CRT-Based Homomorphic Encryption over the Fraction

Zhao, De; Ding, Haiyang; Li, Zhenzhen; Zhang, Zhenzhen; Li, Zichen; Gao, Jing

doi:https://doi.org/10.1155/2023/3106927

Security and Communication Networks

On this page

Abstract Introduction Preliminaries Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Research Article | Open Access

Volume 2023 | Article ID 3106927 | https://doi.org/10.1155/2023/3106927

CRT-Based Homomorphic Encryption over the Fraction

De Zhao,¹Haiyang Ding,¹Zhenzhen Li,¹Zhenzhen Zhang,¹Zichen Li,¹and Jing Gao²

Academic Editor: Leo Yu Zhang

Received11 Oct 2021

Revised30 Jan 2022

Accepted03 Mar 2022

Published08 May 2023

Abstract

Homomorphic encryption technology is the holy grail of cryptography and has a wide range of applications in practice. This paper proposes a homomorphic encryption scheme over the fraction based on the Chinese remainder theorem (CRT) Dayan qiuyi rule. This homomorphic scheme performs encryption and decryption operations by forming congruence groups and has homomorphism. The solution in this paper first combines the traditional CRT algorithm with the Dayan qiuyi rule to obtain the CRTF algorithm that can be operated on the fraction field. Finally, in the decryption process, modulo arithmetic is used twice to obtain the correct plaintext components, restored to plaintext by CRTF. The scheme’s security is related to a decisional version of an approximate GCD problem. The proof of theoretical derivation shows that this paper’s homomorphic encryption scheme can realize the homomorphic addition operation in the fraction field. Compared with the CKKS scheme, efficiency is improved.

1. Introduction

With the birth and development of the Internet and cloud computing concepts, people’s demands for data processing and search are constantly increasing, making homomorphic encryption (HE) more critical. HE is also the focus and hot issue of international cryptography research in recent years. The concept of HE appeared in the paper [1] jointly published by Rivest, Adleman, and Detourzos in 1978. It first proposed the concept of calculating encrypted data without decrypting the encrypted data. The advantage of HE is that users can still analyze and retrieve encrypted data when the data are encrypted [2], which ensures the security of data transmission and prevents the plaintext from being exposed or leaked when the data are processed in the cloud.

Furthermore, the correct encrypted data can also get the correct decryption result [3]. HE has a significant application value, and it has many applications in cloud computing and electronic voting. After the idea of homomorphism was proposed, many scholars tried to construct a fully homomorphic encryption (FHE) scheme, but none of the proposed schemes possessed the characteristic of full homomorphism [3–9]. On this basis, a homomorphic cipher that can satisfy finite times of multiplication and addition at the same time is also proposed [8–22]. It is called somewhat homomorphic encryption (SWHE). In 2009, Gentry was the first to construct an FHE scheme [10] based on the ideal lattice concept [11]. Since then, Gentry has successively constructed some other FHE schemes [12]. In addition, in order to promote the idea of “bootstrapping,” Gentry used a simple algebraic structure to construct a DGHV10 scheme [23] over the integer in 2010. In the follow-up, many scholars not only carried out a lot of improvement and advancement work but also expanded the plaintext domain, increased efficiency, and solved the problem of ciphertext expansion.

After Gentry’s breakthrough, homomorphic cryptography is known as a hot topic again. In 2011, Brakerski proposed a lattice-based encryption hypothesis learning with errors (LWEs) [24]. In the same year, Brakerski, Gentry, and Vaikuntanathan completed the system together and officially published it. It is called BGV [12]. The BGV system is a homomorphic encryption system with a finite number of stages, but it can be turned into a fully homomorphic system through Bootstrapping. The BGV system is the second-generation FHE system.

In 2013, Gentry, Sanai, and Waters launched the new GSW scheme [25]. The GSW system is similar to BGV and has a finite series of fully homomorphic properties. GSW is called the third-generation FHE system.

