research-article

Free access

VERITAS: Plaintext Encoders for Practical Verifiable Homomorphic Encryption

Authors:

Sylvain Chatel,

Christian Knabenhans,

Apostolos Pyrgelis,

Carmela Troncoso,

Jean-Pierre HubauxAuthors Info & Claims

CCS '24: Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security

Pages 2520 - 2534

https://doi.org/10.1145/3658644.3670282

Published: 09 December 2024 Publication History

Abstract

Homomorphic encryption has become a practical solution for protecting the privacy of computations on sensitive data. However, existing homomorphic encryption pipelines do not guarantee the correctness of the computation result in the presence of a malicious adversary. We propose two plaintext encodings compatible with state-of-the-art fully homomorphic encryption schemes that enable practical client-verification of homomorphic computations while supporting all the operations required for modern privacy-preserving analytics. Based on these encodings, we introduce VERITAS, a ready-to-use library for the verification of computations executed over encrypted data. VERITAS is the first library that supports the verification of any homomorphic operation. We demonstrate its practicality for various applications and, in particular, we show that it enables verifiability of homomorphic analytics with less than 3x computation overhead compared to the homomorphic encryption baseline.

References

[1]

23andMe, 'DNA Genetic Testing & Analysis,' 2019, https://www.23andme.com.

[2]

A. Akavia, D. Feldman, and H. Shaul, 'Secure search on encrypted data via multiring sketch,' in ACM Conference on Computer and Communications Security (CCS), 2018, https://doi.org/10.1145/3243734.3243810.

Digital Library

[3]

A. Akavia, C. Gentry, S. Halevi, and M. Vald, 'Achievable CCA2 relaxation for homomorphic encryption,' in Theory of Cryptography -- TCC. Springer, 2022, https://doi.org/10.1007/978--3-031--22365--5_3.

[4]

M. Albrecht, M. Chase, H. Chen, J. Ding, S. Goldwasser, S. Gorbunov, S. Halevi, J. Hoffstein, K. Laine, K. Lauter, S. Lokam, D. Micciancio, D. Moody, T. Morrison, A. Sahai, and V. Vaikuntanathan, 'Homomorphic encryption security standard,' HomomorphicEncryption.org, Toronto, Canada, Tech. Rep., November 2018, http://homomorphicencryption.org/wp-content/uploads/2018/11/HomomorphicEncryptionStandardv1.1.pdf.

[5]

Y. Aumann and Y. Lindell, 'Security against covert adversaries: Efficient protocols for realistic adversaries,' in Theory of Cryptography -- TCC. Springer, 2007, pp. 137--156, https://doi.org/10.1007/978--3--540--70936--7_8. [Online]. Available: https://eprint.iacr.org/2007/060

[6]

E. Ayday, J. L. Raisaro, J.-P. Hubaux, and J. Rougemont, 'Protecting and evaluating genomic privacy in medical tests and personalized medicine,' in ACM Workshop on privacy in the electronic society (WPES), 2013, pp. 95--106, https://dl.acm.org/doi/10.1145/2517840.2517843.

[7]

M. Backes, M. Barbosa, D. Fiore, and R. M. Reischuk, 'ADSNARK: Nearly Practical and Privacy-Preserving Proofs on Authenticated Data,' in IEEE Symposium on Security and Privacy (S&P). IEEE, 2015, pp. 271--286, https://doi.org/10.1109/SP.2015.24. [Online]. Available: https://eprint.iacr.org/2014/617

Digital Library

[8]

M. Backes, D. Fiore, and R. M. Reischuk, 'Verifiable delegation of computation on outsourced data,' in ACM SIGSAC conference on Computer & Communications Security (CCS), 2013, pp. 863--874, https://dl.acm.org/doi/10.1145/2508859.2516681.

[9]

E. Bagdasaryan and V. Shmatikov, 'Blind backdoors in deep learning models,' in Usenix Security, 2021, https://www.usenix.org/system/files/sec21-bagdasaryan.pdf.

