https://log.zxcvber.com/
Life Log
Recording Life.
2024-02-09T14:30:53+09:00
Sungchan Yi
https://log.zxcvber.com/
Jekyll
© 2024 Sungchan Yi
/assets/img/favicons/favicon.ico
/assets/img/favicons/favicon-96x96.png
18. Bootstrapping & CKKS
2023-12-08T00:00:00+09:00
2023-12-08T00:00:00+09:00
https://log.zxcvber.com/lecture-notes/modern-cryptography/2023-12-08-bootstrapping-ckks/
Sungchan Yi
Bootstrapping
Recall that BGV has a limit on the number of operations, so it cannot evaluate a circuit with a large depth. This was because of the growing noise, so we need a way to remove the noise.
An easy answer is decrypting the ciphertext and encrypting it again, but we want to do it without using the secret key.
Bootstrapping is a method to convert SHE into FHE.
Key Idea
The main ide...
17. BGV Scheme
2023-11-23T00:00:00+09:00
2023-11-23T00:00:00+09:00
https://log.zxcvber.com/lecture-notes/modern-cryptography/2023-11-23-bgv-scheme/
Sungchan Yi
Homomorphisms
Definition. Let $(X, \ast), (Y, \ast’)$ be sets equipped with binary operations $\ast$, $\ast’$. A map $\varphi : X \ra Y$ is said to be a homomorphism if
\[\varphi(a \ast b) = \varphi(a) \ast' \varphi(b)\]
for all $a, b \in X$.
A homomorphism sort of preserves the structure between two sets.1
We will mainly consider additive homomorphisms where
\[\varphi(a + b) = \var...
16. The GMW Protocol
2023-11-16T00:00:00+09:00
2024-02-09T14:25:14+09:00
https://log.zxcvber.com/lecture-notes/modern-cryptography/2023-11-16-gmw-protocol/
Sungchan Yi
There are two types of MPC protocols, generic and specific. Generic protocols can compute arbitrary functions. Garbled circuits were generic protocols, since it can be used to compute any boolean circuits. In contrast, the summation protocol is a specific protocol that can only be used to compute a specific function. Note that generic protocols are not necessarily better, since specific protoco...
15. Garbled Circuits
2023-11-14T00:00:00+09:00
2023-11-14T00:00:00+09:00
https://log.zxcvber.com/lecture-notes/modern-cryptography/2023-11-14-garbled-circuits/
Sungchan Yi
A simple solution for two party computation would be to use oblivious transfers as noted here. However, this method is inefficient. We will look at Yao’s protocol, presented in 1986, for secure two-party computation.
The term garbled circuit was used by Beaver-Micali-Rogaway (BMR), presenting a multiparty protocol using a similar approach to Yao’s protocol.
Yao’s Protocol
This protocol is fo...
14. Secure Multiparty Computation
2023-11-09T00:00:00+09:00
2023-11-09T00:00:00+09:00
https://log.zxcvber.com/lecture-notes/modern-cryptography/2023-11-09-secure-mpc/
Sungchan Yi
Secure Multiparty Computation (MPC)
Suppose we have a function $f$ that takes $n$ inputs and produces $m$ outputs.
\[(y_1, \dots, y_m) = f(x_1, \dots, x_n).\]
$N$ parties $P_1, \dots, P_N$ are trying to evaluate this function with a protocol. Each $x_i$ is submitted by one of the parties, and each output $y_j$ will be given to one or more parties.
In secure multiparty computation (MPC), we ...