Fully Homomorphic Encryption (FHE) enables operations on encrypted data, making it extremely useful for privacy-preserving applications, especially in cloud computing environments. In such contexts, operations like ranking, order statistics, and sorting are fundamental functionalities often required for database queries or as building blocks of larger protocols. However, the high computational overhead and limited native operations of FHE pose significant challenges for an efficient implementation of these tasks. These challenges are exacerbated by the fact that all these functionalities are based on comparing elements, which is a severely expensive operation under encryption. Previous solutions have typically based their designs on swap-based techniques, where two elements are conditionally swapped based on the results of their comparison. These methods aim to reduce the primary computational bottleneck: the comparison depth, which is the number of non-parallelizable homomorphic comparisons. The current state of the art solution for sorting by Lu et al. (IEEE S&P'21), for instance, achieves a comparison depth of O(log^2(N)). In this paper, we address the challenge of reducing the comparison depth by shifting away from the swap-based paradigm. We present solutions for ranking, order statistics, and sorting, that all achieve a comparison depth of O(1), making our approach highly parallelizable. Leveraging the SIMD capabilities of the CKKS FHE scheme, our approach re-encodes the input vector under encryption to allow for simultaneous comparisons of all elements with each other. The homomorphic re-encoding incurs a minimal computational overhead of O(log(N)) rotations. Experimental results show that our approach ranks a 128-element vector in approximately 2.64s, computes its argmin/argmax in 14.18s, and sorts it in 21.10s.

翻译：全同态加密（FHE）支持对加密数据进行运算，在隐私保护应用（尤其是云计算环境）中具有重要价值。在此类场景中，排序、顺序统计与排序等操作是数据库查询或大型协议构建所需的基础功能。然而，FHE的高计算开销与有限原生操作给这些任务的高效实现带来了显著挑战。由于这些功能均基于元素比较（在加密状态下是计算代价极高的操作），使得挑战更为严峻。现有解决方案通常基于交换技术设计，即根据比较结果有条件地交换两个元素。这些方法旨在降低主要计算瓶颈——比较深度（即无法并行化的同态比较次数）。例如，Lu等人（IEEE S&P'21）提出的当前最优排序方案实现了O(log²(N))的比较深度。本文通过突破交换范式来降低比较深度，提出了排序、顺序统计与排序的解决方案，均实现O(1)的比较深度，具备高度可并行性。利用CKKS FHE方案的SIMD特性，我们的方法在加密状态下对输入向量进行重编码，实现所有元素间的同步比较。同态重编码仅产生O(log(N))次旋转的最小计算开销。实验表明，我们的方法对128元素向量进行排序仅需约2.64秒，计算其argmin/argmax需14.18秒，完整排序需21.10秒。