Cryptography is at the heart of protecting sensitive data, and understanding how secure different encryption methods are is essential. In most traditional encryption systems, like AES or RSA, security is determined by the size of the keys used to encrypt and decrypt data. The larger the key, the more secure the system is considered to be. However, when we look at more advanced cryptographic techniques, such as fully homomorphic encryption, the concept of security becomes more complex. Homomorphic encryption allows us to perform calculations on encrypted data without decrypting it, which is useful in various privacy-preserving applications. But unlike traditional encryption, calculating the security level in homomorphic encryption, especially fully homomorphic encryption (FHE), isn’t as straightforward. In this post, we’ll explore how security levels are determined for FHE and compare it to other well-known cryptosystems like AES, RSA, and ECC. We’ll also dive into how tools like TenSEAL calculate security levels and what factors influence the strength of FHE. By the end of this post, you’ll have a clearer understanding of how security works in the context of homomorphic encryption and why it’s a powerful tool for privacy in modern cryptography.
Symmetric Key Algorithms
The security of these algorithms depends on the size of the key. Popular symmetric encryption algorithms include AES (Advanced Encryption Standard), DES (Data Encryption Standard), and 3DES (Triple DES). AES is the most widely used today, offering key sizes of 128, 192, or 256 bits. The security level of symmetric encryption is directly tied to the key length — the longer the key, the stronger the encryption. For example, even 128-bit AES is considered highly secure and is expected to remain safe well beyond 2030. While DES and 3DES are now outdated due to smaller key sizes, AES remains robust and efficient for most use cases.
🙋♂️ You may consider to enroll my top-rated cryptography course on Udemy
Public Key Cryptography Algorithms
Public key encryption generally requires larger keys than symmetric key encryption to maintain a high level of security.
RSA is one of the most widely used public key algorithms. It relies on the mathematical difficulty of factoring large numbers to provide security. RSA key sizes typically range from 1024 bits to 4096 bits. For example, a 1024-bit RSA key provides a similar level of security to an 80-bit AES key, while a 2048-bit RSA key is equivalent to a 112-bit AES key. Despite its widespread use, RSA encryption is computationally slower than symmetric encryption like AES, making it less efficient for encrypting large amounts of data.
An alternative to RSA is Elliptic Curve Cryptography (ECC), which offers the same level of security as RSA but with smaller key sizes. For instance, an 80-bit symmetric key is equivalent to a 160-bit ECC key, making ECC much more efficient in terms of key size and computational power required. As a result, ECC is becoming the preferred choice for many modern cryptographic systems due to its efficiency and strong security.
While RSA, ECC, and other public key algorithms like ElGamal and Paillier provide strong encryption, they are partially homomorphic. This means they allow certain types of calculations to be performed on encrypted data, but not as complex as those possible with fully homomorphic encryption, which can compute on any data without decryption.
Fully Homomorphic Encryption
Fully Homomorphic Encryption (FHE) is an advanced encryption scheme that allows computations to be performed directly on encrypted data without needing to decrypt it first. This makes FHE an attractive choice for privacy-preserving applications, where data privacy is paramount. However, determining the security level of FHE is more complex than in traditional encryption systems.
According to the SEAL manual, the security level of an FHE scheme is influenced by two key factors: the polynomial modulus degree and the bit sizes of the modulus for the coefficients. The polynomial modulus degree refers to the degree of the polynomial used in the encryption scheme. A larger polynomial modulus degree generally provides a higher security level, as it increases the difficulty of breaking the encryption. Therefore, increasing this degree makes the encryption more secure but also adds more computational complexity.
Secondly, the bit sizes of the modulus for the coefficients also play a significant role in determining security. Smaller bit sizes are generally better for security because they make the encryption more resistant to certain types of attacks. However, smaller bit sizes may also affect the performance of the scheme.
Experiments
The provided snippet initializes a Fully Homomorphic Encryption (FHE) context using the CKKS scheme, which is designed for approximate arithmetic on encrypted data. Let’s break it down step by step:
context = ts.context(
ts.SCHEME_TYPE.CKKS,
poly_modulus_degree = 8192,
coeff_mod_bit_sizes = [60, 40, 40, 60]
)
context.generate_galois_keys()
context.global_scale = 2**40
- poly_modulus_degree = 8192: This defines the degree of the polynomial modulus used in the encryption scheme. In this case, the polynomial modulus degree is set to 8192. A larger polynomial modulus degree generally enhances the security of the encryption but also increases the computational complexity.
- coeff_mod_bit_sizes = [60, 40, 40, 60]: This array specifies the bit sizes for the modulus used for each coefficient. The sum of the bit sizes (denoted as q) is the total bit size for the modulus. In this case, the sum is 200 bits. It’s important to note that in FHE, smaller q values result in stronger encryption. Therefore, reducing the bit sizes of the modulus coefficients can make the cryptosystem more secure.
The total bit size for the modulus coefficients (q) is 200 bits. As the value of q decreases, the encryption becomes stronger since the cryptosystem becomes more resistant to certain types of attacks. In this case, q = 200 provides a security level slightly better than 128-bit encryption.
When n = 8192 and q = 218, the cryptosystem offers 128-bit security. By choosing n = 8192 and q = 200, the cryptosystem offers a slightly higher level of security than the baseline 128-bit security typically associated with RSA and AES algorithms.
The configuration in this example — where the first and last items of coeff_mod_bit_sizes are both 60 bits — is important because, in FHE, the first and last bit sizes should always be the same. The middle items (40 bits each in this case) should also be uniform for optimal performance.
context = ts.context(
ts.SCHEME_TYPE.CKKS,
poly_modulus_degree = 16384,
coeff_mod_bit_sizes = [31, 60, 60, 60, 60, 60, 60, 31]
)
context.generate_galois_keys()
context.global_scale = 2**60
This code snippet sets up a CKKS encryption context with a polynomial modulus degree of 16384 and modulus bit sizes of [31, 60, 60, 60, 60, 60, 60, 31], giving a total of 422 bits. According to FHE security standards, a modulus bit size sum of 438 offers 128-bit security, so with 422 bits, this setup provides slightly better security and performance than a typical 128-bit system.
While this configuration offers the same 128-bit security as the first snippet, this will perform slower. This is because the larger polynomial modulus degree increases the complexity of computations, despite providing the same level of security.
Conclusion
In this post, we’ve explored the security levels of different encryption schemes, from symmetric key algorithms like AES to public key cryptography such as RSA and ECC. We also delved into the complexities of fully homomorphic encryption (FHE), highlighting how its security is determined by factors like polynomial modulus degree and the bit sizes of the modulus for the coefficients. By understanding these factors and carefully configuring them, we can ensure a secure and efficient cryptosystem. As FHE continues to evolve, it offers a promising solution for performing computations on encrypted data while maintaining privacy, making it an essential tool in the field of privacy-preserving cryptography.
Support this blog if you do like!
