----
# Country Lookup Example
This example demonstrates a privacy preserving search against an encrypted
database and it is implemented using the [Brakerski-Gentry-Vaikuntanathan][1]
(BGV) scheme. The database is a key-value store pre-populated with the
English names of countries and their capital cities from the continent of
Europe. Selecting the country will use HElib to perform a search of the
matching capital.
## Relation to a real use case
Privacy preserving search is a common scenario to demonstrate the benefits of
homomorphic encryption. Being able to perform a query while preserving the
privacy and confidentiality of the parameters of the query has many
applications across various industry segments spanning from genomics to
finance. This example uses a simple and easy to follow algorithm that
demonstrates how one can use homomorphic encryption based techniques to
generate a mask to retrieve data from a key-value pair database. It uses a
dataset that is understandable for users across all industries and expertise
levels.
With respect to realism of data, the dataset takes into account all countries
in the continent of Europe. In a real use case, this could be information on
customers or financial records for example. This is an educational example so a
small dataset was needed to ensure timely responses and that it was relevant
for all users.
## Walk-through of How This Example Works
Here we present a detailed description of the algorithm used to performed a
privacy preserving database lookup. This simple algorith also demonstrates
many of the basic constructs utilized in more comples homomorphic encryption
based applications.
Before we begin, we note the boxes shown in the images below represent
plaintexts/ciphertexts. The values inside the boxes are shown purely for
illustrative purposes to ease in the explanation and in reality cannot be
viewed unless decrypted.
Starting with the database, we have a key-value store `k,v` as shown below,
where the keys `k` are unique.
![slide1](slides/DB1.jpg)
Given a query `k_q`, this query is first replicated and then compared with
every key `k_i` in the database. The result of this comparison should produce
an encrypted mask where an encryption of 0 will represent a non-matching entry
and an encryption of 1 will represent a matching entry. Since this database is
considered to have unique keys, a maximum of one match should ever be produced
per query.
![slide2](slides/DB2.jpg)
Given a mask of 0s and 1s, the mask can be multiplied across the values of the
database entry-wise. This process extracts the value corresponding to the key
that matched with the query. This is because a 0 multiplied with a value zeroes
out the value and a 1 multiplied with a value results in the value itself.
![slide3](slides/DB3.jpg)
The first step of the algorithm is to compute the difference operation between
the query and the keys of the database. This is a simple subtraction operation
which performs an entry-wise subtraction operation of the array-like structure.
This will product a difference ciphertext which we denote as `delta`. Currently
`delta` will either be `0` if the key matched the query and non-zero otherwise.
This is not quite the mask we require so we must perform another operation
described next.
![slide8](slides/DB8.jpg)
For the next step, one should be aware of a mathematical result known as
Fermat's little theorem (FLT). FLT states that given any non-zero integer `a`
and a prime number `p` then `a` raised to the power `p-1` always results in a
number `pn + 1` where `n` is an integer. This is formally captured below. Using
this result we can modify it slightly to produce a function `f(x)` as stated
below.
![slide9](slides/DB9.jpg)
Given our function `f(x)` we can apply it to the previously calculated
differences and is captured in the two following images. First we apply the FLT
operation to every difference ciphertext. This produces an encryption of zero,
`E(0)`, if the difference was zero, i.e. there was a match and an encryption of
one, `E(1)`, otherwise.
![slide10](slides/DB10.jpg)
Next we use the previously calculated results of the FLT operation and minus
this value from `1`. This value of `1` can be in the clear as any operation
between a ciphertext and a plaintext results in a ciphertext. This has the
affect of mapping any non-zero value to zero and zero to one. Thus we obtain
the masks that we require from the comparison algorithm. Consider the 3rd entry
of the database matched the query then applying `f(x)` to the differences would
produce the results as shown below.
![slide11](slides/DB11.jpg)
There is however another aspect to take into consideration, namely how do we
deal with partial matches? Consider the following scenario captured in the
image below. Imagine that the key matched only the second letter of the query
and maybe some of the padding values then it would produce an array like below.
