"全同態加密法"(Fully Homomorphic Encryption (FHE))一詞的介紹以及架構源於西元2009年由Gentry所提出。它讓加密後的密文執行特定的運算再將其解密即可得出該對應的明文運算結果，除此之外，全同態與同態最大的不同是它允許兩種或是多種以上的運算元進行資料運算，期間必須可以處理大量的資料並且保護其資料隱私性使其無洩漏之虞。也因為上述特點使得它可被廣泛使用在許多資料庫或是資料儲存上的應用，像是ASP、雲端運算或是雙方相等性驗證上，然而在Gentry的全同態加密中，它需要大量的空間來儲存所需要的公鑰，因此在實作上仍有一定的難度。為了解決上述問題，本文提供了一種新的改良方案使其更有效率來達到全同態加密的實作性，除此之外，我們也會在文章中提出安全性分析來證明本改良方案並不會對安全性造成影響，並且提出系統效能測試，說明本方案除了可減少公鑰儲存空間之外，在時間上，更可降低公鑰生成以及系統加密的時間，讓其全同態運算更具效率。

C. Gentry in 2009 proposed the first practical scheme which can compute arbitrary functions of encrypted data. This scheme is named “Fully Homomorphic Encryption (FHE)”. FHE allows a worker without the secret decryption key to compute any result of the data on one hand and still keep the data privacy on the other hand. It can be widely used in data storage application or database application, such as ASP, cloud computing and two-party equality testing. However, one drawback of Gentry’s fully homomorphic encryption scheme is that the size of public keys used in this system is extremely large. This means that a lot of space is required in order to store those public keys. This problem causes Gentry’s FHE hard to be implemented. In this thesis, we address the problem above, and give an improvement encryption scheme. Our improvement scheme needs less space to store the public keys which also makes the new scheme more efficient than Gentry’s original scheme. We also give a rigorous security proof to show that our improvement scheme is as secure as Gentry’s original scheme. A system performance test is also provided which shows that our scheme can not only reduce the numbers of public keys, but also reduce the time for public key generation and for encryption. Therefore, our improvement scheme can make fully homomorphic encryption more practical.

[1]B.Applebaum, D.Cash, C.Peikert, and A.Sahai. Fast cryptographic primitives and circular-secure encryption based on hard learning problems. In CRYPTO2009, vol.5677 of LNCS, pp 595–618. Springer,2009.
[2]D.Boneh, E-J.Goh, and K.Nissim. Evaluating 2-DNF formulas on ciphertexts. In CRYPTO 2005, vol. 3378 of LNCS, pp 325–342, Springer,2005.
[3]D.Boneh, G. D Crescenzo,R.Ostrovsky, G.Persiano: Public key encryption with keyword search. In EUROCRYPT 2004., vol. 3027 of LNCS,pp. 506–522.Springer,2004.
[4]E. Biham, A.Shamir: Differential cryptanalysis of DES-like cryptosystems.In CRYPTO1990 : vol.4 of LNCS, pp. 2-21. Springer,1991.
[5]Z.Brakerski and V.Vaikuntanathan. Fully homomorphic encryption from ring-LWE and security for key dependent messages. In CRYPTO 2011, vol. 5677of LNCS,pp 505-524.Springer 2011.
[6]J.Coron, A.Mandal, D.Naccache, and M.Tibouchi. Fully-homomorphic encryption over the integers with shorter public-keys. In CRYPTO 2011, vol.6841 of LNCS, pp. 487-504. Springer,2011
[7]N.Courtois, J.Pieprzyk, Cryptanalysis of block ciphers with overdefined systems of equations. In ASIACRYPT 2002,vol. 2501of LNCS, pp267–287.Springer 2002.
[8]S.Ciou and R.Tso A privacy preserved two-party equality testing protocol,In ICGEC 2011,pp.220-223,2011.
[9]T.ElGamal.A Public key cryptosystem and a signature scheme based on discrete logarithm. In IEEEE Trans.Inform.Theory,vol.31,pp469-472,1985.
[10]M.van Dijk, C.Gentry, S.Halevi, and V.Vaikuntanathan. Fully homomorphic encryption over the integers. In EUROCRYPT’10, vol.6110 of LNCS, pp.24–43. Springer 2010.
[11]C.Gentry. A fully homomorphic encryption scheme. PhD thesis, Stanford University, 2009.crypto.stanford.edu/craig. available at: https://docs.google.com/viewer?url=http%3A%2F%2Fcrypto.stanford.edu%2Fcraig%2Fcraig-thesis.pdf
[12]C.Gentry. Fully homomorphic encryption using ideal lattices. In STOC’09, pp 169–178. ACM, 2009.
[13]C.Gentry and S.Halevi. Implementing gentry’s fully-homomorphic encryption scheme. In EUROCRYPT, vol.6632 of LNCS, pp 129–148. Springer, 2011.
[14]S.Goldwasser and S.Micali. Probabilistic encryption & how to play mental poker keeping secret all partial information.In STOC’82,pp365-377.ACM1982.
[15]Y.Ishai and A.Paskin. Evaluating branching programs on encrypted data. In TCC, vol.4392 of LNCS, pp 575–594. Springer, 2007.
[16]V.Lyubashevsky, C.Peikert, and O.Regev. On ideal lattices and learning with errors over rings. In EUROCRYPT, vol.6110 of LNCS, pp 1–23.Springer,2010.
[17]C.A.Melchor, P.Gaborit, and J.Herranz. Additively homomorphic encryption with -operand multiplications. In CRYPTO, vol.6223 of LNCS, pp 138–154. Springer, 2010.
[18]C.Peikert. Public-key cryptosystems from the worst-case shortest vector problem: extended abstract. In STOC’09, pp 333–342. ACM, 2009.
[19]P.Paillier. Public-key cryptosystem based on composite degree residuocity classes.In EUROCRYPT1999.vol.1592 of LNCS,pp223-238. Springer,1999.
[20]O.Regev. On lattices, learning with errors, random linear codes, and cryptography. In STOC’05, pp 84–93. ACM, 2005.
[21]O.Regev. The learning with errors problem. In IEEE Conference on Computational Complexity, pp 191–204. IEEE Computer Society, 2010.
[22]R.Rivest,A.Shamir and L.Adleman.A method for obtaining digital signatures and public-key cryptosystem.In Commun’77,vol.21,pp120-126.ACM1977.
[23]Y.Tsiounis and M.Yung. On the security of ElGamal based encryption. In Public Key Cryptography 1998.vol.1431 of LNCS.pp117-134. Springer,1998.
[24]B.Waters: Efficient identity-based encryption without random oracles. In EUROCRYPT 2005. vol. 3494 of LNCS, pp. 114–127. Springer,2005.
[25]吳承鋒、陳漢光、左瑞麟 利用ElGamal加密的雙方相等性驗證協議 全國計算機會議,pp183-191,2011.