[10]

E. Ben-Sasson, A. Chiesa, M. Riabzev, N. Spooner, M. Virza, and N. P. Ward, 'Aurora: Transparent succinct arguments for R1CS,' in Advances in Cryptology -- EUROCRYPT. Springer, 2019, pp. 103--128, https://doi.org/10.1007/978--3-030--17653--2_4. [Online]. Available: https://eprint.iacr.org/2018/828

[11]

E. Ben-Sasson, A. Chiesa, E. Tromer, and M. Virza, 'Succinct non-interactive zero knowledge for a Von Neumann architecture,' in USENIX Security Symposium, 2014, pp. 781--796, https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/ben-sasson.

[12]

S. Benabbas, R. Gennaro, and Y. Vahlis, 'Verifiable delegation of computation over large datasets,' in Advances in Cryptology -- CRYPTO. Springer, 2011, pp. 111--131, https://doi.org/10.1007/978--3--642--22792--9_7. [Online]. Available: https://eprint.iacr.org/2011/132

[13]

R. Bhadauria, Z. Fang, C. Hazay, M. Venkitasubramaniam, T. Xie, and Y. Zhang, 'Ligero: a new optimized sublinear iop,' in ACM SIGSAC Conference on Computer and Communications Security (CCS), 2020, pp. 2025--2038, https://doi.org/10.1145/3372297.3417893.

Digital Library

[14]

B. Biggio, B. Nelson, and P. Laskov, 'Poisoning attacks against support vector machines,' in ICML, 2012, https://dl.acm.org/doi/10.5555/3042573.3042761.

[15]

B. Biggio and F. Roli, 'Wild patterns: Ten years after the rise of adversarial machine learning,' in ACM SIGSAC Conference on Computer and Communications Security (CCS), 2018, https://doi.org/10.1145/3243734.3264418.

Digital Library

[16]

F. Boenisch, A. Dziedzic, R. Schuster, A. S. Shamsabadi, I. Shumailov, and N. Papernot, 'When the curious abandon honesty: Federated learning is not private,' arXiv preprint arXiv:2112.02918, 2021, https://arxiv.org/abs/2112.02918.

[17]

A. Bois, I. Cascudo, D. Fiore, and D. Kim, 'Flexible and efficient verifiable computation on encrypted data,' in Public-Key Cryptography -- PKC. Springer, 2021, pp. 528--558, https://doi.org/10.1007/978--3-030--75248--4_19. [Online]. Available: https://eprint.iacr.org/2020/1526

[18]

E. Bokányi and A. Hannák, 'Understanding inequalities in ride-hailing services through simulations,' Scientific reports, vol. 10, no. 1, p. 6500, 2020, https://www.nature.com/articles/s41598-020--63171--9.

[19]

D. Boneh, C. Gentry, S. Halevi, F. Wang, and D. J. Wu, 'Private database queries using somewhat homomorphic encryption,' in Applied Cryptography and Network Security (ACNS). Springer, 2013, pp. 102--118, https://doi.org/10.1007/978--3--642--38980--1_7.

[20]

Z. Brakerski, C. Gentry, and V. Vaikuntanathan, '(leveled) fully homomorphic encryption without bootstrapping,' ACM Transactions on Computation Theory (TOCT), vol. 6, no. 3, pp. 1--36, 2014, https://dl.acm.org/doi/10.1145/2090236.2090262. [Online]. Available: https://eprint.iacr.org/2011/277

Digital Library

[21]

Z. Brakerski and V. Vaikuntanathan, 'Fully homomorphic encryption from ring-LWE and security for key dependent messages,' in Advances in Cryptology -- CRYPTO. Springer, 2011, pp. 505--524, https://doi.org/10.1007/978--3--642--22792--9_29.

[22]

A. Brutzkus, R. Gilad-Bachrach, and O. Elisha, 'Low latency privacy preserving inference,' in International Conference on Machine Learning (ICML). PMLR, 2019, pp. 812--821, http://proceedings.mlr.press/v97/brutzkus19a.

[23]

A. Buniello, J. A. L. MacArthur, M. Cerezo et al., 'The NHGRI-EBI GWAS catalog of published genome-wide association studies, targeted arrays and summary statistics 2019,' Nucleic acids research, 2019, https://www.ebi.ac.uk/gwas/home.

