Shulou(Shulou.com)06/01 Report--

This article introduces the knowledge of "how to add homomorphic encryption support in Web applications". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

1. Overview of homomorphic encryption

Homomorphic encryption changes the rules of the game of privacy protection, allowing direct manipulation of encrypted data without first decrypting. This concept can be traced back to RSA encryption-RSA also has limited homomorphic encryption capabilities. However, homomorphic encryption has been limited to academia for a long time, and a large number of homomorphic encryption libraries did not emerge until the publication of Craig Gentry's paper in 2009.

There are already many homomorphic encryption libraries available. Here are some popular homomorphic encryption packages and the types of solutions they support. Of course, this list is incomplete:

Microsoft SEAL: BFV, CKKS (C++)

HElib: BGV (with GHS), CKKS (C++)

PALISADE: BFV, BGV, CKKS, FHEW (C++)

TFHE: Ring-variant of GSW (C++)

HEAAN: CKKS (with bootstrapping) (C++)

Finding the right homomorphic encryption package and solution type for your web' application requires a lot of research:

What is the difference between these different homomorphic encryption implementation codes?

What dependencies are required to install these homomorphic encryption kits?

How do I use homomorphic encryption libraries in my web applications?

What is the impact of an encryption scheme on performance?

What are the special requirements for data in this encryption scheme?

What is bootstrap? Why do I need this link?

Before you start designing a privacy application, there are some questions that need to be answered.

In this tutorial, let's start with Microsoft's SEAL, because the documentation of SEAL is very good.

2. Use Microsfot SEAL homomorphic encryption library

Let's first look at how to encrypt data. First you can encode an array (or vector in C++) into plain text in a specific format, and then encrypt the plain text into ciphertext. Homomorphism processing is carried out on ciphertext. To read the processing result, you need to decrypt it and then decode it.

The pseudo code for the above process is as follows:

Const arr = const plain = encode (arr) const cipher = encrypt (plain) / / Add the cipher to itself-element wiseevaluate.add (cipher, cipher) const decrypted = decrypt (cipher) const decoded = decode (decrypted) / / `decoded` contains

I've simplified the above code, but there are actually some necessary steps before that.

Here are some basic information about the SEAL homomorphic encryption library.

Third-party dependence

SEAL does not have a necessary third-party dependency. Optional dependencies include: zlib and Microsoft GSL

Supported scenario

BFV: manipulating signed / unsigned integers

CKKS: manipulating floating-point numbers

Basic differences and limitations

BFV: the data capacity of ciphertext is determined by encryption parameters, and the upper and lower bounds of each element in the array are also determined by parameters.

CKKS: each member of the array has a larger range of values, but the ciphertext capacity is halved compared to BFV. And CKKS can only do approximate calculation.

Bootstrapping allows unlimited homomorphic processing on encrypted data. Without bootstrapping, you can only perform a limited number of homomorphic processing (such as multiplication, etc.). Currently, the SEAL homomorphic encryption library does not support bootstrapping, but there are plans to add bootstrap support for CKKS solutions. Bootstrapping can have a great impact on performance, and in many cases you don't need to bootstrap when using homomorphic algorithms.

A homomorphic algorithm without bootstrap is called a hierarchical algorithm. The number of layers (that is, how many times you can perform homomorphic processing) is determined by the encryption parameters you choose.

3. Choose homomorphic encryption scheme

The first step is to choose an appropriate homomorphic encryption scheme for your application. Do you need integers or can you tolerate certain errors? You should use the BFV scheme when you need absolute precision. CKKS has its advantages, but it will introduce some errors during decryption-although the error can be reduced to an acceptable range by adjusting the parameters, it is difficult for beginners.

4. Select appropriate homomorphic encryption parameters.

Once you have chosen the homomorphic encryption scheme, you need to determine the parameters of the algorithm. This question should be the most difficult to answer, because it depends on many factors. In addition, there are more questions, such as:

How do I test which parameters are valid?

Is there still room for optimization?

Do you need to build a new test application for each set of parameters?

Here is our practical methodology for homomorphic encryption:

Choose homomorphic encryption: I think BFV is easier to buy than CKKS. At least when the decryption result is incorrect, you can immediately judge that there is a problem.

Start with the 128bit encryption level: although there are higher options, the cost is reduced homomorphic encryption operations-as long as it works: start with a medium-level PolyModulusDegree (4096) and then gradually increase until it cannot be decrypted successfully. Then the reverse is gradually reduced to the point that it cannot be decrypted successfully. Get the upper and lower bounds in this way.

Fine tuning: modify the number of bits of CoeffModulus, using analog-to-digital conversion or rescaling of CKKS.

5. Use Node-Seal to add homomorphic encryption support for web applications

As an alternative, I suggest you use quick experiments to find out the parameters that are suitable for your application. To this end, I developed an open source software, node-seal, to use the SEAL homomorphic encryption library in JavaScript. You can use this software to quickly write a JavaScript test application for parameter experiments. The kernel of node-seal, which uses webassembly and can be run in Node.js or modern browsers, already includes zlib support and does not require local compilation.

That's all for "how to add homomorphic encryption support to Web applications". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.