In [None]:
# Homomorphic encryption
# in simple words - a kind of encryption that allows to do computation over the ciphertexts
# note, that the operation over the ciphertexts may or may not be the same as over the plaintexts

In [None]:
# RSA
# E(m1)*E(m2) = m1^e*m2^e = (m1*m2)^e = E(m1*m2)

# setup
size = 20
p = random_prime(2**21, lbound = 2**20)
q = random_prime(2**21, lbound = 2**20)
N = p*q
e = 65537
dp = (1/e) % (p-1)
dq = (1/e) % (q-1)
d = CRT([dp,dq], [p-1,q-1])

R = Integers(N)

print ("Our RSA modulus is {}, the factors are {} and {}".format(N,p,q))
print ("Our public exponent is {} and our private exponent is {}\n".format(e,d))

# message generation
m1 = R.random_element()
m2 = R.random_element()

# encryption
c1 = m1^e
c2 = m2^e

# computation

c3 = c1 * c2

# decryption
m3 = c3^d

print ("We have chosen {} and {} as our plaintexts, the corresponding ciphertexts are {} and {}\n".format(m1,m2,c1,c2))

print ("The product of the plaintexts is {}, the decryption of the product of the ciphertexts is {}".format(m1*m2, m3))
print ("That these two are equal is: {}".format(m3==m1*m2))

Our RSA modulus is 2422161987647, the factors are 1324681 and 1828487
Our public exponent is 65537 and our private exponent is 60298032233

We have chosen 577760427878 and 1768519523233 as our plaintexts, the corresponding ciphertexts are 770081663997 and 1634756781984

The product of the plaintexts is 2080817990534, the decryption of the product of the ciphertexts is 2080817990534
That these two are equal is: True


In [None]:
# Caesar cipher
# E(m1)||E(m2) = E(m1||m2)
# Actually works for ciphers in ECB mode, if you concatenate with respect to block size

# meaning the rotation of the alphabet
key = 9

m1 = "river" 
m2 = "arena"

print ("Our secret alphabet shift will be by {}, our plaintexts will be {} and {}".format(key,m1,m2))


c1 = "".join([chr((ord(c)-97 + key) % 26 + 97) for c in m1])
c2 = "".join([chr((ord(c)-97 + key) % 26 + 97) for c in m2])

print ("The corresponding ciphertexts are {} and {}".format(c1,c2))

c3 = "".join([chr((ord(c)-97 + key) % 26 + 97) for c in m1+m2])

print ("Their concatenation is {}".format(c1+c2))
print ("The encryption of the concatenation of the ciphertexts is {}".format(c3))
print ("Are these two the same? ({})".format(c1+c2==c3))

Our secret alphabet shift will be by 9, our plaintexts will be river and arena
The corresponding ciphertexts are river and arena
Their concatenation is arenajanwj
The encryption of the concatenation of the ciphertexts is arenajanwj
Are these two the same? (True)


In [None]:
# Pailier scheme
# E(m1)*E(m2) = (g^m1*r_1^n)*(g^m2*r_2^n) = g^(m1+m2) (r_1*r_2)^n = E(m1+m2)
# See, that the operation on plaintexts, and the corresponding operation on ciphertexts do not need to be equal


# setup
# we are using primes of the same size - setup is a bit easier
size = 20
p = random_prime(2**21, lbound = 2**20)
q = random_prime(2**21, lbound = 2**20)
l = lcm(p-1,q-1)
N = p*q

R = Integers(N^2)

g = R(N+1)

up = (1/l) % p
uq = (1/l) % q
u = CRT([up,uq], [p,q])

# choosing plaintexts
m1 = R(randint(1,N-1))
m2 = R(randint(1,N-1))

# choosing random "noise"
r1 = R(randint(1,N-1))
while gcd(r1,N)>1:
    r1 = R(randint(1,N-1))

r2 = R(randint(1,N-1))
while gcd(r2,N)>1:
    r2 = R(randint(1,N-1))

# encryption    
c1 = g^m1 * r1^N
c2 = g^m2 * r2^N

# computation
m3 = (m1 + m2) %N
c3 = c1*c2

# decryption
c = ZZ(c3)
l = ZZ(l)
u = ZZ(u)

t = ZZ(pow(c3,l,N^2))
dec = ((t-1)/N * u)%N

print ("We have chose our plaintexts to be {} and {}, their sum modulo N is {}".format(m1,m2,m3))
print ("We have computed the correspondning ciphertexts to be {} and {}, their product modulo N^2 is {}".format(c1,c2,c3))
print ("The decrypted product gives {}. Is it the same as the sum of the plaintexts: {}".format(dec, dec==m3))


We have chose our plaintexts to be 1494599460061 and 1946860094245, their sum modulo N is 713771782333
We have computed the correspondning ciphertexts to be 2630221854169506041968538 and 7244991171959294911631346, their product modulo N^2 is 4878774583414941475838989
The decrypted product gives 713771782333. Is it the same as the sum of the plaintexts: True


