Multiparty Homomorphic Encryption: from Theory to Practice

Multiparty homomorphic encryption (MHE) enables a group of parties to encrypt data in a way that (i) enables the evaluation of functions directly over its ciphertexts and (ii) enforces a joint cryptographic access-control over the underlying data.By extending traditional (single-party) homomorphic encryption (HE), MHE schemes support the design and deployment of highly efficient protocols for secure multiparty computation (MPC).MPC protocols based on MHE have highly desirable properties: They generally require less communication than traditional MPC techniques and have a fully public transcript.Hence, most of their execution-related costs can be outsourced to an untrusted external party (such as a cloud server).Although promising in theory, MHE-based MPC solutions have not yet been implemented in any of the 30+ existing MPC frameworks, thus revealing a gap between theory and practice. This dissertation summarizes our work toward closing this gap, by proposing contributions to both sides.On the theoretical side, we propose two MHE constructions that extend the new generation of HE schemes to the multiparty setting.Our first construction is an N-out-of-N-threshold MHE scheme that revisits the seminal lattice-based MHE construction by Asharov et al. (EUROCRYPT'12).Notably, we improve the efficiency of its setup phase, and we generalize its decryption procedure into a generalized key-switching operation that further enables re-encryption, conversion to secret-shares, and the interactive bootstrapping of its ciphertexts.Our second construction extends the first with fault-tolerance capabilities.This extension provides a T-out-of-N-threshold MHE scheme that stands as a compact and efficient alternative to the threshold scheme of Boneh et al. (CRYPTO`18), when synchronous communication can be assumed.On the practical side, we propose the Lattigo library and the Helium system.Lattigo is an open-source Go package that implements the state-of-the-art HE schemes, along with their multiparty extensions.It is also the first maintained library to implement the bootstrapping procedure for approximate homomorphic encryption.Helium builds on top of Lattigo and provides the first end-to-end open-source implementation of an MHE-based MPC protocol.We exploit the theoretical properties of this protocol to propose a helper-assisted setting, where the parties delegate most of the protocol execution cost to an honest-but-curious third party (e.g., a cloud service).As a result, Helium is also the first open-source system to support MPC with sub-linear cost for the parties, without assuming non-collusion between the multiple delegate nodes.