After 2013, based on original third-generation FHE, various new designs have emerged, dedicated to optimizing and accelerating the operating efficiency of the BGV and GSW systems. IBM developed an open-source fully homomorphic computing library (HElib) based on the BGV system and successfully transplanted it to major mobile platforms.

However, the above homomorphic encryption schemes (whether SWHE or FHE schemes) are mostly applied to the integer field [23], and there is still a gap in the use of homomorphic encryption over fractions.

In 1978, Rivest mentioned an example in his paper [1], which was based on CRT. It is homomorphic, but it is insecure and challenging to resist known plaintext attacks [26].

DGHV15 [27] solves the security problem by adding random information to ciphertext, and at the same time, links security to a decisional version of approximate GCD problems. Nevertheless, it did not solve the homomorphic operation of fractions.

This paper first reviews DGHV15 [27], combines CRT with the Dayan qiuyi rule based on it to obtain CRTF, and applies CRTF to the encryption and decryption processes, expanding the scheme’s calculation range from integers to fractions. Furthermore, the scheme also has a homomorphic nature. The safety proof of the scheme proposed in this paper is equivalent to the safety analysis of DGHV15 [27].

In Section 2, some basic concepts are introduced. In Section 3, the scheme of this article is explained in detail, including parameters and structure. Section 3.3 proves correctness and homomorphism. Finally, safety and efficiency are compared and analyzed in Sections 3.4 and 3.5.

2. Preliminaries

2.1. Chinese Remainder Theorem

CRT (Chinese remainder theorem) first appeared in a book on mathematics during the Southern and Northern dynasties of China. Sunzi Suanjing (Problem26, Volume 3) reads “there are certain things whose number is unknown. A number is repeatedly divided by 3, the remainder is 2; divided by 5, the remainder is 3; and by 7, the remainder is 2. What will the number be?” This problem can be expressed as

Generally, the target object of the CRT is one-variable congruence equations. is a positive integer that is prime to each other [15]. and are both positive integers:

We can find the positive integer solution of the unitary congruence group. The above process is called the Chinese reminder theorem (CRT) or Sunzi theorem [16]. It has many applications in various fields [17]. Its specific form can be expressed as follows.

The solution is as follows:where is multiplicative inverse and must meet the conditions of .

2.2. Dayan Qiuyi Rule

The Dayan qiuyi rule originated from the mathematics book Shushu Jiuzhang written by Qin Jiushao in 1247 AD in the Song dynasty. Some of the problems are expressed by the congruence system [27]. The modulus and remainder of the congruence equations formed by these practical problems have different situations, including decimals, integers, and fractions. The rest of the numbers in the fraction field provides theoretical feasibility and ideas for the scheme of this article.

To solve the remainder’s situation in the fraction field, the remainder and the modulus must be multiplied by the least common multiple of two denominators. The modulus set no longer satisfies any two elements in the modulus set mutually prime in the unary congruence equation. The set of modulus needs to be transformed into an equivalent form on the unary congruence equation.

The modulus set can be divided into the following four categories according to the relative prime of the elements in its own set. Yuanshu: there is no greatest common factor in the set of modules Tongshu: there are elements in the set of modules that exist in the fraction field Fushu: there is the greatest common factor in the modulus set Dingshu: any two elements in the set of modulus are relatively prime

Step 1. We convert the remainder existing in the fraction field into an equivalent integer form. are all integers:If there is the greatest common factor in , we go to Step 2. Otherwise, we enter Step 3.

Step 2. We convert Fushu to Yuanshu.
Essentially, it solves the situation where there are common factors in the set of modules. We suppose that there is a set of modulus , where . can be transformed into equivalent if and is the exponent of a common factor, which is the highest.