[24]

B. Bünz, J. Bootle, D. Boneh, A. Poelstra, P.Wuille, and G. Maxwell, 'Bulletproofs: Short proofs for confidential transactions and more,' in IEEE Symposium on Security and Privacy (S&P). IEEE, 2018, pp. 315--334, https://doi.org/10.1109/SP.2018.00020.

[25]

D. Catalano and D. Fiore, 'Practical homomorphic MACs for arithmetic circuits,' in Advances in Cryptology -- EUROCRYPT, 2013, pp. 336--352, https://doi.org/10.1007/978--3--642--38348--9_21. [Online]. Available: https://eprint.iacr.org/2015/194

[26]

D. Catalano, A. Marcedone, and O. Puglisi, 'Authenticating computation on groups: New homomorphic primitives and applications,' in Advances in Cryptology -- ASIACRYPT. Springer, 2014, pp. 193--212, https://dx.doi.org/10.1007/978--3--662--45608--8_11. [Online]. Available: https://eprint.iacr.org/2013/801

[27]

S. Chatel, C. Knabenhans, A. Pyrgelis, C. Troncoso, and J.-P. Hubaux, 'Poster: Verifiable encodings for maliciously-secure homomorphic encryption evaluation,' in Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS '23. Association for Computing Machinery, 2023, p. 3525--3527, https://doi.org/10.1145/3576915.3624403.

Digital Library

[28]

, 'Verifiable encodings for secure homomorphic analytics,' 2024, https://arxiv.org/abs/2207.14071.

[29]

S. Chatel, C. Mouchet, A. U. Sahin, A. Pyrgelis, C. Troncoso, and J.-P. Hubaux, 'PELTA - shielding multiparty-FHE against malicious adversaries,' in Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS '23. Association for Computing Machinery, 2023, p. 711--725, https://doi.org/10.1145/3576915.3623139.

Digital Library

[30]

H. Chen, W. Dai, M. Kim, and Y. Song, 'Efficient multi-key homomorphic encryption with packed ciphertexts with application to oblivious neural network inference,' in ACM SIGSAC Conference on Computer and Communications Security (CCS), 2019, pp. 395--412, https://doi.org/10.1145/3319535.3363207.

Digital Library

[31]

H. Chen, R. Gilad-Bachrach, K. Han, Z. Huang, A. Jalali, K. Laine, and K. Lauter, 'Logistic regression over encrypted data from fully homomorphic encryption,' BMC medical genomics, vol. 11, pp. 3--12, 2018, https://doi.org/10.1186/s12920-018-0397-z.

[32]

H. Chen, K. Laine, and P. Rindal, 'Fast private set intersection from homomorphic encryption,' in ACM SIGSAC Conference on Computer and Communications Security (CCS), 2017, https://doi.org/10.1145/3133956.3134061. [Online]. Available: https://ia.cr/2017/299

Digital Library

[33]

L. Chen, Z. Zhang, and X. Wang, 'Batched multi-hop multi-key FHE from ring-LWE with compact ciphertext extension,' in Theory of Cryptography (TCC). Springer, 2017, pp. 597--627, https://doi.org/10.1007/978--3--319--70503--3_20. [Online]. Available: https://eprint.iacr.org/2017/923

[34]

M. Chenal and Q. Tang, 'On key recovery attacks against existing somewhat homomorphic encryption schemes,' in Progress in Cryptology -- LATINCRYPT. Springer, 2014, pp. 239--258, https://doi.org/10.1007/978--3--319--16295--9_13. [Online]. Available: https://ia.cr/2014/535

[35]

J. H. Cheon, H. Choe, A. Passelègue, D. Stehlé, and E. Suvanto, 'Attacks against the INDCPA-D security of exact FHE schemes,' Cryptology ePrint Archive, Paper 2024/127, 2024, https://eprint.iacr.org/2024/127.

[36]

J. H. Cheon, J. Jeong, J. Lee, and K. Lee, 'Privacy-preserving computations of predictive medical models with minimax approximation and non-adjacent form,' in Financial Cryptography and Data Security (FC). Springer, 2017, pp. 53--74, https://doi.org/10.1007/978--3--319--70278-0_4.

