I. J.

Computer Network and Information Security, 2017, 5, 44-51

Published Online May 2017 in MECS (http://www.mecs-press.org/)
DOI: 10.5815/ijcnis.2017.05.06

Homomorphic Cryptosystem
Alisha Rohilla
Department of Computer Science and Engineering & Information Technology, the NorthCap University Gurugram,
122002, India
E-mail: alisha15csp001@ncuindia.edu

Mehak Khurana and Meena Kumari

Department of Computer Science and Engineering & Information Technology, the NorthCap University Gurugram,
122002, India
E-mail: mehakkhurana@ncuindia.edu , drmeenakumari@yahoo.in

Abstract—In 2009 Craig Gentry proved that Fully F . =[ ]=[ ]. [ ]

Homomorphic Encryption can be applied and realized in
principle. Homomorphism allowed us to perform = (2)
arbitrary computations and calculations on encrypted
data. With RSA being the first cryptosystem to hold The above expression shows that F preserves
homomorphic properties, there came other additive and multiplicative homomorphism.
multiplicative cryptosystems. However, fully
Homomorphic encryption proved to be the ultimate
cryptographic solution to ensure security of data on cloud.
It enables processing and computing arbitrary functions
over the encrypted data thereby reducing the probability
of accessing the plain text.

Index Terms—Homomorphism, Additive/Multiplicative

Homomorphism, Somewhat Homomorphic encryption,
Fully Homomorphic encryption.

Fig.1. Homomorphic Property

I. INTRODUCTION
Taking an Example, this explains the additive and
Homomorphic encryption ―Fig .1,‖ works on the
multiplicative homomorphism.
concept of encrypting cipher text based on specific types
of calculations and computations and generates an Example 1:
encrypted output which on decryption gives the result of
Consider a set of natural numbers with addition
calculations performed on the plaintext. [5]
operation.
Fully homomorphic encryption is a kind of ring
homomorphism. Ring Homomorphism preserves the ring
structure. We know real numbers are rings. Also the set
of all 2×2 matrices is also a ring (under two matrix
Any function which preserves addition
operations - addition and multiplication). If we define a
homomorphism should follow property stated in equation
function, f, between these rings as follows:
(1)

=[ ]

Where is a real number, then is a homomorphism Now using the equation (1), can be
of rings, written as

=[ ]=[ ]+[ ]
= (1)
Example 2:
The above expression shows that preserves additive Consider a set of natural numbers with
homomorphism. multiplication operation.

Copyright © 2017 MECS I.J. Computer Network and Information Security, 2017, 5, 44-51
 Homomorphic Cryptosystem 45

Encryption
With Public key Bob follows the following
Any function which preserves multiplication
steps to encrypt plain text.
homomorphism should have the property stated in
Chooses a random , calculates
equation (2)
(6)
}
Calculates a shared secret
Now using the equation (2), can be written
as (7)

Converts his secret message , into and

calculates
II. HOMOMORPHIC ENCRYPTION TECHNIQUES (8)
There are many homomorphic encryption techniques
which are explained below. Sends the following cipher text to Alice.
A. Multiplicative Homomorphic Encryption (9)
1) RSA: If the RSA public key is modulus and
exponent g, then the encryption of a message M is Equation (9) becomes the cipher text to be sent to
given by[14][16] Alice.
Although if one knows he can easily find .
(3) Consequently, in order to improve security a new , is
generated for every message. Therefore is also called
The homomorphic property unpadded RSA holds is: an ephemeral key.
Decryption

(4) To decrypt cipher text pair obtained in

equation (9) with her private key ,
Thus if we consider two plaintext messages M1 and M2, Alice computes the shared secret and calculates
multiply them and then encrypt the result using RSA, we
get a cipher text.
The multiplicative property says that you can also (10)
encrypt each plaintext individually and then multiply the
two corresponding cipher texts together and you can Homomorphic Property
obtain exactly the same result.
However, for security reasons RSA has to add padding ELGAMAL encryption scheme is a homomorphic
bits to a plain text message before encrypting it. This scheme. This can be proved using example (3).
padding of the message results is losing the Let us consider example with two encryptions
homomorphic property. [1] Also, RSA is only Partially Example 3:
Homomorphic since the additive property does not apply.
Thus, it can be said that RSA is not . (
[15]

