PORTO @ Archivio Istituzionale della Ricerca

Sorting encrypted values is an open research problem that plays a crucial role in the broader objective of providing efficient and practical privacy-preserving online services. The current state of the art work by Mazzone, Everts, Hahn and Peter [USENIX Security ’25] proposes efficient algorithms for indexing and sorting based on the CKKS scheme, which deviates from the compare-and-swap paradigm, typically used by sorting networks, using a permutation-based approach. In this work, we follow up their work and explore different approaches to approximate the nonlinear functions required by the circuit. We propose simpler and concrete solutions that allow for faster computations, smaller memory requirements and higher precision. For example, our framework allows to sort 128 real elements in roughly 22 seconds, while maintaining a precision of 0.001 and requiring 3 GB of memory. Furthermore, we propose an implementation of a swap-based bitonic network that is not based on approximations of the sgn(x) function, which scales linearly with the number of values, useful when the number of available slots is small.

Lightweight sorting in approximate homomorphic encryption / Rovida, Lorenzo; Leporati, Alberto; Basile, Simone. - In: IACR COMMUNICATIONS IN CRYPTOLOGY. - ISSN 3006-5496. - 3:1(2026), pp. 1-29. [10.62056/a3ksdkmol]

Lightweight sorting in approximate homomorphic encryption

Lorenzo Rovida;
2026

Abstract

Sorting encrypted values is an open research problem that plays a crucial role in the broader objective of providing efficient and practical privacy-preserving online services. The current state of the art work by Mazzone, Everts, Hahn and Peter [USENIX Security ’25] proposes efficient algorithms for indexing and sorting based on the CKKS scheme, which deviates from the compare-and-swap paradigm, typically used by sorting networks, using a permutation-based approach. In this work, we follow up their work and explore different approaches to approximate the nonlinear functions required by the circuit. We propose simpler and concrete solutions that allow for faster computations, smaller memory requirements and higher precision. For example, our framework allows to sort 128 real elements in roughly 22 seconds, while maintaining a precision of 0.001 and requiring 3 GB of memory. Furthermore, we propose an implementation of a swap-based bitonic network that is not based on approximations of the sgn(x) function, which scales linearly with the number of values, useful when the number of available slots is small.
2026
IACR COMMUNICATIONS IN CRYPTOLOGY
1.1 Articolo in rivista
File in questo prodotto:
File Dimensione Formato  
3-1-32.pdf

accesso aperto

Tipologia: 2a Post-print versione editoriale / Version of Record
Licenza: Creative commons
Dimensione 1.04 MB
Formato Adobe PDF
Visualizza/Apri
1.04 MB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/3010677