[37]

K.-M. Chung, Y. Kalai, and S. Vadhan, 'Improved delegation of computation using fully homomorphic encryption,' in Advances in Cryptology -- CRYPTO. Springer, 2010, pp. 483--501, https://doi.org/10.1007/978--3--642--14623--7_26. [Online]. Available: https://eprint.iacr.org/2010/241

[38]

G. Danezis and E. De Cristofaro, 'Fast and private genomic testing for disease susceptibility,' in ACM Workshop on Privacy in the Electronic Society (WPES), 2014, pp. 31--34, https://dl.acm.org/doi/10.1145/2665943.2665952.

[39]

E. De Cristofaro, S. Faber, and G. Tsudik, 'Secure genomic testing with size- and position-hiding private substring matching,' in ACM Workshop on privacy in the electronic society (WPES), 2013, pp. 107--118, https://dl.acm.org/doi/10.1145/2517840.2517849.

[40]

DNAfit | US, 'Accurate DNA Test For Diet, Fitness, Health & Wellness,' 2019, https://www.dnafit.com/us/.

[41]

EPFL-LDS, 'Lattigo v2.2.0,' Online: http://github.com/ldsec/lattigo, Jul. 2021.

[42]

Y. Erlich and A. Narayanan, 'Routes for breaching and protecting genetic privacy,' Nature Reviews Genetics, vol. 15, no. 6, pp. 409--421, 2014, https://www.nature.com/articles/nrg3723.

[43]

J. Fan and F. Vercauteren, 'Somewhat practical fully homomorphic encryption.' IACR Cryptol. ePrint Arch., 2012, https://eprint.iacr.org/2012/144.

[44]

S. Fei, Z. Yan, W. Ding, and H. Xie, 'Security vulnerabilities of SGX and countermeasures: A survey,' ACM Computing Surveys (CSUR), vol. 54, no. 6, pp. 1--36, 2021, https://doi.org/10.1145/3456631.

Digital Library

[45]

H. Fereidooni, S. Marchal, M. Miettinen, A. Mirhoseini, H. Möllering, T. D. Nguyen, P. Rieger, A.-R. Sadeghi, T. Schneider, H. Yalame et al., 'SAFELearn: secure aggregation for private federated learning,' in IEEE Security and Privacy Workshops (SPW). IEEE, 2021, pp. 56--62, https://doi.org/10.1109/SPW53761.2021.00017.

[46]

D. Fiore and R. Gennaro, 'Publicly verifiable delegation of large polynomials and matrix computations, with applications,' in ACM conference on Computer and Communications Security (CCS), 2012, pp. 501--512, https://doi.org/10.1145/2382196.2382250. [Online]. Available: https://eprint.iacr.org/2012/281

Digital Library

[47]

D. Fiore, R. Gennaro, and V. Pastro, 'Efficiently verifiable computation on encrypted data,' in ACM SIGSAC Conference on Computer and Communications Security (CCS), 2014, pp. 844--855, https://dl.acm.org/doi/10.1145/2660267.2660366. [Online]. Available: https://eprint.iacr.org/2014/202

[48]

D. Fiore, A. Nitulescu, and D. Pointcheval, 'Boosting verifiable computation on encrypted data,' in Public-Key Cryptography -- PKC. Springer, 2020, pp. 124--154, https://doi.org/10.1007/978--3-030--45388--6_5. [Online]. Available: https://eprint.iacr.org/2020/132

[49]

D. Froelicher, H. Cho, M. Edupalli, J. S. Sousa, J. Bossuat, A. Pyrgelis, J. R. Troncoso-Pastoriza, B. Berger, and J. Hubaux, 'Scalable and privacy-preserving federated principal component analysis,' in IEEE Symposium on Security and Privacy (S&P), 2023, https://doi.ieeecomputersociety.org/10.1109/SP46215.2023.00051.

