Faster Amortized FHEW Bootstrapping Using Ring Automorphisms.

Amortized bootstrapping offers a way to simultaneously refresh many ciphertexts of a fully homomorphic encryption scheme, at a total cost comparable to that of refreshing a single ciphertext. An amortization method for FHEW-style cryptosystems was first proposed by (Micciancio and Sorrell, ICALP 2018), who showed that the amortized cost of bootstrapping n FHEW-style ciphertexts can be reduced from O ~ ( n ) basic cryptographic operations to just O ~ ( n ϵ ) , for any constant ϵ > 0 . However, despite the promising asymptotic saving, the algorithm was rather impractical due to a large constant (exponential in 1 / ϵ ) hidden in the asymptotic notation. In this work, we propose an alternative amortized bootstrapping method with much smaller overhead, still achieving O ( n ϵ ) asymptotic amortized cost, but with a hidden constant that is only linear in 1 / ϵ , and with reduced noise growth. This is achieved following the general strategy of (Micciancio and Sorrell), but replacing their use of the Nussbaumer transform, with a much more practical Number Theoretic Transform, with multiplication by twiddle factors implemented using ring automorphisms. A key technical ingredient to do this is a new “scheme switching” technique proposed in this paper which may be of independent interest.