In [None]:
# Now for the more interesting stuff: Fully Homomorphic Encryption (FHE)
# FHE means, that the arbitrary computation can be done on ciphertexts
# Needs just 2 operations: + and * 
# With these, arbitrary polynomial functions may be computed
# All functions over a finite field can be written in a polynomial form
# Computers are finite

# It was a longstanding open question whether this is even possible while maintaining security of cryptosystem
# In his seminal work Gentry provided a method, which most of current scheme follows
# https://crypto.stanford.edu/craig/craig-thesis.pdf

# Idea: Let us have an encryption method, which adds noise to the ciphertexts and is "homomorphic"
# (this gives so called Somewhat Homomorphic, or Leveled Homomorphic Encryption -- can evaluate circuits up to certain depth)
# If we decrypt, we rid ourselves of the noise, but we will remove the encryption
# We can however compose decryption and encryption into a "recryption" -- this function will be called on a too noisy ciphertext
# This will allow us to keep noise manageable (and is often called "bootstraping")

# if you want to play with some C++ library, you can try HElib https://github.com/homenc/HElib
# and/or you can take a look at wikipedia, and search for homomorphic encryption - there are links

In [None]:
import random
# "2nd generation scheme" -- over the integers (although, ther is a connection to lattices) for the ease of exposition
# more details can be found here: https://eprint.iacr.org/2009/616.pdf
# we will be able to encrypt just bits

#note that this is just "somewhat homomorphic scheme" we have no way how to get rid of noise

# setup
l = 10
# these parameters should depend on lambda in a specified way for security
# but these are just toy parameters...
rho = l
rho2= l
eta = l^2
gamma = l^5


tau = gamma + l


# key genereration

# need an odd number p of a given length
# this is a private key
p = randint(2^(eta-1),2^eta-1)
while p%2 == 0:
    p = randint(-2^l+1,2^l-1)

# and we need a list of integers sampled from a given distribution 
# (can be seen as "encryptions of 0")
# this is a public key

x_list = []
for i in range(tau):
    x_list.append(p*randint(0,floor(2^gamma/p))+randint(-2^rho+1,2^rho-1))
x_list = sorted(x_list)

if x_list[0]%2==0:
    x_list[0]+=1
#if (x_list[0]%p)%2 == 1:
#    print("problem")

#print(x_list)

# now, let us choose our mesagges
m1 = m2 = m3 = 0
m4 = m5 = m6 = 1

m_list = [m1, m2, m3, m4, m5, m6]
print(m_list[:3])
print(m_list[3::])

# to encrypt the messages choose a random subset from x_list and a random integer r
# c = m+2*r+2*sum(x_i for x_i in x_list if x_i in subset)

c_list = []

for i in range(len(m_list)):
    #note that the 1 here is completely arbitrary
    subset = random.sample(x_list,1)
    c = m_list[i]+2*randint(-2^rho2+1,2^rho2-1)#+2*sum(subset)
    c %= x_list[0]
    c_list.append(c)
    
print(c_list[5])

#print(c_list[:3])
#print(c_list[3::])

#this is (or should be) decryption
print ([((c % p) % 2) for c in c_list])

#should get 0
print ( (sum(c_list[:3])%p %2))
print ( (product(c_list[:3])%p %2))
#should get 1
print ( (sum(c_list[3::])%p %2))
print ( (product(c_list[3::])%p %2))    

print ([((c % p) % 2) for c in  [c_list[0]+c_list[3],c_list[1]+c_list[4],c_list[2]+c_list[5]] ])

