Deep Inder Mohan,Srinivas Vivek

2024-09-28

Abstract:National digital identity verification systems have played a critical role in the effective distribution of goods and services, particularly, in developing countries. Due to the cost involved in deploying and maintaining such systems, combined with a lack of in-house technical expertise, governments seek to outsource this service to third-party cloud service providers to the extent possible. This leads to increased concerns regarding the privacy of users' personal data. In this work, we propose a practical privacy-preserving digital identity (ID) verification protocol where the third-party cloud services process the identity data encrypted using a (single-key) Fully Homomorphic Encryption (FHE) scheme such as BFV. Though the role of a trusted entity such as government is not completely eliminated, our protocol does significantly reduces the computation load on such parties. A challenge in implementing a privacy-preserving ID verification protocol using FHE is to support various types of queries such as exact and/or fuzzy demographic and biometric matches including secure age comparisons. From a cryptographic engineering perspective, our main technical contribution is a user data encoding scheme that encodes demographic and biometric user data in only two BFV ciphertexts and yet facilitates us to outsource various types of ID verification queries to a third-party cloud. Our encoding scheme also ensures that the only computation done by the trusted entity is a query-agnostic "extended" decryption. This is in stark contrast with recent works that outsource all the non-arithmetic operations to a trusted server. We implement our protocol using the Microsoft SEAL FHE library and demonstrate its practicality.

Cryptography and Security

Alexander Viand,Anwar Hithnawi,C. Knabenhans

DOI: https://doi.org/10.48550/arXiv.2301.07041

2023-01-17

Abstract:Fully Homomorphic Encryption (FHE) is seeing increasing real-world deployment to protect data in use by allowing computation over encrypted data. However, the same malleability that enables homomorphic computations also raises integrity issues, which have so far been mostly overlooked. While FHEs lack of integrity has obvious implications for correctness, it also has severe implications for confidentiality: a malicious server can leverage the lack of integrity to carry out interactive key-recovery attacks. As a result, virtually all FHE schemes and applications assume an honest-but-curious server who does not deviate from the protocol. In practice, however, this assumption is insufficient for a wide range of deployment scenarios. While there has been work that aims to address this gap, these have remained isolated efforts considering only aspects of the overall problem and fail to fully address the needs and characteristics of modern FHE schemes and applications. In this paper, we analyze existing FHE integrity approaches, present attacks that exploit gaps in prior work, and propose a new notion for maliciously-secure verifiable FHE. We then instantiate this new notion with a range of techniques, analyzing them and evaluating their performance in a range of different settings. We highlight their potential but also show where future work on tailored integrity solutions for FHE is still required.

Lamya Abdullah,Felix Freiling,Juan Quintero,Zinaida Benenson

DOI: https://doi.org/10.48550/arXiv.1906.07841

2019-06-18

Cryptography and Security

Abstract:In cloud computing, data processing is delegated to a remote party for efficiency and flexibility reasons. A practical user requirement usually is that the confidentiality and integrity of data processing needs to be protected. In the common scenarios of cloud computing today, this can only be achieved by assuming that the remote party does not in any form act maliciously. In this paper, we propose an approach that avoids having to trust a single entity. Our approach is based on two concepts: (1) the technical abstraction of sealed computation, i.e., a technical mechanism to confine the processing of data within a tamper-proof hardware container, and (2) the additional role of an auditing party that itself cannot add functionality to the system but is able to check whether the system (including the mechanism for sealed computation) works as expected. We discuss the abstract technical and procedural requirements of these concepts and explain how they can be applied in practice.

