Bootstrappable identity-based fully homomorphic encryption

Abstract

It has been an open problem for a number of years to construct an identity-based fully homomorphic encryption (IBFHE) scheme (first mentioned by Naccache at CHES/CRYPTO 2010). At CRYPTO 2013, Gentry, Sahai and Waters largely settled the problem by presenting leveled IBFHE constructions based on the Learning With Errors problem. However their constructions are not bootstrappable, and as a result, are not “pure” IBFHE schemes. The major challenge with bootstrapping in the identity-based setting is that it must be possible to non-interactively derive from the public parameters an “encryption” of the secret key for an arbitrary identity. All presently-known leveled IBFHE schemes only allow bootstrapping if such an “encryption” of the secret key is supplied out-of-band. In this work, we present a “pure” IBFHE scheme from indistinguishability obfuscation, and extend the result to the attribute-based setting. Our attribute-based scheme is the first to support homomorphic evaluation on ciphertexts with different attributes. Finally, we characterize presently-known leveled IBFHE schemes with a view to developing a “compiler” from a leveled IBFHE scheme to a bootstrappable IBFHE scheme, and sufficient conditions are identified.