Step 3. The process of transforming Yuanshu into Dingshu is as follows.
For the modulus set , we can convert it to Dingshu by the following calculation method. We get first . and are the Dingshu of and if . and are the Dingshu of and if and .
We continue to iterate and calculate along with the above rules.
and as the Dingshu of and if . Considering the length of this paper, the detailed derivation and calculation process can be obtained in Kangsheng [28]. Performing circular operations on the subsequent modulus can get the converted modulus set. Afterwards, CRT can be used to perform substitution operations on the fraction field.
The Dayan qiuyi rule transforms the remainder in the congruence equation from the fractional form to the equivalent integer form on the congruence equation. Furthermore, through certain arithmetic rules, the modulus is transformed into a modulus set of any two elements that are relatively prime so that it conforms to the construction form of unary congruence. The final integer solution answer can be obtained by using the CRT method.

2.3. Operation over the Fraction

In the fraction field, we must first define the operating rules of modular arithmetic. is an integer:where and .

The modular addition operation of the fractional field is as follows:

The proof process, where and are an integer, is as follows:. Because both and are integers, is also an integer:

Example 1. Suppose there is a set of modulus , we transform it into a set of modulus cc with any two elements that are relatively prime by the Dayan qiuyi rule: Step 1: We convert Fushu to Yuanshu that is to remove the greatest common divisor in the modulus set . Due to , each element in the set can be written as , , , and . The power of factor 3 in number 54 is 3, and it is the highest value. So . Step 2: We convert Yuanshu to Dingshu to convert the modulus set that does not contain common factors but may have two elements that are not mutually prime to any two modulus set that is relatively prime to any two elements. We name the elements in the collection. The name from front to back is , , , and . So , , , and . The converted modulus set is .This process can be clearly and intuitively demonstrated (see Figure 1).

3. Our Homomorphic Encryption Scheme

This paper proposes a homomorphic encryption scheme that can process data in the fraction field based on the above theoretical discussion. The method obtained by improving the CRT based on the Dayan qiuyi rule is called CRTF. By using CRTF in the encryption and decryption process can encrypt and decrypt data in the fraction field.

In Section 2.1 of this paper, and are positive integers (see equation (2) or equation (3)). Based on the basic requirements of CRT and congruence groups, any two elements in should be relatively prime. However, in the CRTF constructed, the restrictions on the modulus and remainder are relaxed so that the remainder can exist on the fraction field and have stronger ability to solve practical problems:where , , and are all positive integers.

Suppose there is a group of unary congruences in the form , where , , and are all integers, we use the following steps: Step 1: The unary congruence group is expressed in the following form: where and . Step 2: The modulus set is transformed into a modulus set that meets the requirement of pairwise coprime through the method in Section 2.2 of this article. To form a new congruence group, we get the following:where and .

Example 2. We solve the answer to a system of unary congruence equations based on the fractional domain:The specific process of the solution is as follows: Step 1: By multiplying both ends of each congruence in the unary congruence group by at the same time, we can get Step 2: The modulus set is transformed into a modulus set that is equivalent and conforms to the pairwise prime through the Dayan qiuyi rule: Step 3: We bring various parameters into the solution formula abovementioned. We can get .

3.1. Parameters

Many schemes require a constant (the number is 2 in DGHV10 [23]) or parameters to determine their plaintext domain; constructing an array is necessary to clarify the plaintext domain. must be a prime number, and is the bit length of . is vital because it determines the number of prime elements in and the size of the plaintext space to a certain extent. We set a parameter , and the plaintext space is where Q stands for a rational number.

3.2. Construction

In this part, we mainly discuss the four structures of key generation, encryption processes, decryption processes, and addition homomorphic operation. For the convenience of expression, we define as . Similarly, can also be used to express .

KeyGen (,): A set of $\eta$-bit prime numbers is selected. . is bit length of the ciphertext. Setting parameter is used to reduce ciphertext expansion, and it should meet condition for each value of :where and . Obviously, is the bit length of the random error. We output the public key and secret key .

Enc (,): The output is :where . Similarly, and for . where is a random subset of . Dec (, ): the output is where Add (, ,..., ): the output is Mul (,,...,): the output is

First, the plaintext space of the structure can be limited to if is met. Furthermore, the structure mentioned above is no different from DGHV10 [23] if . Second, also limits the expansion of the ciphertext and plays a role in reducing the bit length of the ciphertext. Finally, the public key can be understood as a set of 0 ciphertexts, with elements in total. We pick a random number of to sum and append it to the ciphertext. after two modulo operations in the decryption process is 0, and the next part of the proof may ignore this part.