2) ELGAMAL Cryptosystem: It is defined over Where are randomly chosen from

acyclic group G, this encryption scheme consists of and , one can compute
following three sections, first is encryption,
decryption and key generation. =
Key Generation ( )
( ) (11)
There exists a cyclic group G of order d with generator
g
Alice randomly selects x such that x ϵ {1,…..,d−1} B. XOR Homomorphic Encryption
3) Goldwasser–Micali Encryption Scheme: A
Calculate (5)
probabilistic public-key encryption algorithm, the
GM Encryption scheme has proven to be secure
Public Key:
under standard cryptographic assumptions. [3]
Private Key:

Copyright © 2017 MECS I.J. Computer Network and Information Security, 2017, 5, 44-51
46 Homomorphic Cryptosystem

It is the first semantically secure encryption scheme Encryption

under the assumption that solving the quadratic residues
To encrypt 3-bit message .
problem is hard [4]. However, in GM encryption scheme
Choose
cipher texts may be several times larger than the initial
Compute
plaintext. This is because this scheme encrypts each bit
of information and the length (size) of the resultant
cipher text is equal to the length of the composite number
used in the scheme. Therefore it is not an efficient
cryptosystem.
It consists of following three sections:
Ciphertext is
Key Generation
Decryption
Choose two distinct random prime numbers and of
similar bit-length. To decrypt Cipher text (24, 54, 25)
Calculate Compute
Find a non-residue such that

,
(12)

This shows that is quadratic residue and and

are quadratic non-residue and thus the resultant plaintext
Encryption is

To encrypt plain text with public key , Homomorphic Property

Bo first encodes as a string of bits If are the encryptions of bits
Then will be an encryption of
For every bit , Bob generates a random value , ⨁
such that, . Let us consider
Calculate

(13)

Decryption We have

Alice receives ( as cipher text from

equation (13). (15)
For each , if is a quadratic residue, else
Analyzing equation (15),
Therefore message When is either 0 or 1, we have

(14) .

Goldwasser–Micali Encryption Scheme can be When , and

illustrated using example (4). is a quadratic residue and thus it is an
Example 4: encryption of 0. In this case also we have

Key Generation
Let
Where C. Additive Homomorphic Encryption
Thus,
Let , where 1) Paillier Encryption Scheme: Paillier Cryptosystem
is a probabilistic asymmetric key encryption
scheme which uses different pairs of public and
private key to encrypt and decrypt any plaintext.
Public Key: Paillier cryptosystem depends on a random element
Private Key: for encryption per message bit.
Key Generation

Copyright © 2017 MECS I.J. Computer Network and Information Security, 2017, 5, 44-51
 Homomorphic Cryptosystem 47

Choose two large prime numbers and at random Encryption

such that
Plaintext,
r=
Cipher text
Calculate
=

Calculate
Decryption
(16)
( )
Select generator , such that ,

Calculate
Homomorphic Property
,
Paillier Cryptosystem holds the property of additive
where . homomorphism.
This function is only used on input values u that The product of two ciphers gives the sum of their
actually satisfy u = 1 mod n [6]. corresponding plaintexts on decryption.

Public Key: ( )
Private Key: (20)
Encryption
Plaintext, where III. FULLY HOMOMORPHIC ENCRYPTION
Select random where Let (P,C,K,E,D) be an encryption scheme where [2][11]
Compute cipher text as:
P: Plaintext
(18) C: Ciphertext
Decryption K: Keyspace
E: Encryption Algorithm
As implied from equation (18), D: Decryption Algorithm.
Cipher text
Compute message: Assume that the plaintexts form a ring
and the ciphertexts form a ring
(19) the encryption algorithm is a map from
the ring to , i.e. ,
Paillier Encryption Scheme can be illustrated using the
following example (5). ,
Example 5:
where is either a secret key or a public key .
Key Generation For all and in and k in , if
Let
(21)

(22)

then the encryption scheme is fully homomorphic.

Choose a random, A. Classification of Fully Homomorphic Encryption
Let us begin with a space plaintext space,
and a family of functions from tuples of plaintexts to ,
expressed as a Boolean circuit on its inputs, referred by .
Public Key: [7]
Private Key: Input tuple ( ) denotes the plain text.