M. Sadegh Riazi,Kim Laine,Blake Pelton,Wei Dai

DOI: https://doi.org/10.48550/arXiv.1909.09731

2020-01-24

Abstract:With the rapid increase in cloud computing, concerns surrounding data privacy, security, and confidentiality also have been increased significantly. Not only cloud providers are susceptible to internal and external hacks, but also in some scenarios, data owners cannot outsource the computation due to privacy laws such as GDPR, HIPAA, or CCPA. Fully Homomorphic Encryption (FHE) is a groundbreaking invention in cryptography that, unlike traditional cryptosystems, enables computation on encrypted data without ever decrypting it. However, the most critical obstacle in deploying FHE at large-scale is the enormous computation overhead. In this paper, we present HEAX, a novel hardware architecture for FHE that achieves unprecedented performance improvement. HEAX leverages multiple levels of parallelism, ranging from ciphertext-level to fine-grained modular arithmetic level. Our first contribution is a new highly-parallelizable architecture for number-theoretic transform (NTT) which can be of independent interest as NTT is frequently used in many lattice-based cryptography systems. Building on top of NTT engine, we design a novel architecture for computation on homomorphically encrypted data. We also introduce several techniques to enable an end-to-end, fully pipelined design as well as reducing on-chip memory consumption. Our implementation on reconfigurable hardware demonstrates 164-268x performance improvement for a wide range of FHE parameters.

Cryptography and Security,Artificial Intelligence,Hardware Architecture,Performance

Andreas Fischer,Benny Fuhry,Florian Kerschbaum,Eric Bodden

DOI: https://doi.org/10.48550/arXiv.1710.00390

2017-10-02

Abstract:Encrypting data before sending it to the cloud protects it against hackers and malicious insiders, but requires the cloud to compute on encrypted data. Trusted (hardware) modules, e.g., secure enclaves like Intel's SGX, can very efficiently run entire programs in encrypted memory. However, it already has been demonstrated that software vulnerabilities give an attacker ample opportunity to insert arbitrary code into the program. This code can then modify the data flow of the program and leak any secret in the program to an observer in the cloud via SGX side-channels. Since any larger program is rife with software vulnerabilities, it is not a good idea to outsource entire programs to an SGX enclave. A secure alternative with a small trusted code base would be fully homomorphic encryption (FHE) -- the holy grail of encrypted computation. However, due to its high computational complexity it is unlikely to be adopted in the near future. As a result researchers have made several proposals for transforming programs to perform encrypted computations on less powerful encryption schemes. Yet, current approaches fail on programs that make control-flow decisions based on encrypted data. In this paper, we introduce the concept of data flow authentication (DFAuth). DFAuth prevents an adversary from arbitrarily deviating from the data flow of a program. Hence, an attacker cannot perform an attack as outlined before on SGX. This enables that all programs, even those including operations on control-flow decision variables, can be computed on encrypted data. We implemented DFAuth using a novel authenticated homomorphic encryption scheme, a Java bytecode-to-bytecode compiler producing fully executable programs, and SGX enclaves. A transformed neural network that performs machine learning on sensitive medical data can be evaluated on encrypted inputs and encrypted weights in 0.86 seconds.

Cryptography and Security

Xirong Ma,Chuan Li,Yuchang Hu,Yunting Tao,Yali Jiang,Yanbin Li,Fanyu Kong,Chunpeng Ge

2024-07-09

Abstract:The demand for processing vast volumes of data has surged dramatically due to the advancement of machine learning technology. Large-scale data processing necessitates substantial computational resources, prompting individuals and enterprises to turn to cloud services. Accompanying this trend is a growing concern regarding data leakage and misuse. Homomorphic encryption (HE) is one solution for safeguarding data privacy, enabling encrypted data to be processed securely in the cloud. However, the encryption and decryption routines of some HE schemes require considerable computational resources, presenting non-trivial work for clients. In this paper, we propose an outsourced decryption protocol for the prevailing RLWE-based fully homomorphic encryption schemes. The protocol splits the original decryption into two routines, with the computationally intensive part executed remotely by the cloud. Its security relies on an invariant of the NTRU-search problem with a newly designed blinding key distribution. Cryptographic analyses are conducted to configure protocol parameters across varying security levels. Our experiments demonstrate that the proposed protocol achieves up to a $67\%$ acceleration in the client's local decryption, accompanied by a $50\%$ reduction in space usage.