3.3. Additive Homomorphism

In this section, we demonstrate the homomorphism and correctness of our construction in this paper. We denote by . Assuming that is plaintext, there are some random numbers c whose bit length is . According to Theorem 1, also exists and meets the requirements:

Part of the encryption process can be expressed by the following equation:

Putting equation (20) into the encryption process can get

We decrypt the ciphertext to get

We can get , which prove that construction can correctly encrypt and decrypt data.

Theorem 1. We can get from , and we can also represent in for .

Proof. When c, can be written as . We can get , and we can get our conclusions by promotion.
Verifying homomorphism requires us to assume ciphertexts and , derived from the encryption of and sequentially. The two ciphertexts have components on each:We set to be the sum of ciphertexts of and :where and .
We bring into the decryption process:We continue to decrypt :We expand the CRTF to getAccording to Theorem 2, or can be obtained. In the plaintext domain , there is a relationship of . In the end, we can get .

Theorem 2. We can get or if , , and are a positive real number, and the set has the following conditions:

Proof. where .
The final answer of equation (28) is or :So we can get equation (30), and the scheme in this paper is satisfied with homomorphism.

3.4. Security

In this section, discussing the security of the construction is the main content. The definition of the approximate GCD problem will also appear. The security of the construction in this paper is equivalent to the security proof of DGHV15 [27].

They all depend on a decisional version of the approximate GCD problem. In DGHV10 [23], the approximate GCD problem is also taken as a security guarantee.

Definition 1. (approximate GCD problem, AGCD). For -bit prime , we give some samples from and find .

Definition 2. (partial approximate GCD problem, ACD). For -bit prime , we give a -bit integer and some samples from and find .The security of our scheme is based on a modified decisional ACD assumption. It [29] is shown that this assumption is equivalent to the ACD assumption. In order to resist the existing attacks, the parameters also need to have a certain range and equation. According to DGHV15 [27], we have the following: : to resist Cohn and Heninger’s attack [30] and the attack using the Lagarias algorithm [31] on the approximate GCD problem : to resist the factoring attack using the elliptic curve method [32] and to permit enough multiplicative depth : to be secure against Chen–Nguyen’s attack [26] and Howgrave–Graham’sIn addition, we choose , , , and , which is similar to DGHV10 [23] and DGHV15 [27].
Then, we introduce another decisional version of the ACD problem.

Definition 3. (decisional partial approximate GCD problem, DACD). For -bit prime , we give a -bit integer and some samples from and determine from , where and .DACD says that, for given distribution and some integer , it is hard to determine whether is chosen from or not. Our scheme is semantically secure based on the DACD assumption. The DACD problem is hard for any polynomial time distinguisher. We define several definitions below in order to build a bridge between our scheme and DACD assumption.

Definition 4. (decisional partial approximate problem, ). For -bit prime and an -bit integer , we give a -bit integer with and some samples from and determine from , where and .

Definition 5. (-decisional partial approximate problem, ). For -bit distinct prime and -bit integers , we give a -bit integer with for and some samples from and determine from , where and .We say that the DACD assumption holds if no polynomial time distinguisher can solve the DACD problem with non-negligible advantage. The k- assumption is defined similarly.
Due to three steps, our homomorphic encryption scheme is semantically secure under the DACD assumption: Step 1: DACD (c) Step 2: k- (Lemma 2) Step 3: k- our construction

Lemma 1 (see [27]). The DACD problem is reducible to the problem.

Lemma 2 (see [27]). The problem is reducible to the k- problem with the advantage of the latter k times that of the former on average.

In order to complete the semantic security proof of the scheme, we also need to quote the two lemmas of DGHV15 [27].

Lemma 3 (see [27]). We suppose that there is an attack algorithm . The distribution of the pseudopublic key generated by it is indistinguishable from the standard public key generated by the scheme in Section 3.2.

