Table 3: Scenario 3 - Average runtime according to the
number of database records, ranging from 16 bits of
padding (low reliability) to 64 bits of padding (strong re-
liability) (min:sec,ms).
Scenario 3 16 bits 32 bits 64 bits
5 records 00:21,93 00:25,34 00:35,23
10 records 00:44,37 00:52,88 01:13,23
50 records 03:47,27 04:28,43 06:01,55
100 records 07:38,88 08:50,99 12:07,74
The running times shown in table 3 illustrate that
this case is significantly more computationally costly
(more than 12 minutes for a hundred records and 2
−64
false positive probability) than the previous ones, and
scales only to about ten records (about one minute for
2
−64
false positive probability). Furthermore, accord-
ing to tables 1 and 3, for 10 records and 2
−64
false
positive probability, we have 73s of computations, of
which 15s are devoted to calculating the Hamming
distance, which leaves 58s of computation time for
the ten tests to zero. Similarly, for 50 records and 2
−64
false positive probability, 76s stands for the Hamming
distance and 286s of runtime for the homomorphic
tests to zero. This is the price to pay for results com-
pactness, thus for a lower communication cost. In-
deed, scenario 3 results in a O(1) size for the reply,
when scenarios 1 and 2 lead to an O(r) reply size,
where r is the number of records in the database.
7 CONCLUSION
This paper investigated multi-user setups, the first two
setups show two similar protocols allowing each user
to recognize the messages that are intended for him
and guaranteeing result consistency under multiple
keys. In terms of latency, these scenarios can be prac-
tically relevant (about one minute of execution time)
at a scale of 50 to 100 records in the database for
sequentially performed calculations. However, these
protocols have a natural potential for parallelization,
allowing to compute on a few thousands records per
minute. Indeed, these scenarios return one response
per record in the database, and the homomorphic cal-
culations on the records can be performed in parallel.
So for a server with 50 cores (a standard scale on the
NUMA machine market), the execution time would
be almost divided by 50. Our third setup allows users
to request the result of a calculation on the data ad-
dressed to them and returns only one response. This is
interesting for many use cases but results in a smaller
scaling potential since it can only handle about ten
records in one minute, sequentially.
ACKNOWLEDGEMENTS
This work was supported by the France 2030 ANR
Project ANR-22-PECY-003 SecureCompute.
REFERENCES
Aloufi, A. and Hu, P. (2019). Collaborative Homomorphic
Computation on Data Encrypted under Multiple Keys.
The International Workshop on Privacy Engineering
(IWPE’19) co-located with S&P’19.
Asharov, G., Jain, A., L
´
opez-Alt, A., Tromer, E., Vaikun-
tanathan, V., and Wichs, D. (2012). Multiparty Com-
putation with Low Communication, Computation and
Interaction via Threshold FHE. In EUROCRYPT
2012, pages 483–501.
Boneh, D., Gennaro, R., Goldfeder, S., Jain, A., Kim, S.,
Rasmussen, P. M. R., and Sahai, A. (2018). Threshold
Cryptosystems from Threshold Fully Homomorphic
Encryption.
Brakerski, Z. (2012). Fully homomorphic encryption with-
out modulus switching from classical gapsvp. In
CRYPTO 2012, pages 868–886.
Carpov, S., Dubrulle, P., and Sirdey, R. (2015). Armadillo: a
compilation chain for privacy preserving applications.
In Proceedings of the 3rd International Workshop on
Security in Cloud Computing, pages 13–19.
Catalano, D. and Fiore, D. (2015). Using Linearly-
Homomorphic Encryption to Evaluate Degree-2
Functions on Encrypted Data. In Proceedings of
the 22nd ACM SIGSAC Conference on Computer and
Communications Security.
Chillotti, I., Gama, N., Georgieva, M., and Izabach
`
ene, M.
(2020). TFHE: Fast Fully Homomorphic Encryption
Over the Torus. Journal of Cryptology, pages 34–91.
Chowdhury, S., Sinha, S., Singh, A., Mishra, S., Chaudhary,
C., Patranabis, S., Mukherjee, P., Chatterjee, A., and
Mukhopadhyay, D. (2022). Efficient threshold FHE
with application to real-time systems. IACR ePrint,
page 1625.
Dor
¨
oz, Y., Hu, Y., and Sunar, B. (2016). Homomorphic
AES evaluation using the modified LTV scheme. De-
signs, Codes and Cryptography, 80(2):333–358.
Fan, J. and Vercauteren, F. (2012). Somewhat practical fully
homomorphic encryption. IACR ePrint.
Kim, T., Kwak, H., Lee, D., Seo, J., and Song, Y.
(2022). Asymptotically faster multi-key homomor-
phic encryption from homomorphic gadget decompo-
sition. IACR ePrint, page 347.
L
´
opez-Alt, A., Tromer, E., and Vaikuntanathan, V. (2013).
On-the-fly multiparty computation on the cloud via
multikey fully homomorphic encryption. IACR ePrint,
page 94.
Lightweight FHE-based Protocols Achieving Results Consistency for Data Encrypted Under Different Keys
709