Cryptography and Security

Tao Li,Xiaojun Ye,Jianmin Wang

DOI: https://doi.org/10.1145/2430475.2430493

2012-01-01

Abstract:To achieve a trustworthy cloud data service, there is a need to both provide the right services from a security engineering perspective, as well as to allows specific types of computations to be carried out on encrypted cloud data. However, traditional encryption solutions can't be used to process outsourcing encrypted data hosting to an untrusted cloud provider. A novel encryption scheme, called fully homomorphic encryption (FHE), could afford the circuit ability over encrypted data without decrypting it. In this paper, we deliver a universal construction framework for fully homomorphic encryption schemes. At first, this framework initializes a somewhat homomorphic encryption scheme based on the concept of metric space in abstract algebra which encodes the plaintext into a offset vector and generates a ciphertext by adding the offset vector to a random eigenvector in the metric space. As an abelian group, the ring is closed under addition and multiplication, this abstract algebra assume the metric space could forma ring and the eigenvectors belong to an ideal of this ring, then this framework could achieve homomorphism by having the scheme live in rings. We also deduce some well-known fully homomorphic schemes from the construction framework, and propose a prototype with an FHE encryption proxy to solve confidentiality problems in cloud systems. At last, we show the performance of FHE with some experiments, and speed the performance of fully homomorphic encryption up with cloud computing (parallel computing, distribute computing, etc.). We also discuss some opening issues and directions for future fully homomorphic encryption researches.

Joohee Lee,Sangrae Cho,Soohyung Kim,Saerom Park

DOI: https://doi.org/10.1007/s10207-024-00941-w

2024-11-28

International Journal of Information Security

Abstract:In the current landscape of cloud-based data storage and analysis, concerns about data privacy and integrity have become more and more prevalent. Homomorphic encryption is a promising technology for preserving privacy by enabling computations on encrypted data while maintaining the confidentiality of sensitive information. However, relying solely on HE may pose challenges in ensuring the integrity of data and computation, which necessitates the verification of outsourced computations for users. In this paper, we propose a generic solution for verifiable computation over encrypted data. Our solution is based on a lattice-based approximate homomorphic encryption scheme with an MPC-in-the-Head style zero-knowledge proof system. We demonstrate that a user provided with a third party's certification of the computed function can verify the homomorphic evaluation over encrypted data. In the experiment, we provide a proof-of-concept implementation of our algorithms for privacy-preserving machine learning including regression, classification and validation. Our solution is post-quantum and can be extended to various scenarios such as privacy-preserving machine learning.

computer science, information systems, theory & methods, software engineering

Arseniy Kholod,Yuriy Polyakov,Michael Schlottke-Lakemper

2024-10-29

Abstract:Data privacy is a significant concern in many environments today. This is particularly true if sensitive information, e.g., engineering, medical, or financial data, is to be processed on potentially insecure systems, as it is often the case in cloud computing. Fully homomorphic encryption (FHE) offers a potential solution to this problem, as it allows for secure computations on encrypted data. In this paper, we investigate the viability of using FHE for privacy-preserving numerical simulations of partial differential equations. We first give an overview of the CKKS scheme, a popular FHE method for computations with real numbers. This is followed by an introduction of our Julia packages <a class="link-external link-http" href="http://OpenFHE.jl" rel="external noopener nofollow">this http URL</a> and <a class="link-external link-http" href="http://SecureArithmetic.jl" rel="external noopener nofollow">this http URL</a>, which provide a Julia wrapper for the C++ library OpenFHE and offer a user-friendly interface for secure arithmetic operations. We then present a performance analysis of the CKKS scheme within OpenFHE, focusing on the error and efficiency of different FHE operations. Finally, we demonstrate the application of FHE to secure numerical simulations by implementing two finite difference schemes for the linear advection equation using the <a class="link-external link-http" href="http://SecureArithmetic.jl" rel="external noopener nofollow">this http URL</a> package. Our results show that FHE can be used to perform cryptographically secure numerical simulations, but that the error and efficiency of FHE operations must be carefully considered when designing applications.

Numerical Analysis,Cryptography and Security,Computational Physics

Thomas Shortell,Ali Shokoufandeh

DOI: https://doi.org/10.1049/iet-ifs.2019.0157

2020-01-01

IET Information Security

Abstract:In a world becoming dependent on cloud computing, multiple and many techniques are needed to meet security and privacy requirements. This study investigates using Fully Homomorphic Encryption (FHE) in the cloud for a set of signal processing algorithms. Using FHE provides a level of security and privacy for cloud computing. This research implements a framework with a set of real number processing formats that allows FHE to be used in the cloud. Developing formats for real numbers is required because FHE operates over integers. Both a fixed point binary format and a rational number format are implemented to allow for real number processing. Experimentally, the framework is implemented and verified with three algorithms: fast Fourier transform, speeded up robust features, and histogram of oriented gradients. Each implementation is bounded with error caused by the formats and examined against images (two-dimensional signals).