Lemma 4 (see [27]). We suppose that there is an attack algorithm , and the ciphertext generated by it is correct for the encryption process of the scheme in Section 3.2.

Now, we prove the semantic security of our scheme.

Theorem 3. The cryptosystem given in Section 3 is semantically secure if the k- assumption holds.

Proof. We suppose that a polynomial time algorithm breaks the semantic security of the scheme with nonnegligible advantage. There must be a polynomial time algorithm that solves the k- problem with nonnegligible advantage. For -bit distinct prime and -bit integers , the input of is , where is a -bit integer. The algorithm do as follows:(1) gives to as the public key.(2) chooses and sends it to .(3) computes for randomly chosen , where is a random subset of , and gives to .(4) outputs .(5)If , then outputs 0. Otherwise, it outputs 1.The public key given to is correctly formed and distributed. We see that is uniform in when is randomly chosen in . Hence, in this case, the advantage of is zero since does not reveal any information of and ’s probability of correct guessing is exactly 1/2. Thus, in this case, the probability of correct answer for is at most negligibly different from that of . This shows that the advantage of is nonnegligible, violating the k- assumption. Therefore, there is not a polynomial time algorithm that could break the semantic security of our scheme with nonnegligible advantage. The cryptosystem given in Section 3 is semantically secure.

3.5. Efficiency Comparative Analysis

There are elements in , and the value of affects the operating efficiency of the encryption/decryption algorithm. The data in the table show the time of encrypting and decrypting 1-bit plaintext 10,000 times when takes a typical value. The processor of the test equipment is Intel(R) Core(TM) i5-8250U @1.60 GHz.

From the data in Table 1, it can be seen that when the number of elements in the key is small, it has high efficiency. We can also use efficiency as the numerical value, which can more intuitively observe the influence of the value on the encryption and decryption processes (see Figure 2). We compare the schemes in this paper with others for some theoretical complexity because it has many similarities with DGHV10 [23] and its derivative works [33, 34] (see Table 2).

We will show that the CKKS [35] in the SEAL library written by Microsoft to encrypt and decrypt one-bit plaintext 1,000 times. The result of running the CKKS [35] is as follows: the encryption operation takes 0.809 s, and the decryption operation takes 0.131 s. It is not comparable with the data in Table 1. The primary reason is that CKKS [35] is an FHE scheme, which uses more extensive parameters for subsequent homomorphic operations and noise control. However, by observing data, there are apparent advantages in our scheme within a specific parameter range under similar or consistent application scenarios, especially when the fractional domain homomorphic encryption scheme is not mature.

4. Conclusion

Most of the existing homomorphism encryption schemes are over integers. This paper proposes and implements a homomorphic encryption scheme over fractions. Compared with the homomorphic scheme over the integer field, this homomorphic encryption scheme on the fraction field has a broader range of applications and more practical application scenarios, such as banking and interest rate calculation. Similarly, the homomorphic scheme over the fraction also provides a theoretical basis and feasibility for the emergence of new operating modes for cloud computing or federated machine learning application scenarios. Furthermore, it will be of progressive significance if an FHE scheme can be constructed based on CRT that can perform any form of operation on the ciphertext in the fractional domain like CKKS [36]. However, this paper does not make a detailed analysis of the noise problem or the possibility of transforming into an FHE scheme. The main content of the next step is to conduct a detailed analysis of the noise control problem, and at the same time, try to combine “bootstrapping” to transform it into an FHE scheme in the fractional domain and improve the operational efficiency of the program.

Data Availability

One part of data is from the SEAL (it was developed by Microsoft). The remaining parts of the experimental data about efficiency data used to support the findings of this study have not been made available because they will be used for the experiment and discussion of the next article.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

This work was supported by the National Natural Science Foundation of China (61370188), the Beijing Municipal Education Commission Scientific Research Project (KM202010015009, KM202110015004), the Beijing Institute of Graphic Communication Doctoral Funding Project (27170120003/020 and 27170122006), the BIGC Project (Ec202201), the Beijing Institute of Graphic Communication Research Innovation Team Project (Eb202101), the Intramural Discipline Construction Project of Beijing Institute of Graphic Communication (21090121021), and the Key Educational Reform Project of Beijing Institute of Graphic Communication (22150121033/009).

