Acceleration of Homomorphic Arithmetic Processing Based on the ElGamal Cryptosystem

In recent years, opportunities for using cloud services as computing resources have increased and there is a concern that private information may be leaked when processes data. The data processing while maintaining confidentiality is called secret computation. Cryptosystems can add and multiply plaintext through the manipulation of ciphertexts of homomorphic cryptosystems, but most of them have restrictions on the number of multiplications that can be performed. Among the different types of cryptosystems, fully homomorphic encryption can perform arbitrary homomorphic addition and multiplication, but it takes a long time to eliminate the limitation on the number of homomorphic operations and to carry out homomorphic multiplication. Therefore, in this paper, we propose an arithmetic processing method that can perform an arbitrary number of homomorphic addition and multiplication operations based on ElGamal cryptosystem. The results of experiments comparing with the proposed method with HElib in which the BGV scheme of fully homomorphic encryption is implemented showed that, although the processing time for homomorphic addition per ciphertext increased by about 35%, the processing time for homomorphic multiplication was reduced to about 1.8%, and the processing time to calculate the statistic (variance) had approximately a 15% reduction.


Introduction
With the recent development of cloud services, there has been a growing trend of outsourcing computational tasks.This gives rise to the important security is- Homomorphic cryptosystems include additive homomorphic encryption that can perform only homomorphic additions such as Paillier encryption and lifted-ElGamal encryption, and multiplicative homomorphic encryption that can perform only homomorphic multiplications such as RSA encryption and El-Gamal encryption [1] [2] [3].In addition, homomorphic cryptosystems that can perform both homomorphic addition and homomorphic multiplication are called fully homomorphic encryption (FHE) [4].FHE has high convenience, but there is a problem that its processing speed is very slow.Therefore, in this paper, we propose a system capable of both homomorphic addition and homomorphic multiplication based on the ElGamal cryptosystem by unifying the random number part normally included in ElGamal ciphertext with all ciphertexts.However, this situation raises concerns about a decline in security compared to the ordinary ElGamal cryptosystem.Hence, in the state other than homomorphic computation, it is in the form of ordinary ElGamal ciphertext.To accomplish this, we replace the value of r included in ElGamal ciphertext into constants or random numbers.
The rest of the paper is organized as follows.Homomorphic Cryptosystem is introduced in Section 2. In Section 3, ElGamal Cryptosystem is introduced.In Section 4, Fully Homomorphic Encryption is introduced.We propose an arithmetic processing method that can perform an arbitrary number of homomorphic addition and multiplication operations based on ElGamal cryptosystem in Section 5. Section 6 shows results of two experiments.Sections 7 -9 draw discussion, future work, and conclusions.

Homomorphic Cryptosystem
A homomorphic cryptosystem can perform the addition and multiplication of plaintext by the manipulation of ciphertexts.When ciphertext ( ) , m m are given, ( ) The public key is ( ) , , , G q g h and the secret key is x.

Encryption
To encrypt a message m G ∈ , we randomly select ( ) The ciphertext is ( ) ( ) The plaintext is m.

Previous Rsearch Fully Homomorphic Encryption
FHE is capable of arbitrary operations such as the addition and multiplication of plaintext by the manipulation of ciphertexts.When plaintext is encrypted, it adds constant noise according to security parameters.This noise increases with each homomorphic operation, and if the noise becomes too large, it becomes impossible to decrypt the ciphertext into the original plaintext.In particular, when homomorphic multiplication is performed, noise increases greatly.Therefore, developers created somewhat homomorphic encryption (SHE), which restricts the number of homomorphic multiplications.Then, in 2009, Gentry proposed Bootstrap as a method to reduce ciphertext noise in SHE.This makes it possible to take restrictions on SHE and implement FHE.However, Bootstrap is not practical from the viewpoint of processing speed because it greatly increases the number of calculations.
Since then, studies such as a method called packing for encrypting plural plaintexts into one ciphertext and a scheme for reducing noise of ciphertext without using Bootstrap are progressing [5] [6].These have greatly improved the performance, but there is still a problem with processing speed.

Bootstrap
Bootstrap reduces noise accumulated in ciphertext by homomorphic operation.FHE makes the decipherability difficult to realize by adding noise to the ciphertext as the basis for security.This noise increases with each iteration of homomorphic operation, and if it exceeds a certain threshold value it can not decode correctly.
Bootstrap encrypts ciphertexts in which noise is stored again and performs decryption processing using the encrypted secret key.As a result of this decoding, a new ciphertext is accumulated in which only the noise required for de-

Overview
In this paper, we propose a method capable of both homomorphic addition and homomorphic multiplication based on the ElGamal cryptosystem.In the proposed method, the random number part normally included in ElGamal ciphertext is unified with all ciphertexts.This allows for both homomorphic addition and homomorphic multiplication.However, since this situation raises concerns about a decline in security compared to the ordinary ElGamal cryptosystem, in the state other than homomorphic computation, it is in the form of ordinary ElGamal ciphertext.Hereafter, the form of the ciphertext at the time of homomorphic operation is called "an arithmetic form", and the form of the ciphertext in other case is called "a stored form".