[50]

C. Ganesh, A. Nitulescu, and E. Soria-Vazquez, 'Rinocchio: Snarks for ring arithmetic,' Cryptology ePrint Archive, Report 2021/322, 2021, https://ia.cr/2021/322.

[51]

R. Gennaro, C. Gentry, and B. Parno, 'Non-interactive verifiable computing: Outsourcing computation to untrusted workers,' in Advances in Cryptology -- CRYPTO. Springer, 2010, pp. 465--482, https://doi.org/10.1007/978--3--642--14623--7_25.

[52]

R. Gennaro and D. Wichs, 'Fully homomorphic message authenticators,' in Advances in Cryptology-ASIACRYPT. Springer, 2013, pp. 301--320, https://doi.org/10.1007/978--3--642--42045-0_16.

[53]

Z. Ghodsi, T. Gu, and S. Garg, 'SafetyNets: Verifiable execution of deep neural networks on an untrusted cloud,' Advances in Neural Information Processing Systems (NIPS), vol. 30, 2017, https://dl.acm.org/doi/10.5555/3294996.3295220.

[54]

S. Goldwasser, Y. T. Kalai, R. A. Popa, V. Vaikuntanathan, and N. Zeldovich, 'How to run turing machines on encrypted data,' in Advances in Cryptology -- CRYPTO. Springer, 2013, pp. 536--553, https://doi.org/10.1007/978--3--642--40084--1_30.

[55]

S. Goldwasser, Y. T. Kalai, and G. N. Rothblum, 'Delegating computation: interactive proofs for muggles,' Journal of the ACM (JACM), vol. 62, no. 4, pp. 1--64, 2015, https://dl.acm.org/doi/pdf/10.1145/2699436.

Digital Library

[56]

T. Graepel, K. Lauter, and M. Naehrig, 'ML confidential: Machine learning on encrypted data,' in International Conference on Information Security and Cryptology, 2012, pp. 1--21, https://doi.org/10.1007/978--3--642--37682--5_1. [Online]. Available: https://eprint.iacr.org/2012/323

[57]

J. Groth, M. Kohlweiss, M. Maller, S. Meiklejohn, and I. Miers, 'Updatable and universal common reference strings with applications to zk-SNARKs,' in Advances in Cryptology -- CRYPTO. Springer, 2018, pp. 698--728, https://doi.org/10.1007/978--3--319--96878-0_24. [Online]. Available: https://eprint.iacr.org/2018/280

[58]

S. Halevi, Y. Polyakov, and V. Shoup, 'An improved RNS variant of the BFV homomorphic encryption scheme,' in Topics in Cryptology--CTRSA. Springer, 2019, pp. 83--105, https://doi.org/10.1007/978--3-030--12612--4_5. [Online]. Available: https://eprint.iacr.org/2018/117

[59]

IBM, 'Helib v2.2.1,' Online: https://github.com/homenc/HElib, Oct. 2021.

[60]

C. Joo and A. Yun, 'Homomorphic authenticated encryption secure against chosen-ciphertext attack,' in Advances in Cryptology -- ASIACRYPT. Springer, 2014, pp. 173--192, https://doi.org/10.1007/978--3--662--45608--8_10. [Online]. Available: https://eprint.iacr.org/2013/726

[61]

C. Juvekar, V. Vaikuntanathan, and A. Chandrakasan, 'GAZELLE: A low latency framework for secure neural network inference,' in USENIX Security Symposium, 2018, pp. 1651--1669, https://www.usenix.org/conference/usenixsecurity18/presentation/juvekar. [Online]. Available: https://eprint.iacr.org/2018/073

[62]

A. Kim, M. Deryabin, J. Eom, R. Choi, Y. Lee, W. Ghang, and D. Yoo, 'General bootstrapping approach for rlwe-based homomorphic encryption,' Cryptology ePrint Archive, 2021, https://eprint.iacr.org/2021/691.

[63]

A. Kim, Y. Polyakov, and V. Zucca, 'Revisiting homomorphic encryption schemes for finite fields,' in Advances in Cryptology -- ASIACRYPT. Springer, 2021, pp. 608--639, https://doi.org/10.1007/978--3-030--92078--4_21. [Online]. Available: https://eprint.iacr.org/2021/204

[64]

M. Kim and K. Lauter, 'Private genome analysis through homomorphic encryption,' in BMC medical informatics and decision making. BioMed Central, 2015, pp. 1--12, https://doi.org/10.1186/1472--6947--15-S5-S3.