References

R. L. Rivest, L. Adleman, and M. L. Dertouzos, “On data banks and privacy homomorphisms,” in Proceedings of the 17th IEEE Annual Symposium on Foundations of Computer Science, pp. 169–177, Academe Press, New York, NY, USA, 1978.
View at: Google Scholar
C. Gentry, “Computing arbitrary functions of encrypted data,” Communications of the ACM, vol. 53, no. 3, pp. 97–105, 2010.
View at: Google Scholar
R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Communications of the ACM, vol. 21, no. 2, pp. 120–126, 1978.
View at: Publisher Site | Google Scholar
S. Goldwasser and S. Micali, “Probabilistic encryption,” Journal of Computer and System Sciences, vol. 28, no. 2, pp. 270–299, 1984.
View at: Publisher Site | Google Scholar
J. D. Cohen and M. J. Fischer, “A robust and verifiable cryptographically secure election scheme,” Yale University, New Haven, CT, USA, 1985, Department of Computer Science.
View at: Google Scholar
T. ElGamal, “A public key cryptosystem and a signature scheme based on discrete logarithms,” IEEE Transactions on Information Theory, vol. 31, no. 4, pp. 469–472, 1985.
View at: Publisher Site | Google Scholar
M. Ajtai and C. Dwork, “A public-key cryptosystem with worst-case/average-case equivalence,” in Proceedings of the twenty-ninth annual ACM symposium on Theory of computing, pp. 284–293, Rochester, NY, USA, 1997.
View at: Google Scholar
T. Okamoto and S. Uchiyama, “A new public-key cryptosystem as secure as factoring,” International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Berlin, Heidelberg, 1998.
View at: Google Scholar
D. Naccache and J. Stern, “A new public key cryptosystem based on higher residues,” in Proceedings of the 5th ACM Conference on Computer and Communications Security, pp. 59–66, Rochester, NY, USA, 1998.
View at: Google Scholar
T. Sander, A. Young, and M. Yung, “Non-interactive cryptocomputing for nc/sup 1,” in Proceedings of the 40th Annual Symposium on Foundations of Computer Science (Cat. No. 99CB37039), pp. 554–566, IEEE, New York, NY, USA, October 1999.
View at: Google Scholar
D. Boneh, E. J. Goh, and K. Nissim, “Evaluating 2-DNF formulas on ciphertexts,” Theory of Cryptography Conference, Springer, Berlin, Heidelberg, 2005.
View at: Google Scholar
Y. Ishai and A. Paskin, “Evaluating branching programs on encrypted data,” Theory of Cryptography Conference, Springer, Berlin, Heidelberg, 2007.
View at: Google Scholar
C. Gentry, S. Halevi, and V. Vaikuntanathan, “A simple BGN-type cryptosystem from LWE,” Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Berlin, Heidelberg, 2010.
View at: Google Scholar
C. A. Melchor, P. Gaborit, and J. Herranz, “Additively homomorphic encryption with d-operand multiplications,” Annual Cryptology Conference, Springer, Berlin, Heidelberg, 2010.
View at: Google Scholar
C. Gentry, “Fully homomorphic encryption using ideal lattices,” in Proceedings of the 41st Annual ACM Symposium on Theory of Computing, pp. 169–178, ACM Press, Rochester, NY, USA, 2009.
View at: Google Scholar
C. Gentry, A Fully Homomorphic Encryption scheme, Stanford University, Stanford, CA, USA, 2009.
M. Yagisawa, “Fully homomorphic encryption without bootstrapping,” IACR Cryptol. EPrint Arch., vol. 2015, p. 474, 2015.
View at: Google Scholar
M. Van Dijk, C. Gentry, and S. Halevi, “Fully homomorphic encryption over the integers,” Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Berlin, Heidelberg, 2010.
View at: Google Scholar
O. Regev, “On lattices, learning with errors, random linear codes, and cryptography,” Journal of the ACM, vol. 56, no. 6, pp. 1–40, 2009.
