Zvika Brakerski, Advisor to dWallet Labs

Offir Friedman, dWallet Labs

Daniel Golan, dWallet Labs

Alon Gurni, dWallet Labs

Dolev Mutzari, dWallet Labs

Ohad Sheinfeld, dWallet Labs

Abstract

We present a fully homomorphic encryption scheme which natively supports arithmetic and logical operations over large “machine words”, namely plaintexts of the form ℤ₂ⁿ (e.g. n = 64). Our scheme builds on the well-known BGV framework, but deviates in the selection of number field and in the encoding of messages. This allows us to support large message spaces with only modest effect on the noise growth.

Arithmetic operations (modulo 2ⁿ) are supported natively similarly to BGV-style FHE schemes, and we present an efficient bootstrapping procedure for our scheme. Our bootstrapping algorithm has the feature that along the way it decomposes our machine word into bits, so that during bootstrapping it is possible to perform logical operations (essentially addressing each bit in the message independently). This means that during a single bootstrapping cycle we can perform logical operations on n bits. For example, a “greater than” operation (if x > y output 1, otherwise 0), only requires a single subtraction and a single bootstrapping cycle.

Along the way we present a number of new tools and techniques, such as a generalization of the BGV modulus switching to a setting where the plaintext and ciphertext moduli are ideals (and not numbers).