Homomorphic Encryption From Regev ’ s Cryptosystem

EncryptA(b ∈ {0, 1}). Denote ~b = ⌊ q 2 ⌋ · (0 . . . 0 b ) ∈ Zq . Choose ~r ← DZm,σ, and output the ciphertext ~c = A~r +~b ∈ Zq . Decrypt~s(~c). Compute the inner-product d = 〈~s,~c〉 mod q. Output 1 if |d| > q 4 and 0 if |d| < q 4 . Correctness. We note that 〈~s,~c〉 = ~s(A~r+~b) = (~sA)~r+〈~s,~b〉 = 〈~e′, ~r〉+〈~s,~b〉 (mod q). Since ~e′ and ~r were chosen from an error distribution then they are both small and hence |〈~e′, ~r〉| q. At the same time 〈~s,~b〉 = −bb q 2c, hence 〈~e ′, ~r〉 + 〈~s,~b〉 is closer to 0 when b = 0 and closer to q/2 when b = 1.