 = m mod 2, q random number
Dec(p, c) = (c mod p) mod 2
c mod p = m′ noise associated to c
m′ ∈ (−p2 ,
p2 )
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Somewhat Homomorphic Encryption Scheme (Symmetric)
KeyGen(n) = p s.t. p ∈ Z, p odd
Enc(p,m) = m′ + pq, m ∈ {0, 1} with m′ n-bit lengthnumber s.t. m′ mod 2 = m mod 2, q random number
Dec(p, c) = (c mod p) mod 2
c mod p = m′ noise associated to c
m′ ∈ (−p2 ,
p2 )
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Somewhat Homomorphic Encryption Scheme (Symmetric)
KeyGen(n) = p s.t. p ∈ Z, p odd
Enc(p,m) = m′ + pq, m ∈ {0, 1} with m′ n-bit lengthnumber s.t. m′ mod 2 = m mod 2, q random number
Dec(p, c) = (c mod p) mod 2
c mod p = m′ noise associated to c
m′ ∈ (−p2 ,
p2 )
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Somewhat Homomorphic Encryption Scheme (Symmetric)
KeyGen(n) = p s.t. p ∈ Z, p odd
Enc(p,m) = m′ + pq, m ∈ {0, 1} with m′ n-bit lengthnumber s.t. m′ mod 2 = m mod 2, q random number
Dec(p, c) = (c mod p) mod 2
c mod p = m′ noise associated to c
m′ ∈ (−p2 ,
p2 )
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Operations
Add(c1, c2) = c1 + c2, Sub(c1, c2) = c1 − c2,Mult(c1, c2) = c1c2
Mult(c1, c2) = m′1m
′2 + pq′ with m′
i noise associated to ci ,i = 1, 2
f +(c1, c2, ..., ct) = f +(m′1,m
′2, ...,m
′t) + pq with m′
i noiseassociated to ci , i = 1, 2, ..., t
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Operations
Add(c1, c2) = c1 + c2, Sub(c1, c2) = c1 − c2,Mult(c1, c2) = c1c2
Mult(c1, c2) = m′1m
′2 + pq′ with m′
i noise associated to ci ,i = 1, 2
f +(c1, c2, ..., ct) = f +(m′1,m
′2, ...,m
′t) + pq with m′
i noiseassociated to ci , i = 1, 2, ..., t
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Operations
Add(c1, c2) = c1 + c2, Sub(c1, c2) = c1 − c2,Mult(c1, c2) = c1c2
Mult(c1, c2) = m′1m
′2 + pq′ with m′
i noise associated to ci ,i = 1, 2
f +(c1, c2, ..., ct) = f +(m′1,m
′2, ...,m
′t) + pq with m′
i noiseassociated to ci , i = 1, 2, ..., t
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Operations
Add(c1, c2) = c1 + c2, Sub(c1, c2) = c1 − c2,Mult(c1, c2) = c1c2
Mult(c1, c2) = m′1m
′2 + pq′ with m′
i noise associated to ci ,i = 1, 2
f +(c1, c2, ..., ct) = f +(m′1,m
′2, ...,m
′t) + pq with m′
i noiseassociated to ci , i = 1, 2, ..., t
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Operations
Add(c1, c2) = c1 + c2, Sub(c1, c2) = c1 − c2,Mult(c1, c2) = c1c2
Mult(c1, c2) = m′1m
′2 + pq′ with m′
i noise associated to ci ,i = 1, 2
f +(c1, c2, ..., ct) = f +(m′1,m
′2, ...,m
′t) + pq with m′
i noiseassociated to ci , i = 1, 2, ..., t
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Operations
Add(c1, c2) = c1 + c2, Sub(c1, c2) = c1 − c2,Mult(c1, c2) = c1c2
Mult(c1, c2) = m′1m
′2 + pq′ with m′
i noise associated to ci ,i = 1, 2
f +(c1, c2, ..., ct) = f +(m′1,m
′2, ...,m
′t) + pq with m′
i noiseassociated to ci , i = 1, 2, ..., t
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Somewhat Homomorphic Encryption Scheme(Asymmetric)
KeyGen(n) = (pk, sk)
sk = p
pk list of encryptions of 0
Enc(pk ,m) = m +∑
pki∈I pki with I random subset
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Somewhat Homomorphic Encryption Scheme(Asymmetric)
KeyGen(n) = (pk, sk)
sk = p
pk list of encryptions of 0
Enc(pk ,m) = m +∑
pki∈I pki with I random subset
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Somewhat Homomorphic Encryption Scheme(Asymmetric)
KeyGen(n) = (pk, sk)
sk = p
pk list of encryptions of 0
Enc(pk ,m) = m +∑
pki∈I pki with I random subset
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Somewhat Homomorphic Encryption Scheme(Asymmetric)
KeyGen(n) = (pk, sk)
sk = p
pk list of encryptions of 0