Copyright © 2017 MECS I.J. Computer Network and Information Security, 2017, 5, 44-51
48 Homomorphic Cryptosystem

The classification of fully homomorphic encryption is in equation (24) can be considered an image of
depicted in Fig. 2. Corresponding definitions and evaluation.
explanation about each classification can be found in the
a) Strict Decryption
following subheadings.
1) – Evaluation Policy Any –evaluation policy (
is said to correctly decrypt if for all ,
Let be a set of circuits. A –evaluation policy for
is a tuple of probabilistic polynomial–time algorithms
such that: [ ] , (25)

The key generation algorithm , takes Where and are outputs of .

two inputs, security parameter and an auxiliary input , This means that we must be able to decrypt a cipher
and outputs a key triplet where denotes the text to the correct plaintext, without any error. [8]
public encryption key used for encryption, denotes the b) Strict Evaluation
secret key used for decryption and denotes the
evaluation key used for evaluation. Any –evaluation policy
The encryption algorithm, takes a is said to correctly evaluate all circuits in if for all
plaintext and the public encryption key and as inputs where for every ,
and outputs a cipher text . and some negligible function , it satisfies equation (26).
The evaluation algorithm, , takes a
circuit , the evaluation key and a tuple of inputs [ ( ) ]
that can be a mix of ciphertexts and previous evaluation (26)
results as inputs and generates an evaluation output.
The decryption algorithm, , accepts the secret Where are outputs of
key and either a ciphertext or an evaluation output and This means that decryption of the homomorphic
produces a plaintext evaluation of an allowed circuit yields the correct result.
Assuming the following convention, [7][12,Def 3.3]
Thus, it can be said that a - evaluation scheme is
denotes the ciphertext space correct if it has the properties of both correct evaluation
denotes the space of evaluation outputs, and and correct decryption.
is the union of both X and Y. Consequently the encryption scheme is Somewhat
contains arbitrary length tuples made up of Homomorphic.
elements in Z. 2) Somewhat Homomorphic Encryption

The key spaces are denoted by and , Any –evaluation policy (

respectively for and . that holds a correct and valid decryption as well as an
The public key contains a description of the plaintext evaluation is called Somewhat Homomorphic Encryption
and ciphertext spaces. Scheme (SHE).
is the set of permissible circuits, i.e. all the allowed This level of homomorphic encryption doesn‘t require
circuits which the evaluation policy can evaluate. Compactness, and as a result the size of the cipher text
The domain and range of the algorithms are given by can substantially increase with each homomorphic
operation. Also, while making the set of permissible
KeyGen: circuits, C, there is no requirement to mention which
Encr: circuits this must include.
Decr: Secret Key Somewhat Homomorphic Encryption
Eval:
: From some interval [ ], choose an
odd integer which acts as a secret key for encryption.
where and is an auxiliary space.
Formally, : In order to encrypt plain text bit,
:
| [ ] , (23) Choose an integer whose residue has the same
parity as the plaintext and set the cipher text as this
in equation (23) can be considered an image of integer.
encryption. Namely, set
And
; (27)
| [ ]
, (24) Where and are chosen randomly in some other
intervals, such that is greater than in absolute
value.

Copyright © 2017 MECS I.J. Computer Network and Information Security, 2017, 5, 44-51
 Homomorphic Cryptosystem 49

: Given a cipher text and the secret

key , output

( ) And
(28)
=
Example 6:
Suppose p ; bit to encrypt ,
Then ,
where
Now to decrypt it back to m, However, it has been seen that while using the fully
homomorphic property to evaluate a Boolean function
where , given , the
encryption of , for
As the number of the additions and multiplications in
the Boolean function grow so does the size of the noise
Property of Fully Homomorphic Encryption component in the resultant cipher text. Consequently
Suppose we have two cipher texts, the size of the noise component is proportional to the
number of operations.
And hence only low-degree Boolean functions
(circuits) can be evaluated over encrypted data.
This is the reason this scheme is termed Somewhat
Homomorphic.
a) Compactness

Then A Somewhat Homomorphic Scheme (SHE) is said to

be compact if there exists a polynomial q = q(λ) , such
( ) that for any key-triplet generated by
(29) , any circuit and all cipher texts
, the size of the output from Eval (e,C, c1,….., cn)
is at most q(λ) bits long (regardless of the number of
inputs or C).
(30) According to Craig Gentry, if in addition the run time
of the decryption circuit depends only on λ nd not on
When any of its inputs, the scheme is said to compactly
evaluate C. (Gentry, 2014)
However it was observed [8] that any – evaluation
policy compactly evaluates
all circuits in if the scheme is compact and correct.
Thus we have, This implies that the cipher text size doesn‘t grow
much during homomorphic operations and the output
(31) size depends on the security parameter, λ, only.
b) Circuit Privacy
(32)
Any – evaluation policy
is said to be perfectly/statistically/computationally circuit
Example 7: private if for any key-triple output by ,
Let for all circuits C C and all , such that
the two distributions on