computer science, information systems, theory & methods

Sylvain Chatel,Christian Knabenhans,Apostolos Pyrgelis,Carmela Troncoso,Jean-Pierre Hubaux

2024-06-04

Abstract:Homomorphic encryption, which enables the execution of arithmetic operations directly on ciphertexts, is a promising solution for protecting privacy of cloud-delegated computations on sensitive data. However, the correctness of the computation result is not ensured. We propose two error detection encodings and build authenticators that enable practical client-verification of cloud-based homomorphic computations under different trade-offs and without compromising on the features of the encryption algorithm. Our authenticators operate on top of trending ring learning with errors based fully homomorphic encryption schemes over the integers. We implement our solution in VERITAS, a ready-to-use system for verification of outsourced computations executed over encrypted data. We show that contrary to prior work VERITAS supports verification of any homomorphic operation and we demonstrate its practicality for various applications, such as ride-hailing, genomic-data analysis, encrypted search, and machine-learning training and inference.

Cryptography and Security

Qi Wang,Dehua Zhou,Yanling Li

DOI: https://doi.org/10.48550/arXiv.1812.00599

2018-12-03

Cryptography and Security

Abstract:With the rapid development of cloud computing, the privacy security incidents occur frequently, especially data security issues. Cloud users would like to upload their sensitive information to cloud service providers in encrypted form rather than the raw data, and to prevent the misuse of data. The main challenge is to securely process or analyze these encrypted data without disclosing any useful information, and to achieve the rights management efficiently. In this paper, we propose the encrypted data processing protocols for cloud computing by utilizing additively homomorphic encryption and proxy cryptography. For the traditional homomorphic encryption schemes with many limitations, which are not suitable for cloud computing applications. We simulate a cloud computing scenario with flexible access control and extend the original homomorphic cryptosystem to suit our scenario by supporting various arithmetical calculations. We also prove the correctness and security of our protocols, and analyze the advantages and performance by comparing with some latest works.

Lijing Zhou,Ziyu Wang,Xiao Zhang,Yu Yu

2022-01-01

Abstract:Fully homomorphic encryption (FHE) provides a natural solution for privacy-preserving outsourced computation, but a straightforward FHE-based protocol may suffer from high computational overhead and large ciphertext expansion rate, especially for computation-intensive tasks over large data, which are the main obstacles towards practical outsourced computation. In this paper, we present HEAD, a generic outsourced computation protocol that can be based on most mainstream (typically a BGV or GSW style scheme) FHE schemes with more compact storage and less computational costs than the straightforward FHE-based counterpart. In particular, our protocol enjoys a ciphertext/plaintext expansion rate of 1 (i.e., no expansion) at the server side. This is achieved by means of “pseudorandomly masked” ciphertexts, and the efficient transformations of them into FHE ciphertexts to facilitate privacy-preserving computation. Depending on the underlying FHE in use, our HEAD protocol can be instantiated with the three masking techniques, namely modulo-subtractionmasking, modulo-division-masking, and XOR-masking, to support the decimal integer, real, or binary messages. Thanks to these masking techniques, various homomorphic computation tasks are made more efficient and less noise accumulative. We evaluate the performance of our protocol on BFV, BGV, CKKS, and FHEW schemes based on the PALISADE and SEAL libraries, which confirms the theoretical analysis of the reduction computation costs and noise. For example, the computation time in our BFV tests in an x86 server for the sum or product of eight ciphertexts is reduced from 336.3 ms to 6.3 ms, or from 1219.4 ms to 9.5 ms, respectively. Furthermore, our multi-input masking and unmasking operations are more flexible than the FHE SIMD-batching, by supporting an on-demand configuration of FHE during each outsourced computation request.