Since we are only interested in exact matches for our lookup example, this
result should be considered as non-matching. To eliminate partially matching
results we simply copy the ciphertext, perform a rotation of our array like
structure of the copy and multiply it entry-wise with the original copy. This
means if there is at least one `0` in any of the slots of the ciphertext, this
slot will effectively `zero out` every other slot of the array.
Note that since we cannot know which ciphertext contains a matching, partially
matching, or non-matching result, this operation is also performed on the
matching result. However, since the ciphertext should have a `1` in every slot,
then this operation should have no effect.
![slide12](slides/DB12.jpg)
Now that we have our final masks, we can perform the data extraction from the
database. This step involves multiplying the mask with the respective value
entry of the database. Since our mask is an encryption of `0` if there is no
match, multiplying it with the corresponding entry will zero out that entry.
Additionally, since the mask is an encryption of `1` if there is a match,
multiplying it with the entry will return the entry itself. This can be seen
below, where the 3rd database entry matched the query.
![slide13](slides/DB13.jpg)
Since the keys in our example database are known to be unique, it can be
assured that there will only be a maximum of a single unique match per query.
Using this knowledge it is possible to aggregate all of the results from the
value extraction step into a single ciphertext. This is because adding
encryptions of `0` to a value does not change the value itself. This saves on
communication as the server only needs to send a single ciphertext back to the
client as opposed to a single ciphertext for each entry of the database.
![slide14](slides/DB14.jpg)
Having described the general concept of a database lookup using HE, let us
apply this to a concrete example, namely the country lookup implemented here.
Given a key-value store as described previously, let the set of keys be the
names of European countries and the let the values be the corresponding capital
cities as shown below.
![slide4](slides/DB4.jpg)
Intuitively, one can view the plaintext as an array-like structure with integer
coefficients held in the 'slots'. Since the BGV scheme represents data as
integer polynomials, the first step is to encode the data. We simply use ASCII
representation, thus encoding for example `France` as `70 114 97 110 99 101` as
shown below with padding of additional unused `slots` with `0`. Note that the
data determines the algebra to be used for the scheme. Since the largest ASCII
character is `126`, then we pick a prime number `p = 131` as our plaintext
prime modulus.
![slide5](slides/DB5.jpg)
After encoding both the key and value data of the database, they can now be
encrypted using a previously generated public key. We represent encrypted data
as `E()` where `E(England)` represents the ciphertext holding the encrypti
没有合适的资源?快使用搜索试试~ 我知道了~
HElib全同态加密库
共325个文件
cpp:145个
h:67个
txt:22个
5星 · 超过95%的资源 需积分: 44 18 下载量 115 浏览量