Enc(pk ,m) = m +∑
pki∈I pki with I random subset
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Noise
the noise becomes too large (|f +(m′1, ...,m
′t)| >
p2 )
decryption removes noise
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Noise
the noise becomes too large (|f +(m′1, ...,m
′t)| >
p2 )
decryption removes noise
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Solution
bootstrappable
circular-secure
F = {Dec ,DecAdd,DecSub,DecMult}c1 = Enc(pk,m)
sk = Enc(pk, ski )
Recrypt(pk,Dec , sk , c1)
c1 = Enc(pk , c1i )c = Eval(pk ,Dec , sk , c1)
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Solution
bootstrappable
circular-secure
F = {Dec ,DecAdd,DecSub,DecMult}c1 = Enc(pk,m)
sk = Enc(pk, ski )
Recrypt(pk,Dec , sk , c1)
c1 = Enc(pk , c1i )c = Eval(pk ,Dec , sk , c1)
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Solution
F = {Dec ,DecAdd,DecSub,DecMult}
c1 = Enc(pk,m)
sk = Enc(pk, ski )
Recrypt(pk,Dec , sk , c1)
c1 = Enc(pk , c1i )c = Eval(pk ,Dec , sk , c1)
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Solution
F = {Dec ,DecAdd,DecSub,DecMult}c1 = Enc(pk,m)
sk = Enc(pk, ski )
Recrypt(pk,Dec , sk , c1)
c1 = Enc(pk , c1i )c = Eval(pk ,Dec , sk , c1)
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Solution
F = {Dec ,DecAdd,DecSub,DecMult}c1 = Enc(pk,m)
sk = Enc(pk, ski )
Recrypt(pk,Dec , sk , c1)
c1 = Enc(pk , c1i )c = Eval(pk ,Dec , sk , c1)
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Solution
F = {Dec ,DecAdd,DecSub,DecMult}c1 = Enc(pk,m)
sk = Enc(pk, ski )
Recrypt(pk,Dec , sk , c1)
c1 = Enc(pk , c1i )c = Eval(pk ,Dec , sk , c1)
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Operations
c1 = Enc(pk,m1), c2 = Enc(pk,m2)
c1 = Enc(pk, c1i ), c2 = Enc(pk , c2i )
c = Eval(pk,DecAdd, sk , c1, c2)
c = Enc(pk, (m1 + m2) mod 2)
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Operations
c1 = Enc(pk,m1), c2 = Enc(pk,m2)
c1 = Enc(pk, c1i ), c2 = Enc(pk , c2i )
c = Eval(pk,DecAdd, sk , c1, c2)
c = Enc(pk, (m1 + m2) mod 2)
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Operations
c1 = Enc(pk,m1), c2 = Enc(pk,m2)
c1 = Enc(pk, c1i ), c2 = Enc(pk , c2i )
c = Eval(pk,DecAdd, sk , c1, c2)
c = Enc(pk, (m1 + m2) mod 2)
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Operations
c1 = Enc(pk,m1), c2 = Enc(pk,m2)
c1 = Enc(pk, c1i ), c2 = Enc(pk , c2i )
c = Eval(pk,DecAdd, sk , c1, c2)
c = Enc(pk, (m1 + m2) mod 2)
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Fully Homomorphic Encryption Scheme
express f as circuit
arrange its gates into levels
evaluate the levels sequentially
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Fully Homomorphic Encryption Scheme
express f as circuit
arrange its gates into levels
evaluate the levels sequentially
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Fully Homomorphic Encryption Scheme
express f as circuit
arrange its gates into levels
evaluate the levels sequentially
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
But . . .
the noise of Dec is � p2
Dec(p, c) = (c mod p) mod 2 = (c − b cp e) mod 2 ⇔LSB(c) XOR LSB(b cp e)b cp e
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
But . . .
the noise of Dec is � p2
Dec(p, c) = (c mod p) mod 2 = (c − b cp e) mod 2 ⇔LSB(c) XOR LSB(b cp e)b cp e
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
But . . .
the noise of Dec is � p2
Dec(p, c) = (c mod p) mod 2 = (c − b cp e) mod 2 ⇔LSB(c) XOR LSB(b cp e)b cp e
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
But . . .
the noise of Dec is � p2
Dec(p, c) = (c mod p) mod 2 = (c − b cp e) mod 2 ⇔LSB(c) XOR LSB(b cp e)b cp e
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
But . . .