Zhiniang Peng

DOI: https://doi.org/10.48550/arXiv.1906.07127

2019-06-18

Abstract:Fully homomorphic encryption is a promising crypto primitive to encrypt your data while allowing others to compute on the encrypted data. But there are many well-known problems with fully homomorphic encryption such as CCA security and circuit privacy problem. Despite these problems, there are still many companies are currently using or preparing to use fully homomorphic encryption to build data security applications. It seems that the full homomorphic encryption is very close to practicality and these problems can be easily mitigated in implementation. Although the those problems are well known in theory, there is no public discussion of their actual impact on real application. Our research shows that there are many security pitfalls in fully homomorphic encryption from the perspective of practical application. The security problems of a fully homomorphic encryption in a real application is more severe than imagined. In this paper, we will take Microsoft SEAL as an examples to introduce the security pitfalls of fully homomorphic encryption from the perspective of implementation and practical application

Cryptography and Security

Yuan Zhang,Chunxiang Xu,Xiaohui Liang,Hongwei Li,Yi Mu,Xiaojun Zhang

DOI: https://doi.org/10.1109/mcc.2016.94

2016-01-01

IEEE Cloud Computing

Abstract:Cloud storage services allow users to outsource their data to cloud servers to save local data storage costs. However, unlike using local storage devices, users do not physically manage the data stored on cloud servers; therefore, the data integrity of the outsourced data has become an issue. Many public verification schemes have been proposed to enable a third-party auditor to verify the data integrity for users. These schemes make an impractical assumption—the auditors have enough computation capability to bear expensive verification costs. In this paper, we propose a novel public verification scheme for the cloud storage using indistinguishability obfuscation, which requires a lightweight computation on the auditor and the delegate most computation to the cloud. We further extend our scheme to support batch verification and data dynamic operations, where multiple verification tasks from different users can be performed efficiently by the auditor and the cloud-stored data can be updated dynamically. Compared with other existing works, our scheme significantly reduces the auditor’s computation overhead. Moreover, the batch verification overhead on the auditor side in our scheme is independent of the number of verification tasks. Our scheme could be practical in a scenario, where the data integrity verifications are executed frequently, and the number of verification tasks (i.e., the number of users) is numerous; even if the auditor is equipped with a low-power device, it can verify the data integrity efficiently. We prove the security of our scheme under the strongest security model proposed by Shi et al. (ACM CCS 2013). Finally, we conduct a performance analysis to demonstrate that our scheme is more efficient than other existing works in terms of the auditor’s communication and computation efficiency.

Fattaneh Bayatbabolghani,Bharath Ramsundar

DOI: https://doi.org/10.48550/arXiv.1907.01489

2019-07-03

Abstract:Decentralized data markets gather data from many contributors to create a joint data cooperative governed by market stakeholders. The ability to perform secure computation on decentralized data markets would allow for useful insights to be gained while respecting the privacy of data contributors. In this paper, we design secure protocols for such computation by utilizing secure multi-party computation techniques including garbled circuit evaluation and homomorphic encryption. Our proposed solutions are efficient and capable of performing arbitrary computation, but we report performance on two specific applications in the healthcare domain to emphasize the applicability of our methods to sensitive datasets.

Cryptography and Security

Aydin, Furkan,Aysu, Aydin

DOI: https://doi.org/10.1007/s13389-023-00340-2

2024-01-13

Journal of Cryptographic Engineering

Abstract:Homomorphic encryption (HE) allows computing encrypted data in the ciphertext domain without knowing the encryption key. It is possible, however, to break fully homomorphic encryption (FHE) algorithms by using side channels. This article demonstrates side-channel leakages of the Microsoft SEAL HE library. The proposed attack can steal encryption keys during the key generation phase by abusing the leakage of ternary value assignments that occurs during the number theoretic transform (NTT) algorithm. We propose two attacks, one for -O0 flag non-optimized code implementation which targets addition and subtraction operations, and one for -O3 flag compiler optimization which targets guard and mul_root operations. In particular, the attacks can steal the secret key coefficients from a single power/electromagnetic measurement trace of SEAL's NTT implementation. To achieve high accuracy with a single-trace , we develop novel machine-learning side-channel profilers. On an ARM Cortex-M4F processor, our attacks are able to extract secret key coefficients with an accuracy of 98.3% when compiler optimization is disabled, and 98.6% when compiler optimization is enabled. We finally demonstrate that our attack can evade an application of the random delay insertion defense.