ValueError: empty range for randrange() (0, -1834228958681090595554980279350784540877775474881302275904805007213081271773871230611410183179611039220444521370990381119038711414448475316229278665510723622033250149432688931911643391602339149951460649859855759109549676184061360360289342230575358623042233023631015625393540013732420865059985593478439398693115737248464017821944126129145372682676469250126647754950195572524431284321724278895569816087141463299384907985055527328509029875471692965889495164008881651454668556309386793237756344524915649786960300946011844843869543785836794229133697633096229398274420326505513632506652435749765309468385509819326654110421101252750419879281975715478819535039952193949191097468459495303417476800254432282294299575169017920919608375745307641075800261532323311527391943065228873338195537414941917542473528858703816513646865689626377755319942655109777989763729000513610349512520640992788229392371296677210378444221482097454573918206202107045594469472311636013576100642123923161571123967908986171606625933538132104353961907990145711614580352374095534190016926793753750760637967726386332313976811052975005757237156091003580701223704549107169854187948628272168547842749087675970989971281468713451391063324329167014335740299419250785317098495458914765008739136755092156068529117807406631722923156469452886524037334131682733667038543611708524735090703316851500159018464845557086693101049484919707996701263811007100396199262767194778124774779595520849449592396867198197131789080838864988310637404014381963913644857174220275873726434613731740906629534526940382779261104369952368102184676438613996173976760582509606107379650476305732976535574635275816521708478163412680168931847986912052578645831459952707605610959578183575257558960818135774710053168998451875076609888383924076313456148919152728692547919293679009238561629031118357011104089250924393098582064092187053662460887267803320247012360063176581671186585624569788089038668928051512590572013032293826330492498812025871893859549218782102304026218745225854399419177208048230626060977959431740392364735540088257701739319399541291803826643010991916485858666052900811761932555315374759998459129227321384624942699735301437543871769615243748369935962370673885442004725304213760917977771717325144646742205531459495939648312195928926365042750844650594567096575695620820073921004512285318760230673792027343749259302424663579154812768667673239853597636648862733892790759178797585435267545033732185817243701571596233260822128522760969133073619809593254259058577359693304210652516150114302132264461966924011020840640835579095580282588729696620944237733459213326375741858921778363788206104059989013679398972423078757423818175388039604608614306969665282943672034710901365090855992174157639288515818131537759257015032305932536569436107063218172445528539434838728450135912483621262493144882831324300362378131927224182122927163226932124591445757229762354246368566207210932544042813720396685089691841740047234376721401388635217017113608740350535791831548751822996297901582568680752166293530888107472503378005389860529626597183642158594470368820401038240475134324165807823332483740030451169454921109139057310809151200970262129371297493835597508531383993367762437669259676236984503063752270967702429239865896172866151312326484665256652389113774872808551484289279662592216840051544573188557644654182697287280880152280091168696500432103723584958491158331144269701860752220057259179761971635336351765094088709419779348286238190797963883442742645189186250571777719643633793212343803302132840263565005725969081489513473089687660869494472344304836899841246272906627078072046029654615642798418446424803063660948954429461697145769645750243769076522298539583100188374204166463125316246335337989749011515542954377795486161616638198790124916555637089855918173811911524529752693407445469211327526353244138038290429414063240767382685679269407290329962767287025066014811447975743781709147142591119737067344277064568457423573943921857881306560365769613945393039930793151819810537376547580438233754040992702693648935604295749495846505336571365370397949464143292940475217600671530247067326171236581033987702448278928794850535530282708500190289732148086471196796589128803116256347137776148428262618041976530818652988441540901565042917871394141373305852745952756766920674636853844300502408404436565119059939466324491268374419277829524909073679609205528947115939693934107489396729733982730914022909234597554668413162360294832976281400940142373413985815615674447931710409572602800912712604275154127152371057894539607139523533168477093699572448912539285277611930759989654537790370654561705978772772916641137738130849364641727157334677307974327640542421805446581760755401238566946337000979802968343964470022015728233290383213502066053393446797710579930033013006839782031169858480430416481639179662458971843667366564449197169493234302207676286152534428297256406510833225792862345514119266757568713208854608237464011351438630849181118659698320033333322713553987168357614738622613136848006948514298440312517625545151788835042321501479805616912257119962434107476663839187921629222971335747752587400441263066997105848114849866068733072135946129838738196184419434830880087820240377687957984221125953263460171904890644660427623821405053181212868440916270360278594743270707744888184683103972054783914865648862331393497536977727280442290605525546079400200543457000543948444519790855612022864517925245652259561517449315738676494890804198144231005660175143576117004046480519769554476573037815307076944533196124292124991589296561094639511582096935285450619372461666137058198989209281483436176652869304071045098562649890182012005528800422100455465194422939275415662525113823862242782778751627170536893388345638554590743697723556101190801885690562718971959550384606644180511142267927962539279246378118193305938159312324711079944222127540079242034234019878380570112438885217550059600052087294039079150181577824776640923672381828729849512155291155712270257946424679264966612183894157747411300118904056928928619907233044586335909316421227232, -1834228958681090595554980279350784540877775474881302275904805007213081271773871230611410183179611039220444521370990381119038711414448475316229278665510723622033250149432688931911643391602339149951460649859855759109549676184061360360289342230575358623042233023631015625393540013732420865059985593478439398693115737248464017821944126129145372682676469250126647754