2020-10-05
18:12:44
上传
评论 1
收藏 2.31MB ZIP 举报
温馨提示
这是由IBM用c++编写的全同态加密库HElib,可以实现加、减、乘的全通加密操作,有了这些基本操作,我们就可以实现任意形式的计算,进而将全同态加密技术应用在各行各业的安全领域。
资源推荐
资源详情
资源评论
收起资源包目录
HElib全同态加密库 (325个子文件)
std.bash 5KB
std.bash 2KB
create-context.bats 10KB
crypto.bats 10KB
lookup.bats 9KB
coders.bats 5KB
scoring.bats 4KB
full-pipeline.bats 3KB
BGV_country_db_lookup.bats 2KB
BGV_binary_arithmetic.bats 2KB
BGV_packed_arithmetic.bats 1KB
gen-params.batx 3KB
he-library.bib 3KB
iotest_binLE.bin 7KB
iotest_binBE.bin 7KB
get_gmp_version.c 963B
.clang-format 1KB
rpath_fixer.cmake 5KB
FindGMP.cmake 5KB
FindNTL.cmake 5KB
gtest.cmake 1KB
TestPtxt.cpp 95KB
matmul.cpp 81KB
Ctxt.cpp 76KB
NumbTh.cpp 50KB
binaryArith.cpp 47KB
GTestBinaryArith.cpp 45KB
keys.cpp 43KB
DoubleCRT.cpp 41KB
recryption.cpp 39KB
TestPartialMatch.cpp 37KB
PAlgebra.cpp 37KB
PGFFT.cpp 36KB
TestArgMap.cpp 35KB
OptimizePermutations.cpp 32KB
Ptxt.cpp 31KB
EncryptedArray.cpp 31KB
homAES.cpp 31KB
polyEval.cpp 30KB
matmul1D.cpp 28KB
EvalMap.cpp 27KB
TestMatrix.cpp 26KB
TestErrorHandling.cpp 25KB
powerful.cpp 25KB
primeChain.cpp 25KB
replicate.cpp 22KB
TestPolyMod.cpp 22KB
norms.cpp 21KB
GTestBinaryCompare.cpp 20KB
keySwitching.cpp 20KB
Test_Timing.cpp 19KB
permutations.cpp 19KB
tapprox.cpp 18KB
Context.cpp 18KB
sample.cpp 18KB
GTestThinBootstrapping.cpp 17KB
GTestApproxNums.cpp 17KB
GTestBootstrapping.cpp 17KB
matmul.cpp 17KB
GTestGeneral.cpp 16KB
GTestThinboot.cpp 16KB
Test_approxNums.cpp 16KB
TestCKKS.cpp 16KB
CModulus.cpp 15KB
blockMatmul1D.cpp 14KB
TestBootstrappingWithMultiplications.cpp 14KB
simpleAES.cpp 14KB
Test_bootstrapping.cpp 13KB
Test_SPX.cpp 13KB
BGV_country_db_lookup.cpp 12KB
GTestBinIO.cpp 12KB
Test_binaryArith.cpp 12KB
GTestPermutations.cpp 12KB
Test_ThinBootstrapping.cpp 12KB
matching.cpp 12KB
GTestFatboot.cpp 12KB
Test_matmul.cpp 12KB
GTestMatmul.cpp 11KB
intraSlot.cpp 11KB
GTestIO.cpp 11KB
GTestTableLookup.cpp 11KB
Test_thinboot.cpp 11KB
GTestEvalMap.cpp 10KB
create-context.cpp 10KB
Test_Permutations.cpp 10KB
tableLookup.cpp 10KB
EaCx.cpp 10KB
BGV_binary_arithmetic.cpp 10KB
PIR.cpp 10KB
Test_General.cpp 10KB
blockMatmul.cpp 10KB
TestCtxt.cpp 10KB
Test_Bin_IO.cpp 10KB
binaryCompare.cpp 10KB
GTestThinEvalMap.cpp 10KB
PermNetwork.cpp 9KB
BenesNetwork.cpp 9KB
GTestPGFFT.cpp 9KB
Test_IO.cpp 9KB
Test_AES.cpp 9KB
共 325 条
- 1
- 2
- 3
- 4
资源评论
- 我要WhatYouNeed2023-07-28这个文件提供了一个很好的HElib全同态加密库的介绍,方便初学者快速上手。
- BellWang2023-07-28我发现阅读这个文件后,对HElib的理解更加深入了一些,我已经能够开始使用它来解决问题了。
- 萌新小白爱学习2023-07-28这个文件的作者花了很多心思来讲解HElib的实现细节,非常细致入微。
- 武藏美-伊雯2023-07-28这个文件对于想要了解HElib全同态加密库的人来说是一个宝贵的资源。
- 白绍伟2023-07-28我对这个文件的印象很好,它清晰地解释了HElib的原理和用法。
weixin_42757461
- 粉丝: 2
- 资源: 2
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 549springboot + vue 民宿管理平台.zip (可运行源码+数据库文件+文档)
- ZArchiver.Pro_0.9.5.apk
- vmware环境配置.mp4
- 548springboot + vue 大学生社团活动平台.zip(可运行源码+数据库文件+文档)
- 微信小程序 辩论倒计时小程序源码 作业设计demo 计算机专业参考
- 深入探究文件IO,嵌入式Linux
- 微信备忘录小程序源码 作业设计demo 计算机专业作业
- 微信小程序 仿百度小说小程序 看小说小程序 实现源码
- 锂电资料包-锂离子电池技术干货资料合集.zip
- (王道计算机组成原理)第三章存储系统-第二节1:主存储器基本构成、基本的半导体原件和存储器芯片的原理_主存储器与存储芯片-CSDN博客 (2024….html
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功