[65]

J. Lai, R. H. Deng, H. Pang, and J. Weng, 'Verifiable computation on outsourced encrypted data,' in Computer Security -- ESORICS. Springer, 2014, pp. 273--291, https://doi.org/10.1007/978--3--319--11203--9_16.

[66]

K. Laine, 'Simple encrypted arithmetic library 2.3. 1,' Microsoft Research, 2017, https://www.microsoft.com/en-us/research/uploads/prod/2017/11/sealmanual-2--3--1.pdf.

[67]

B. Li and D. Micciancio, 'On the security of homomorphic encryption on approximate numbers,' in Advances in Cryptology -- EUROCRYPT 2021, 2021, https://doi.org/10.1007/978--3-030--77870--5_23.

[68]

M. Li, J. Gao, Y. Chen, J. Zhao, and M. Alazab, 'Privacy-preserving ride-hailing with verifiable order-linking in vehicular networks,' in IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE, 2020, pp. 599--606, https://doi.org/10.1109/TrustCom50675.2020.00085

[69]

S. Li, X.Wang, and R. Xue, 'Toward both privacy and efficiency of homomorphic MACs for polynomial functions and its applications,' The Computer Journal, vol. 65, no. 4, pp. 1020--1028, 2022, https://doi.org/10.1093/comjnl/bxab042.

[70]

S. Li, X. Wang, and R. Zhang, 'Privacy-preserving homomorphic MACs with efficient verification,' in Web Services--ICWS. Springer, 2018, pp. 100--115, https://doi.org/10.1007/978--3--319--94289--6_7.

[71]

B. Libert, T. Peters, M. Joye, and M. Yung, 'Linearly homomorphic structure-preserving signatures and their applications,' Advances in Cryptology -- CRYPTO, 2013, https://doi.org/10.1007/978--3--642--40084--1_17. [Online]. Available: https://eprint.iacr.org/2013/361

[72]

Y. Lindell, 'Fast cut-and-choose based protocols for malicious and covert adversaries,' Advances in Cryptology -- CRYPTO, pp. 1--17, 2013, https://doi.org/10.1007/978--3--642--40084--1_1.

[73]

M. Lipp, A. Kogler, D. Oswald, M. Schwarz, C. Easdon, C. Canella, and D. Gruss, 'PLATYPUS: Software-based power side-channel attacks on X86,' in IEEE Symposium on Security and Privacy (S&P). IEEE, 2021, pp. 355--371, https://doi.org/10.1109/SP40001.2021.00063.

[74]

W.-J. Lu, Y. Yamada, and J. Sakuma, 'Privacy-preserving genome-wide association studies on cloud environment using fully homomorphic encryption,' in BMC medical informatics and decision making, vol. 15. Springer, 2015, pp. 1--8, https://doi.org/10.1186/1472--6947--15-S5-S1.

[75]

W. Lu, S. Kawasaki, and J. Sakuma, 'Using fully homomorphic encryption for statistical analysis of categorical, ordinal and numerical data.' Annual Network And Distributed System Security Symposium (NDSS), 2017, http://dx.doi.org/10.14722/ndss.2017.23119. [Online]. Available: https://eprint.iacr.org/2016/1163

[76]

A. Luykx, B. Mennink, and S. Neves, 'Security analysis of BLAKE2's modes of operation,' IACR Transactions on Symmetric Cryptology, 2016, https://ia.cr/2016/827.

[77]

V. Lyubashevsky, C. Peikert, and O. Regev, 'On ideal lattices and learning with errors over rings,' in Advances in Cryptology -- EUROCRYPT, 2010, https://doi.org/10.1007/978--3--642--13190--5_1.

[78]

A. Madi, R. Sirdey, and O. Stan, 'Computing neural networks with homomorphic encryption and verifiable computing,' in Applied Cryptography and Network Security Workshops (ACNS). Springer, 2020, pp. 295--317, https://doi.org/10.1007/978--3-030--61638-0_17.