computer science, theory & methods

Gang Du,Chunguang Ma,Zengpeng Li,Ding Wang

DOI: https://doi.org/10.1007/978-3-319-68542-7_21

2017-01-01

Abstract:Despite the convenience brought by cloud computing, internet users, meanwhile, are faced with risks of data theft, tampering, forgery, etc. Fully homomorphic encryption (FHE) has the ability to deal with the ciphertext directly, which can solve the problem of data security in cloud computing. Therefore, fully homomorphic encryption (FHE) has been widely used in cloud computing as well as multiparty computing, functional encryption and private information retrieval, etc. However, previous FHE schemes are based on standard (ring) learning with errors (LWE) assumption and the most typical schemes were created by Brakerski (CRYPTO2012) and Gentry-Sahai-Waters (GSW) (CRYPTO2013). Moreover, inspired by the work of Li et al. at ICPADS2016, they made use of Brakerski's scale-invariant technology and constructed a new FHE scheme with errorless key switching under Dual-First-is-errorless LWE (Dual-Ferr. LWE) problem. Hence, armed with Li et al.'s work, in this paper, we use Gentry-Peikert-Vaikuntanathan's scheme (i.e., under dual LWE assumption) as building block to construct a FHE scheme. Lastly, under the assumption of decisional learning with errors (LWE), we prove that our scheme is CPA (chosen-plaintext-attack) secure.

Subin Moon,Younho Lee

DOI: https://doi.org/10.1155/2020/1250295

IF: 1.968

2020-03-02

Security and Communication Networks

Abstract:As a method of privacy-preserving data analysis (PPDA), a fully homomorphic encryption (FHE) has been in the spotlight recently. Unfortunately, because many data analysis methods assume that the type of data is of real type, the FHE-based PPDA methods could not support the enough level of accuracy due to the nature of FHE that fixed-point real-number representation is supported easily. In this paper, we propose a new method to represent encrypted floating-point real numbers on top of FHE. The proposed method is designed to have analogous range and accuracy to 32-bit floating-point number in IEEE 754 representation. We propose a method to perform arithmetic operations and size comparison operations. The proposed method is designed using two different FHEs, HEAAN and TFHE. As a result, HEAAN is proven to be very efficient for arithmetic operations and TFHE is efficient in size comparison. This study is expected to contribute to practical use of FHE-based PPDA.

computer science, information systems,telecommunications

Brian Kishiyama,Izzat Alsmadi

DOI: https://doi.org/10.11648/j.ijsts.20241202.11

2024-03-20

International Journal of Science, Technology and Society

Abstract:Cloud Service Providers, exemplified by industry leaders like Google Cloud Platform, Microsoft Azure, and Amazon Web Services, deliver a dynamic array of cloud services in an ever-evolving landscape. This sector is witnessing substantial growth, with enterprises such as Netflix and PayPal heavily relying on cloud infrastructure for various needs such as data storage, computational resources, and various other services. The adoption of cloud solutions by businesses not only facilitates cost reduction but also fosters flexibility and supports scalability. Despite the undeniable advantages, concerns surrounding security and privacy persist in the realm of Cloud Computing. Given that Cloud services are accessible via the internet, there is a potential vulnerability to unauthorized access by hackers or malicious entities from anywhere in the world. A crucial aspect of addressing this challenge is the implementation of robust security measures, particularly focusing on data protection. To safeguard data in the Cloud, a fundamental recommendation is the encryption of data prior to uploading. Encryption should be maintained consistently, both during storage and in transit. While encryption enhances security, it introduces a potential challenge for data owners who may need to perform various operations on their encrypted data, such as accessing, modifying, updating, deleting, reading, searching, or sharing them with others. One viable solution to balance the need for data security and operational functionality is the adoption of Searchable Encryption (SE). SE operates on encrypted data, allowing authorized users to perform certain operations without compromising the security of sensitive information. The effectiveness of SE has notably advanced since its inception, and ongoing research endeavors aim to further enhance its capabilities. This paper provides a comprehensive review of the functionality of Searchable Encryption, with a primary focus on its applications in Cloud services during the period spanning 2019 to 2023. Additionally, the study evaluates one of its prominent schemes, namely Fully Homomorphic Encryption (FHE). The analysis indicates an overall positive trajectory in SE research, showcasing increased efficiency as multiple functionalities are aggregated and rigorously tested.