Message Expansion of Homomorphic Encryption Using Product Pairing

  • Eom, Soo Kyung (Department of Mathematics, Ewha Womans University) ;
  • Lee, Hyang-Sook (Department of Mathematics, Ewha Womans University) ;
  • Lim, Seongan (Institute of Mathematical Sciences, Ewha Womans University)
  • Received : 2015.07.08
  • Accepted : 2015.09.25
  • Published : 2016.02.01


The Boneh, Goh, and Nissim (BGN) cryptosytem is the first homomorphic encryption scheme that allows additions and multiplications of plaintexts on encrypted data. BGN-type cryptosystems permit very small plaintext sizes. The best-known approach for the expansion of a message size by t times is one that requires t implementations of an initial scheme; however, such an approach becomes impractical when t is large. In this paper, we present a method of message expansion of BGN-type homomorphic encryption using composite product pairing, which is practical for relatively large t. In addition, we prove that the indistinguishability under chosen plaintext attack security of our construction relies on the decisional Diffie-Hellman assumption for all subgroups of prime order of the underlying composite pairing group.


Supported by : Ministry of Education of Korea


  1. D. Boneh, E.-J. Goh, and K. Nissim, "Evaluating 2-DNF Formulas on Ciphertexts," Theory of Cryptography-TCC 2005, Springer Verlag, LNCS 3378, 2005, pp. 325-341.
  2. J. Tibor and S. Jorg, "On the Analysis of Cryptographic Assumptions in the Generic Ring Model," J. Cryptology, vol. 26, no. 2, Apr. 2013, pp. 225-245.
  3. Fact Sheet Suite B Cryptography, NSA. Accessed June 1, 2015.
  4. Algorithms for Qualified Electronic Signatures, BNetzA, BSI, Feb. 2013, updated with BSI Draft, Oct. 2013.
  5. D. Freeman, "Converting Pairing-Based Cryptosystems from Composite-Order Groups to Prime-Order Groups," Proc. Int. Conf. Theory Appl. Cryptographic Techn., 2010, pp. 44-61.
  6. A. Guillevix, "Comparing the Pairing Efficiency over Composite Order and Prime Order Elliptic Curves," Appl. Cryptography Netw. Security, Springer LNCS, vol. 7954, 2013, pp. 357-372.
  7. H.-S. Lee and S. Lim, "A Depth Specific Description of Somewhat Homomorphic Encryption and its Applications," Appl. Math. Inf. Sci., vol. 9, no. 3, 2015, pp. 1345-1353.
  8. D. Boneh, K. Rubin, and A. Silverberg, "Finding Composite Order Ordinary Elliptic Curves Using the Cocks-Pinch Method," J. Number Theory, vol. 131, 2011, pp. 832-841.
  9. S. Pohlig and M. Hellman, "An Improved Algorithm for Computing Logarithms over GF(P) and its Cryptographic Significance," IEEE Trans. Inf. Theory, vol. 24, no. 1, Jan. 1978, pp. 106-110.
  10. N. Koblitz, "A Security in Composite-Order Pairing-Based Protocols with Embedding Degree K>2," Cryptology ePrint Archive Report 2010, p. 227.
  11. X. Zhang and D. Lin, "Efficient Pairing Computation on Ordinary Elliptic Curve of Embedding Degree 1 and 2," Cryptography Coding, LNCS, vol. 7089, 2011, pp. 309-326.
  12. M. Scott, "Computing the Tate Pairing," Topic Cryptography, LNCS, vol. 3376, 2005, pp. 293-304.