[79]

B. McMahan, E. Moore, D. Ramage, S. Hampson, and B. A. y Arcas, 'Communication-efficient learning of deep networks from decentralized data,' in Artificial intelligence and statistics (AISTATS). PMLR, 2017, pp. 1273--1282, http://proceedings.mlr.press/v54/mcmahan17a.html.

[80]

L. Melis, C. Song, E. De Cristofaro, and V. Shmatikov, 'Exploiting unintended feature leakage in collaborative learning,' in IEEE Symposium on Security and Privacy (S&P). IEEE, 2019, pp. 691--706, https://doi.org/10.1109/SP.2019.00029. [Online]. Available: https://arxiv.org/abs/1805.04049

[81]

C. Mouchet, J. Troncoso-Pastoriza, J.-P. Bossuat, and J.-P. Hubaux, 'Multiparty homomorphic encryption from ring-learning-with-errors,' Proceedings on Privacy Enhancing Technologies, vol. 2021, pp. 291--311, 2021, https://doi.org/10.2478/popets-2021-0071. [Online]. Available: https://eprint.iacr.org/2020/304.pdf

[82]

M. Naor, B. Pinkas, and E. Ronen, 'How to (not) share a password: Privacy preserving protocols for finding heavy hitters with adversarial behavior,' in ACM SIGSAC conference on Computer and Communications Security (CCS), 2019, pp. 1369--1386, https://doi.org/10.1145/3319535.3363204.

Digital Library

[83]

M. Nasr, R. Shokri, and A. Houmansadr, 'Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning,' in IEEE symposium on security and privacy (S&P). IEEE, 2019, pp. 739--753, https://doi.org/10.1109/SP.2019.00065. [Online]. Available: https://arxiv.org/abs/1812.00910

[84]

D. Natarajan, A. Loveless, W. Dai, and R. Dreslinski, 'CHEX-MIX: Combining homomorphic encryption with trusted execution environments for two-party oblivious inference in the cloud,' Cryptology ePrint Archive, 2021, https://ia.cr/2021/1603.

[85]

C. Niu, F. Wu, S. Tang, S. Ma, and G. Chen, 'Toward verifiable and privacy preserving machine learning prediction,' IEEE Transactions on Dependable and Secure Computing, vol. 19, no. 3, pp. 1703--1721, 2020, https://doi.org/10.1109/TDSC.2020.3035591.

[86]

B. Parno, J. Howell, C. Gentry, and M. Raykova, 'Pinocchio: Nearly practical verifiable computation,' in IEEE Symposium on Security and Privacy (S&P), 2013, pp. 238--252, https://doi.org/10.1109/SP.2013.47. [Online]. Available: https://eprint.iacr.org/2013/279

Digital Library

[87]

D. Pasquini, D. Francati, and G. Ateniese, 'Eluding secure aggregation in federated learning via model inconsistency,' in ACM SIGSAC Conference on Computer and Communications Security (CCS), 2022, pp. 2429--2443, https://doi.org/10.1145/3548606.3560557.

Digital Library

[88]

A. Pham, I. Dacosta, G. Endignoux, J. R. T. Pastoriza, K. Huguenin, and J.-P. Hubaux, 'ORide: A privacy-preserving yet accountable ride-hailing service,' in USENIX Security Symposium, 2017, pp. 1235--1252, https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/pham.

[89]

J. Randmets, 'An overview of vulnerabilities and mitigations of intel SGX applications,' Cybernetica AS, [Online], Tech. Rep. D-2--116, 2021.

[90]

O. Regev, 'On lattices, learning with errors, random linear codes, and cryptography,' Journal of the ACM (JACM), vol. 56, no. 6, pp. 1--40, 2009, https://dl.acm.org/doi/10.1145/1568318.1568324.

[91]

M.-J. O. Saarinen and J.-P. Aumasson, 'The BLAKE2 Cryptographic Hash and Message Authentication Code (MAC),' RFC 7693, 2015, https://www.rfc-editor.org/rfc/rfc7693.

