The AES-128 decryption circuit for transciphering in TFHE: A Performance Evaluation
M. Tanis (TU Delft - Electrical Engineering, Mathematics and Computer Science)
Z. Erkin – Mentor (TU Delft - Electrical Engineering, Mathematics and Computer Science)
R. Ras – Mentor (TU Delft - Electrical Engineering, Mathematics and Computer Science)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
Financial institutions need to outsource fraud detection without exposing highly sensitive and private client data. Homomorphic Encryption (HE) enables computations to be performed on encrypted data without revealing the plaintext data. However, one downside is the massive ciphertext expansion. Due to this expansion ratio, it is impractical for clients who do not have the resources to send over the huge amounts of data. Transciphering is a solution to this by combining symmetric encryption with Fully Homomorphic Encryption (FHE). This paper implements and evaluates an AES- 128 decryption circuit in TFHE-rs across varying dataset sizes within a transciphering protocol. The implementation for this paper uses a Boolean circuit, provided by Smart [1], to homomorphically evaluate the AES-128 decryption circuit, which results in an initialization phase of approximately 72 seconds regardless of the dataset size. The per-bit latency decreases from 916 ms/bit for a dataset of S = 10 (48 data bits) to 371 ms/bit for S = 500 (6468 data bits). In addition, AES-128 is compared to Kreyvium. For datasets of S = 500, Kreyvium reduces total evaluation time by a factor of 2.22 compared to AES-128, making it the more efficient choice. While current latency is too high for real-time usage, this provides a baseline for future AES transciphering optimization.