the noise of Dec is � p2
Dec(p, c) = (c mod p) mod 2 = (c − b cp e) mod 2 ⇔LSB(c) XOR LSB(b cp e)b cp e
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Hint
make the decryption function simpler
include a hint about the secret integer p
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Hint
KeyGen with parameters α, β
(pk, sk) with sk = p
Y = {y1, ..., yβ}, yi ∈ Q s.t. ∃J ⊂ {1, ..., β} with∑j∈J yj = 1
p mod 2 and | J |= α
x ∈ {0, 1}β with Hamming weight α
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Hint
KeyGen with parameters α, β
(pk, sk) with sk = p
Y = {y1, ..., yβ}, yi ∈ Q s.t. ∃J ⊂ {1, ..., β} with∑j∈J yj = 1
p mod 2 and | J |= α
x ∈ {0, 1}β with Hamming weight α
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Hint
KeyGen with parameters α, β
(pk, sk) with sk = p
Y = {y1, ..., yβ}, yi ∈ Q s.t. ∃J ⊂ {1, ..., β} with∑j∈J yj = 1
p mod 2 and | J |= α
x ∈ {0, 1}β with Hamming weight α
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Hint
KeyGen with parameters α, β
(pk, sk) with sk = p
Y = {y1, ..., yβ}, yi ∈ Q s.t. ∃J ⊂ {1, ..., β} with∑j∈J yj = 1
p mod 2 and | J |= α
x ∈ {0, 1}β with Hamming weight α
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Hint
KeyGen with parameters α, β
(pk, sk) with sk = p
Y = {y1, ..., yβ}, yi ∈ Q s.t. ∃J ⊂ {1, ..., β} with∑j∈J yj = 1
p mod 2 and | J |= α
x ∈ {0, 1}β with Hamming weight α
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Hint
Encrypt(pk,m) = m
z s.t. zi = cyi mod 2, i ∈ {1, ..., β}
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Hint
Dec(x , z , c) = LSB(c)XOR LSB(b∑
xizie)∑xizi =
∑cxiyi = c
p mod 2
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Hint
Dec(x , z , c) = LSB(c)XOR LSB(b∑
xizie)∑xizi =
∑cxiyi = c
p mod 2
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Hint
Dec(x , z , c) = LSB(c)XOR LSB(b∑
xizie)∑xizi =
∑cxiyi = c
p mod 2
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Hint
replace multiplication by summation
if α is small enough, the noise is small enough
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Table of Contents
1 Crypto 101
2 How-to Fully Homomorphic Encryption
3 CryptDBIntroCryptDB
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Intro
Database-backed Application
AS DBMS
PLAINTEXT
QUERY
RESULT
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Intro
Threats
AS DBMS
PLAINTEXT
QUERY
RESULT
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Intro
Threats
AS DBMS
PLAINTEXT
QUERY
RESULT
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Intro
Key Ideas
SQL-aware encryption strategy
adjustable query-based encryption
chaining encryption keys to user passwords
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
Intro
Architecture
AS DBMSPROXY
QUERY
QUERY
RESPONSERESULT
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
CryptDB
SQL-aware Encryption
DATA
ONION EQ
DATA
ONION SEARCH
DATA
ONION ORD
DATA
ONION ADD
Random (RND)
Homomorphic encryption (HOM)
Word search (SEARCH)
Deterministic (DET)
Join (JOIN and OPE-JOIN)
Order-preserving encryption (OPE)
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
CryptDB
Adjustable Query-based Encryption
DATA
ONION EQ
DATA
ONION SEARCH
DATA
ONION ORD
DATA
ONION ADD
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
CryptDB
Adjustable Query-based Encryption
DATA
ONION EQ
DATA
JOIN
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
CryptDB
Query Execution
AS PROXY
QUERY
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
CryptDB
Query Execution
PROXY
QUERY QUERY
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
CryptDB
Query Execution
PROXY DBMS
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
CryptDB
Query Execution
AS DBMSPROXY
QUERY
RESPONSE
RESULT
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
CryptDB
Access Policy
principal
annotations
delegation rules
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
CryptDB
Key Chaining
BOB
SYMSYM
SYM SYM
ALICE
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
CryptDB
Key Chaining
SYM
SYM
ALICE
BOB
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
CryptDB
Security
sensitive data
revealed information
compromise
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
CryptDB
Further Reading I
Buchmann, J.Einfuhrung in die Kryptographie
Katz, J., Lindell, Y.Introduction to Modern Cryptgraphy
Beutelspacher A., Schwenk, J., Wolfenstetter, K.-D.Moderne Verfahren der Kryptographie
Petrlic, R., Sorge C.Datenschutz. Einfuhrung in technischen Datenschutz,Datenschutzrecht und angewandte Kryptographie
I Illustrations in section Crypto 101 based on descriptions in theworks listed above.
Carine Dengler
Crypto 101 Fully Homomorphic Encryption CryptDB
CryptDB
Further Reading II
Gentry, C.Computing Arbitrary Functions of Encrypted DataIllustrations in section Fully Homomorphic Encryption basedon descriptions in this work.
Popa, R. A., Redfield, C. M. S., Zeldovich, N., Balakrishnan,H.CryptDB: Protecting Confidentiality with Encrypted QueryProcessingIllustrations in section CryptDB based on descriptions andillustrations in this work.
Carine Dengler