1

Using homomorphic encryption, I would like to be able to take an encrypted integer and either add 1 or -1 for a new encrypted value. I do not want the encrypted value to be recoverable - just the following:

  • $\varepsilon(x) = (\varepsilon(x) \oplus \varepsilon(-1)) \oplus \varepsilon(1) = (\varepsilon(x) \oplus \varepsilon(1)) \oplus \varepsilon(-1),$
  • $\varepsilon(x+1) = \varepsilon(x) \oplus \varepsilon(1) \ \mathrm{and}$
  • $\varepsilon(x-1) = \varepsilon(x) \oplus \varepsilon(-1)$
  • $\forall x \in \mathbb{Z}$

$x$ can never be recovered because the secret key will not be known (an original $\varepsilon(x')$ is chosen as $0$ and it will only be manipulated or used in encrypted form). It is ok (and perhaps even desirable) if $\varepsilon(x + n)$, computed (only) recursively as a series of single increments or decrements, is worse than $O(n)$ but no worse than about $O(n \log n)$ and there should be no limit on $n$ - that is, the further I go in a direction, it gets a little harder to keep going, but not impractically so.

It seems to me that this is perhaps within practicality for Gentry's scheme if the hints for $\mathrm{sK}$ can be reused forever for $\mathrm{recrypt}()$, but I might be misunderstanding this (or all of it). Then, Gentry might be overkill, since I don't seem to need multiplication ($\varepsilon(-1)$ does not need to be calculated as $\varepsilon(1) \otimes \varepsilon(-1) $, right?). I think any PHE supporting unlimited additions is good enough. Gentry's numbers "stiffen" - but is that the case with all systems? If they stiffen at about $O(n \log n)$ that's what I'm hoping for worst case.

I'd like to implement this in F# but 1) I need a good choice of algorithm supported by .NET or with an implementation in F#, and 2) How can I disable padding in such a scheme which normally one would be crazy to want to do?

The purpose is to create a dimension whose origin is unknown, but which can be navigated relatively. I'm below novice at math and latex and formalisms so if my attempts above are totally asinine, I apologize. Do you recognize an equivalent scheme that doesn't require HE?

Jason Kleban
  • 195
  • 7

1 Answers1

3

You don't need fully homomorphic encryption for this. In particular, you don't need to use Gentry's scheme. Any standard scheme for additively homomorphic encryption will be fine. For instance, Paillier should work fine, as should exponential El Gamal.

Search this site and you can find lots of information on additively homomorphic encryption. See, e.g., Can Elgamal be made additively homomorphic and how could it be used for E-voting? and https://crypto.stackexchange.com/a/9003/351 and https://crypto.stackexchange.com/a/12704/351 and https://crypto.stackexchange.com/a/9139/351. Also, search the literature for work on "encrypted counters" and you should find additional stuff that might be helpful.

This is not the site to ask how to implement crypto in F#; ask on StackOverflow for coding questions. Your questions about padding make no sense to me. The real question is what algorithm to use. Once you know what algorithm to use, just implement it (that's just a straightforward matter of programming).

Community
  • 1
D.W.
  • 36,982
  • 13
  • 107
  • 196