And

Now, (34)

both taken over the randomness of each algorithm, are

=( ) perfectly, statistically or computationally
indistinguishable, respectively.[8]

Copyright © 2017 MECS I.J. Computer Network and Information Security, 2017, 5, 44-51
50 Homomorphic Cryptosystem

3) Levelled Homomorphic Encryption

A – Evaluation
is said to be ―levelled homomorphic‖ if its key
generation algorithm, KeyGen, accepts an auxiliary input
which clearly identifies the maximum depth (size)
of circuits that can be evaluated. Also the encryption
should be correct, compact and the length of evaluation
output should not depend on depth, of the circuit. ([7],
Def. 3.6)

4) Fully Levelled Homomorphic Encryption

A – Evaluation policy
is said to be ―fully levelled homomorphic‖ if the set is
the set of all binary circuits with depth atmost
Apparently, in Somewhat Homomorphic Encryption,
the depth of the circuit can vary depending on a
parameter. This means that the length of cipher text will
increase depending on the depth of the permissible
circuits. However, this is not the case with Levelled
Homomorphic Encryption in which the length of the
cipher text does not depend on the depth , of the circuit.
5) Fully Homomorphic Encryption
A fully homomorphic encryption scheme is a -
evaluation that is compact,
correct and where is the set of all circuits. ([7], Def. 3.5)[9]. Fig.2. Classification of Fully Homomorphic Encryption
is a condition in which the degree
of the evaluation polynomial that is to be applied on
cipher text exceeds the degree of the decryption
polynomial. Once the scheme becomes bootstrappable it IV. CONCLUSION
can be converted into a fully homomorphic encryption This paper provides its readers with the basic idea and
scheme by entering the encryption of the secret key bits mechanism involved in the recently evolved
inside the public key. [10]. According to Gentry, a homomorphic and fully homomorphic encryption
somewhat encryption scheme can be converted into fully schemes.
homomorphic encryption using boot strapping [12] Using homomorphic encryption to secure data
Given a homomorphic scheme, we can prevents plain text from being exposed. Thus,
homomorphically compute any function. Theoretically homomorphic encryption has given a new dimension to
we can: [13] cloud storage and security. There are various
homomorphic cryptosystems available and now there is a
 Encrypt the encrypted data with a new key need to develop Fully Homomorphic cryptosystems
 Encrypt the old key with the new one which meet all the criteria of being compact, correct and
 Evaluate the decryption procedure applicable on all functions/circuits. With the advent of
homomorphically, thereby resulting in a cipher Fully Homomorphic Cryptosystem, the data has become
text encrypted with the second key. semantically secure.

B sed on Gentry‘s ppro ch, two different fully ACKNOWLEDGEMENT

homomorphic schemes re known: Gentry‘s scheme [11]
based on ideal lattices and a scheme by van Dijk, Gentry, I am highly indebted to Dr. Meena Kumari for not just
Halevi and Vaikuntanathan (DGHV) over the integers providing guidance and supervision but also for
which appeared at Eurocrypt 2010 [9]. providing encouragement and necessary information
while carrying out research on this topic. I would like to
express my gratitude towards Ms. Mehak Khurana for
her kind co-operation and guidance which helped me
accomplish this paper. My thanks and appreciations also
go to my colleagues in developing the research base and
people who have willingly helped me out with their
abilities.