System Configuration
We propose a delegating computation model in which encrypted data are transmitted from the user to the cloud, and the cloud performs arithmetic processing on those encrypted data.
It is assumed that the cloud includes a calculation server and a transformation server.The calculation server performs arithmetic operations such as statistical processing in the encrypted state, and the transformation server replaces the value of r included in ElGamal ciphertext into constants or random numbers (Figure 1).Also, it is assumed that the user and the transformation server can safely share the secret key.
Figure 1 shows the system's processing flow.First, the user transmits ElGamal ciphertexts that are stored form, to the calculation server, and the calculation server stores the data.Upon receiving the calculation request from the user, the calculation server exchanges data with the transformation server to convert the stored form of the ElGamal ciphertexts into the arithmetic form of the ElGamal ciphertexts.Then, the calculation server performs processing according to the calculation request by homomorphic operations, and obtains the calculation results of the encrypted state.Then, the calculation server exchanges data with the transformation server to converts the arithmetic form of the ElGamal ciphertexts into the stored form of the Elgamal ciphertexts.Finally, the stored form of the encrypted operation result is transmitted to the user, and the user decrypts it using a secret key to obtain the calculation result.If multiple processing contents are included in the calculation request, the same procedure is repeated (Figure 2).
We assume the roles of the user, the calculation server, the transformation server, the constraints imposed, and the functions as follows.

Homomorphism
In the arithmetic form of ciphertext, we unify the value of r included in ElGamal ciphertext by all ciphertexts.As a result, the arithmetic form of the ciphertext satisfies both additive homomorphism and multiplicative homomorphism.

Conversion Processing of Ciphertext
We show the method of mutual conversion between the arithmetic and the stored forms of ciphertext.
Conversion from Stored to Arithmetic Form Given ( ) ( ) , , where , , i r is a random num- ber: 1) The calculation server generates a random number i G α ∈ and sends , α to the transformation server.
2) The transformation server decrypts the received ciphertexts: 3) The transformation server generates ciphertexts from i i m α and random number r G ∈ and send them to the calculation server.r is generated while encrypting 1 1 m α , and the same r is used for encryption of ( ) Also, when multiple processing contents are included in the calculation request, a different r is used for each processing content: , , 4) The calculation server removes the random number i α from the received ciphertexts and computes ( ) , , where , , r is a constant number: 1) The calculation server generates a random number i G β ∈ and sends ( ) β to the transformation server.
2) The transformation server decrypts the received ciphertexts: 3) The transformation server generates ciphertexts from i i m β and random number i r G ∈ and sends them to the calculation server: , , 4) The calculation server removes the random number i β from the received ciphertexts and computes ( ) 6. Experiment

Overview
In this experiment, as the performance evaluation of the proposed method, statistical processing using homomorphic computation is performed and its processing time is measured.As a comparison target, HElib on which the BGV We measure the processing time of homomorphic addition and homomorphic multiplication.We also measured the processing time of mutual conversion of the ciphertext between stored and arithmetic forms.

Experiment 2
We computed the variance of 1000 -10,000 data items measured the processing time.We converted the stored form to arithmetic form, performed statistical processing, and converted the arithmetic form to a stored form.Then, we measured the time taken for this series of flows.

Experiment Environment
The experimental environment was as follows.

Dataset
As an experimental data set, we used the "Adult" labeled dataset provided by UCI.This data set contains 32,561 data items divided by 14 attributes such as age, gender, race, etc.In the experiment, we used the age attribute.

Experiment 1
We measured the processing time for homomorphic addition and homomorphic multiplication (see Table 1).In homomorphic addition and homomorphic multiplication of HElib, it is not the processing time required for homomorphic operation between packed ciphertexts.It is the processing time of homomorphic operation per ciphertext calculated by dividing the processing time by the number of slots.
Experiment 2 We measured the processing time taken to calculate the variance by homomorphic operations.Table 2 and Figure 3 show the transition of the processing time when the number of data items changes from 1000 to 10,000 in increments of 1000.We measured the processing time for homomorphic addition and homomorphic multiplication and conversion.In the processing time of homomorphic addition, the proposed method required about 135% processing time compared with HElib, but the homomorphic multiplication reduced the processing time to

Future Work
We need to improve the security of the proposed method in which we convert from a stored form to an arithmetic form before the homomorphic operation.In arithmetic form, the value of r included in the ElGamal ciphertext ( )  Since the ratio of the plaintext can be obtained from the ratio of the ciphertexts, if any plaintext is deprived in any way, all the plaintexts will leak out.
However, when converting to a stored form again and converting it to an arithmetic form from it, the value of r is unified in all ciphertexts, but it can be changed to a value different from the value of r before conversion.

Conclusion
In this paper, we propose the acceleration of homomorphic arithmetic processing based on the ElGamal cryptosystem and present experiments, evaluation, and discussion.The results of experiments comparing the proposed method with HElib showed that, although the processing time for homomorphic addition per ciphertext increased by about 35%, the processing time for homomorphic multiplication was reduced to about 1.8%, and the processing time to calculate the statistic (variance) had approximately a 15% reduction.
How to cite this paper: Jogan, T., Matsuzawa, T. and Takeda, M. (2019) Acceleration of Homomorphic Arithmetic Processing Based on the ElGamal Cryptosystem.Communications and Network, 11, 1-10.https://doi.org/10.4236/cn.2019.111001sue of protecting privacy, since personal information is being transferred.To solve the problem, homomorphic cryptosystems capable of computing plaintext by the manipulation of ciphertexts have attracted attention.

Figure 2 .
Figure 2. Process flow of the calculation request.

Figure 3 .
Figure 3. Transition of the processing time (variance).
given, they satisfy the following.
Communications and Network scheme of FHE is implemented was used.HElib is an open source library published by IBM and available in C ++. Also, implementation of the proposed method was done in C.