950195572524431284321724278895569816087141463299384907985055527328509029875471692965889495164008881651454668556309386793237756344524915649786960300946011844843869543785836794229133697633096229398274420326505513632506652435749765309468385509819326654110421101252750419879281975715478819535039952193949191097468459495303417476800254432282294299575169017920919608375745307641075800261532323311527391943065228873338195537414941917542473528858703816513646865689626377755319942655109777989763729000513610349512520640992788229392371296677210378444221482097454573918206202107045594469472311636013576100642123923161571123967908986171606625933538132104353961907990145711614580352374095534190016926793753750760637967726386332313976811052975005757237156091003580701223704549107169854187948628272168547842749087675970989971281468713451391063324329167014335740299419250785317098495458914765008739136755092156068529117807406631722923156469452886524037334131682733667038543611708524735090703316851500159018464845557086693101049484919707996701263811007100396199262767194778124774779595520849449592396867198197131789080838864988310637404014381963913644857174220275873726434613731740906629534526940382779261104369952368102184676438613996173976760582509606107379650476305732976535574635275816521708478163412680168931847986912052578645831459952707605610959578183575257558960818135774710053168998451875076609888383924076313456148919152728692547919293679009238561629031118357011104089250924393098582064092187053662460887267803320247012360063176581671186585624569788089038668928051512590572013032293826330492498812025871893859549218782102304026218745225854399419177208048230626060977959431740392364735540088257701739319399541291803826643010991916485858666052900811761932555315374759998459129227321384624942699735301437543871769615243748369935962370673885442004725304213760917977771717325144646742205531459495939648312195928926365042750844650594567096575695620820073921004512285318760230673792027343749259302424663579154812768667673239853597636648862733892790759178797585435267545033732185817243701571596233260822128522760969133073619809593254259058577359693304210652516150114302132264461966924011020840640835579095580282588729696620944237733459213326375741858921778363788206104059989013679398972423078757423818175388039604608614306969665282943672034710901365090855992174157639288515818131537759257015032305932536569436107063218172445528539434838728450135912483621262493144882831324300362378131927224182122927163226932124591445757229762354246368566207210932544042813720396685089691841740047234376721401388635217017113608740350535791831548751822996297901582568680752166293530888107472503378005389860529626597183642158594470368820401038240475134324165807823332483740030451169454921109139057310809151200970262129371297493835597508531383993367762437669259676236984503063752270967702429239865896172866151312326484665256652389113774872808551484289279662592216840051544573188557644654182697287280880152280091168696500432103723584958491158331144269701860752220057259179761971635336351765094088709419779348286238190797963883442742645189186250571777719643633793212343803302132840263565005725969081489513473089687660869494472344304836899841246272906627078072046029654615642798418446424803063660948954429461697145769645750243769076522298539583100188374204166463125316246335337989749011515542954377795486161616638198790124916555637089855918173811911524529752693407445469211327526353244138038290429414063240767382685679269407290329962767287025066014811447975743781709147142591119737067344277064568457423573943921857881306560365769613945393039930793151819810537376547580438233754040992702693648935604295749495846505336571365370397949464143292940475217600671530247067326171236581033987702448278928794850535530282708500190289732148086471196796589128803116256347137776148428262618041976530818652988441540901565042917871394141373305852745952756766920674636853844300502408404436565119059939466324491268374419277829524909073679609205528947115939693934107489396729733982730914022909234597554668413162360294832976281400940142373413985815615674447931710409572602800912712604275154127152371057894539607139523533168477093699572448912539285277611930759989654537790370654561705978772772916641137738130849364641727157334677307974327640542421805446581760755401238566946337000979802968343964470022015728233290383213502066053393446797710579930033013006839782031169858480430416481639179662458971843667366564449197169493234302207676286152534428297256406510833225792862345514119266757568713208854608237464011351438630849181118659698320033333322713553987168357614738622613136848006948514298440312517625545151788835042321501479805616912257119962434107476663839187921629222971335747752587400441263066997105848114849866068733072135946129838738196184419434830880087820240377687957984221125953263460171904890644660427623821405053181212868440916270360278594743270707744888184683103972054783914865648862331393497536977727280442290605525546079400200543457000543948444519790855612022864517925245652259561517449315738676494890804198144231005660175143576117004046480519769554476573037815307076944533196124292124991589296561094639511582096935285450619372461666137058198989209281483436176652869304071045098562649890182012005528800422100455465194422939275415662525113823862242782778751627170536893388345638554590743697723556101190801885690562718971959550384606644180511142267927962539279246378118193305938159312324711079944222127540079242034234019878380570112438885217550059600052087294039079150181577824776640923672381828729849512155291155712270257946424679264966612183894157747411300118904056928928619907233044586335909316421227232)

In [None]:
# to make the scheme fully homomorphic, some changes must be made - public key must contain a "hint" about private key
# not so much to allow break, but enough, to allow a simpler decryption
# the idea is as follows: add 3 more parameters
# and we give some information about 1/p

In [None]:
# The lattice connection:
# the more efficient/successful FHE schemes are based on lattices
# the very first one too
# and the lattice attacks are the some of the most powerful attacks against these schemes
# for this scheme the security is based on "approximate gcd assumption"
# all ciphertexts are "almost" multiples of p
# uncover p -> break the scheme
# lattice attacks are the reason for high security parameters and thus the unwieldiness of these schemes