Copyright © 2017 MECS I.J. Computer Network and Information Security, 2017, 5, 44-51
 Homomorphic Cryptosystem 51

for obtaining digital signatures and public-key

REFERENCES cryptosystems‖, Communic tions of the ACM,
21(2):120–126, 1978
[1] Xun Yi, Russell Paulet , Elisa Bertino, Homomorphic [15] D. Boneh, ―Twenty Ye rs of Att cks on the RSA
Encryption and Applications, Springer 2014 cryptosystem‖, Notices of the AMS, 46 2 :203–213,
[2] Gentry C., A Fully Homomorphic Encryption Scheme, 1999.
2009, Chapter 2, Available at [16] Meh k Khur n , Meen Kum ri, ―Security Primitives:
http://crypto.stanford.edu/craig Block nd Stre m Ciphers‖, Intern tion l Journ l of
[3] S. Goldwasser, S. Micali, Probabilistic encryption and Innovations & Advancement in Computer Science
how to play mental poker keeping secret all partial (IJIACS), ISSN 2347 – 8616, Vol. 4, March 2015.
information, in Proceedings of 14th Symposium on
Theory of Computing, 1982,pp. 365–377
[4] Kazue Sako, Goldwasser–Micali Encryption Scheme,
Encyclopaedia of Cryptography and Security, 2011
[5] Iram Ahmad and Archana Khandekar, Homomorphic Authors’ Profiles
Encryption Method Applied to Cloud Computing,
International Journal of Information & Computation Alisha Rohilla is a MTech student of
Technology,2014, pp. 1519-1530 Department of Computer Science and
[6] Pascal Paillier, Public-Key Cryptosystems Based on Engineering & Information Technology of
Composite Degree Residuosity Classes. Advances in The NorthCap University, Gurugram,
Cryptology - EUROCRYPT‘99, vol. 1592 of Lecture specialised under the huge umbrella of
Notes in Computer Science, pp. 223-238, 1999 Cyber Security. She completed her BTech
[7] Vaikuntanathan, Zvika Brakerski and Vinod, Efficient in Computer Science from Institute of
Fully Homomorphic Encryption, IEEE 52nd Annual Technology and Management, Gurgaon in
Symposium on Foundations of Computer Science, 2012 after which she worked with TATA Consultancy Services
FOCS 2011, IEEE, 2011, pg: 97-106 for 2.5 years as a System Engineer. Her area of interest are
[8] Frederik Armknecht, Colin Boyd, Christopher Carr, cryptography, cyber security, digital forensics, and identity and
Kristian Gj_steen, Angela Jaschke, Christian A. Reuter, access management.
and Martin Strand , A Guide to Fully Homomorphic
Encryption, 2015.
[9] M. van Dijk, C. Gentry, S. Halevi and V. Mehak Khurana is currently working as
Vaikuntanathan, Fully Homomorphic Encryption over assistant professor in The NorthCap
the Integers. In H. Gilbert (Ed.), EUROCRYPT 2010, University in CSE & IT and has around 6
LNCS, vol. 6110, Springer, 2010, pp. 24–43 years of experience. She completed her
[10] Jean-S´ebastien Coron, Avradip Mandal, David M.Tech from USIT, GGSIPU in 2011 and
Naccache , and Mehdi Tibouchi; Fully Homomorphic B.Tech from GTBIT, GGSIPU in 2009.
Encryption over the Integers with Shorter Public Keys. Her key areas of interest are Cryptography,
[11] Gentry, C. (2009). Fully Homomorphic Encryption Information Security and Cyber Security.
Using Ideal Lattices. In: Proceedings of the 41st She is lifetime member of Cryptology Research Society of
Annual ACM Symposium on Theory of Computing India (CRSI).
STOC‘09 , pp. 169-178, ACM Press, New York, NY,
USA.
[12] Zvika Brakerski, Craig Gentry, and Vinod Meena Kumari, has worked as a professor,
Vaikuntanathan. Fully homomorphic encryption Dept of CSE&IT at The NorthCap
without bootstrapping. Electronic Colloquium on University. She has also worked as
Computational Complexity (ECCC), 18:111, 2011. Scientist ‗G‘ t DRDO Defence Rese rch
[13] http://blog.quarkslab.com/a-brief-survey-of-fully- & Development Organization) and has 37
homomorphic-encryption-computing-on-encrypted- years of research experience in cryptology.
data.html
[14] R. L. Rivest., A. Sh mir, L. M. Adlem n ― A method

How to cite this paper: Alisha Rohilla, Mehak Khurana, Meena Kumari,"Homomorphic Cryptosystem", International
Journal of Computer Network and Information Security(IJCNIS), Vol.9, No.5, pp. 44-51, 2017.DOI:
10.5815/ijcnis.2017.05.06

Copyright © 2017 MECS I.J. Computer Network and Information Security, 2017, 5, 44-51