In the field of data processing and analytics, clients such as different companies, enterprises, organizations and authorities have a need for hardware and software resources in order to perform various data processing operations, e.g. when various recorded information relating to users is analyzed in order to extract knowledge and statistics therefrom. The processing involved in such data analytics may be quite complex and computationally intensive requiring considerable capacity for executing the processing of data.
Traditionally, the clients themselves may own and maintain all the resources they need for data processing which can be quite costly and time-consuming, though. For example, considerable knowledge and skills are typically required first to find out what type of resources is needed, and then to acquire and install those resources. The client thus often needs to employ skilled staff and/or hire consultants to enable efficient deployment of resources. Furthermore, as the technique is developing and progressing rapidly in the field of computers and software, purchased or hired resources tend to become out-of-date very quickly and must frequently be replaced by new resources with better functionality, which is naturally also costly and time-consuming.
Another problem is that a client may need a great amount of resources for a very limited period to make some large computational operation once or just a few times a year, e.g. related to economics, statistics or stock inventory, while very little resources are used during the remainder time. The client thus has to make investments in resources enough to cope with such peak usage and also when demands and operation change over time.
In recent years, it has become possible for clients to hire and utilize resources for data processing, e.g. residing in large data centers comprising a great range of processors, computers and data storages, commonly referred to as cloud computing or simply “the cloud”, which can thus be shared by many clients. Effectively, all the needed resources may be available from such a data center and the clients do not have to make their own investments but can instead outsource the processing and analytics to resources in the cloud, or similar.
Sometimes the data to be processed may contain elements that are somehow sensitive to exposure, or in terms of privacy and/or integrity, meaning that it is desirable to protect the data from exposure to any unauthorized party. It may therefore be deemed unsafe to send the data unprotected to any environment where privacy and integrity may be in jeopardy such as shared resources in the cloud. In this context it can thus be assumed that the cloud, or similar shared environments, is deemed untrusted. A solution to this problem is to encrypt the data before sending it to the cloud, or similar. However, many common encryption methods of today have the disadvantage that the encrypted data must be decrypted before any computation or analysis can be made on the data. By using so-called homomorphic encryption methods, certain computations can actually be made on the encrypted data without having to first decrypt the data.
Such encryption may be achieved by using a so-called Fully Homomorphic Encryption, FHE, scheme, although currently known FHE schemes are relatively complex and rather slow in execution. Hence, it may sometimes be more attractive in practice to implement a Partially Homomorphic Encryption, PHE, scheme, which has a better performance in terms of complexity and time.
Addition is one of some basic computational operations that are needed in many use cases. The so-called Paillier cryptosystem is known in this field and it is an additive PHE scheme that can be used for performing addition operations on encrypted data without decrypting the data. In this disclosure, the term “message” will be used to represent a set of data to be encrypted before further processing and analysis. A message in this context thus comprises a numeric value that can be used for addition calculations.
In more detail, the PHE scheme of Paillier satisfiesEnc(m1+m2)=Enc(m1)·Enc(m2)where m1 and m2 are two different sets of data or messages in plaintext while “Enc” is an encryption function to obtain a cipher text. The property above makes it possible to compute an encryption of the sum of plaintexts m1+m2 by multiplying the corresponding cipher texts Enc(m1) and Enc(m2) in accordance with the above expression. This property can be used in turn to perform computations on encrypted data without first decrypting the data.
The Paillier cryptosystem is described in more detail in the article “Public-Key Cryptosystems Based on Composite Degree Residuosity Classes”, Pascal Paillier, published in J. Stern, Ed., Advances in Cryptology—EUROCRYPT '99, vol. 1592 of Lecture Notes in Computer Science, pp. 223-238, Springer-Verlag, 1999. The Paillier cryptosystem has two different variants referred to as “Scheme 1” and “Scheme 3” which are able to provide the above-described property.
It is thus desirable to encrypt any sensitive messages before processing in a cloud environment or the like while keeping the data in encrypted form by using homomorphic encryption such as the above Paillier cryptosystem. Such encryption of messages using the Paillier cryptosystem is typically a quite complex operation requiring intensive and time-consuming computations and a specialized encryption node is often employed to perform the encryption operation on behalf of a client. FIG. 1 illustrates schematically that an encryption node 100 receives a message m intended for encryption from a client 102, in an action 1:1. In response thereto, the encryption node 100 performs encryption of the message by converting or translating the message m into a ciphertext c, in another action 1:2 using homomorphic encryption such as the above-described Paillier cryptosystem.
The encryption node 100 then returns the ciphertext c as the message m in encrypted form to the client 102, in an action 1:3, while a final action 1:4 illustrates that the client 102 sends a request to a “cloud” 104 of processing resources, for processing the message in the encrypted form, i.e. the ciphertext c. As described above, it is possible to perform certain processing operations on cipher texts encrypted with a homomorphic encryption scheme. For example, it is possible to perform additions on the messages by performing multiplications on the corresponding cipher texts when said cipher texts are encrypted according to the Paillier cryptosystem.
However, it is a problem that the encryption operation using the above-mentioned Paillier cryptosystem involves quite complex and time-consuming computations and it may not be possible to employ it to enable certain analytic operations e.g. in cases where high data throughput is required or when a stream of messages arrives at the encryption node with fluctuating speed. For example, it may be necessary to encrypt a stream of incoming data, i.e. messages, with a high throughput. As an example of a use case scenario in big data analytics, it may happen that data sets, or messages, are issued from multiple sources with a high speed and often irregularly, and that they should be encrypted and sent to a third party's data resources for further analysis, e.g. in untrusted cloud services and databases. In this case the Paillier cryptosystem may not be able to encrypt the stream of incoming data with sufficiently high throughput so that it becomes a bottleneck for applications with demands for high data throughput.