View at: Publisher Site | Google Scholar
C. Gentry, A. Sahai, and B. Waters, “Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based,” Annual Cryptology Conference, Springer, Berlin, Heidelberg, 2013.
View at: Google Scholar
E. F. Brickell and Y. Yacobi, “On privacy homomorphisms,” Workshop on the Theory and Application of of Cryptographic Techniques, Springer, Berlin, Heidelberg, 1987.
View at: Google Scholar
J. H. Cheon, J. Kim, M. S. Lee, and A. Yun, “CRT-based fully homomorphic encryption over the integers,” Information Sciences, vol. 310, pp. 149–162, 2015.
View at: Publisher Site | Google Scholar
W. Wang and X. G. Xia, “A closed-form robust Chinese remainder theorem and its performance analysis,” IEEE Transactions on Signal Processing, vol. 58, no. 11, pp. 5655–5666, 2010.
View at: Publisher Site | Google Scholar
K. Meng, F. Miao, Y. Xiong, and C. C. Chang, “A reversible extended secret image sharing scheme based on Chinese remainder theorem,” Signal Processing: Image Communication, vol. 95, Article ID 116221, 2021.
View at: Publisher Site | Google Scholar
X. Yan, Y. Lu, L. Liu, J. Liu, and G. Yang, “Chinese remainder theorem-based two-in-one image secret sharing with three decoding options,” Digital Signal Processing, vol. 82, pp. 80–90, 2018.
View at: Publisher Site | Google Scholar
Y. Chen and P. Q. Nguyen, “Faster algorithms for approximate common divisors: breaking fully-homomorphic-encryption challenges over the integers,” Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Berlin, Heidelberg, 2012.
View at: Google Scholar
D. Pei, A. Salomaa, and C. Ding, Chinese Remainder Theorem: Applications in Computing, Coding, Cryptography, World Scientific, Singapore, 1996.
S. Kangsheng, “Historical development of the Chinese remainder theorem,” Archive for History of Exact Sciences, Universiti Putro Malaysia, Selongor, Malaysia, 1988.
View at: Google Scholar
J. S. Coron, T. Lepoint, and M. Tibouchi, “Scale-invariant fully homomorphic encryption over the integers,” International Workshop on Public Key Cryptography, Springer, Berlin, Heidelberg, 2014.
View at: Google Scholar
H. Cohn and N. Heninger, “Approximate common divisors via lattices,” The Open Book Series, vol. 1, no. 1, pp. 271–293, 2013.
View at: Publisher Site | Google Scholar
J. C. Lagarias, “The computational complexity of simultaneous diophantine approximation problems,” SIAM Journal on Computing, vol. 14, no. 1, pp. 196–209, 1985.
View at: Publisher Site | Google Scholar
H. W. Lenstra, “Factoring integers with elliptic curves,” Annals of Mathematics, vol. 126, no. 3, pp. 649–673, 1987.
View at: Publisher Site | Google Scholar
J. S. Coron, A. Mandal, D. Naccache, and T. Mehdi, “Fully homomorphic encryption over the integers with shorter public keys,” Annual Cryptology Conference, Springer, Berlin, Heidelberg, 2011.
View at: Google Scholar
J. H. Cheon, J. S. Coron, J. Kim et al., “Batch fully homomorphic encryption over the integers,” Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Berlin, Heidelberg, 2013.
View at: Google Scholar
J. H. Cheon, A. Kim, M. Kim et al., “Homomorphic encryption for arithmetic of approximate numbers,” International Conference on the Theory and Application of Cryptology and Information Security, Springer, Cham, 2017.
View at: Google Scholar
N. Howgrave-Graham, “Approximate integer common divisors,” International Cryptography and Lattices Conference, Springer, Berlin, Heidelberg, 2001.
View at: Google Scholar

Copyright

Copyright © 2023 De Zhao et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

292

Downloads

223

Citations