Digital Library

[92]

S. Sav, J.-P. Bossuat, J. R. Troncoso-Pastoriza, M. Claassen, and J.-P. Hubaux, 'Privacy-preserving federated neural network learning for disease-associated cell classification,' Patterns, vol. 3, no. 5, p. 100487, 2022, https://doi.org/10.1016/j.patter.2022.100487.

[93]

S. Sav, A. Pyrgelis, J. R. Troncoso-Pastoriza, D. Froelicher, J.-P. Bossuat, J. S. Sousa, and J.-P. Hubaux, 'POSEIDON: Privacy-preserving federated neural network learning,' Annual Network And Distributed System Security Symposium (NDSS), 2021, http://dx.doi.org/10.14722/ndss.2021.24119.

[94]

F. Tramèr, R. Shokri, A. San Joaquin, H. Le, M. Jagielski, S. Hong, and N. Carlini, 'Truth serum: Poisoning machine learning models to reveal their secrets,' in ACM SIGSAC Conference on Computer and Communications Security (CCS). Association for Computing Machinery, 2022, p. 2779--2792, https://doi.org/10.1145/3548606.3560554. [Online]. Available: https://arxiv.org/abs/2204.00032

Digital Library

[95]

N. H. Tran, H. Pang, and R. H. Deng, 'Efficient verifiable computation of linear and quadratic functions over encrypted data,' in ACM on Asia Conference on Computer and Communications Security (Asia CCS), 2016, pp. 605--616, https://dl.acm.org/doi/abs/10.1145/2897845.2897892.

[96]

F. Turkmen, M. R. Asghar, and Y. Demchenko, 'iGenoPri: Privacy-preserving genomic data processing with integrity and correctness proofs,' in IEEE Annual Conference on Privacy, Security and Trust (PST). IEEE, 2016, pp. 407--410, https://doi.org/10.1109/PST.2016.7906964.

[97]

J. Valentino-DeVries, N. Singer, M. Keller, and A. Krolik, 'Your apps know where you were last night, and they're not keeping it secret - the new york times,' 2018, [Online].

[98]

A. Viand, C. Knabenhans, and A. Hithnawi, 'Verifiable fully homomorphic encryption,' arXiv preprint arXiv:2301.07041, 2023, https://arxiv.org/abs/2301.07041.

[99]

S. Wang, Y. Zhang, W. Dai, K. Lauter, M. Kim, Y. Tang, H. Xiong, and X. Jiang, 'HEALER: homomorphic computation of exact logistic regression for secure rare disease variants analysis in gwas,' Bioinformatics, vol. 32, no. 2, pp. 211--218, 2016, https://doi.org/10.1093/bioinformatics/btv563.

[100]

W. Wang, G. Chen, X. Pan, Y. Zhang, X. Wang, V. Bindschaedler, H. Tang, and C. A. Gunter, 'Leaky cauldron on the dark land: Understanding memory side-channel hazards in SGX,' in ACM SIGSAC Conference on Computer and Communications Security (CCS), 2017, pp. 2421--2434, https://doi.org/10.1145/3133956.3134038.

Digital Library

[101]

R. Wen, Y. Yu, X. Xie, and Y. Zhang, 'LEAF: A faster secure search algorithm via localization, extraction, and reconstruction,' in ACM SIGSAC Conference on Computer and Communications Security (CCS), 2020, pp. 1219--1232, https://doi.org/10.1145/3372297.3417237.

Digital Library

[102]

C. Weng, K. Yang, J. Katz, and X. Wang, 'Wolverine: fast, scalable, and communication-efficient zero-knowledge proofs for boolean and arithmetic circuits,' in IEEE Symposium on Security and Privacy (S&P). IEEE, 2021, pp. 1074--1091, https://doi.ieeecomputersociety.org/10.1109/SP40001.2021.00056. [Online]. Available: https://eprint.iacr.org/2020/925

[103]

G. Xu, H. Li, S. Liu, K. Yang, and X. Lin, 'Verifynet: Secure and verifiable federated learning,' IEEE Transactions on Information Forensics and Security (TIFS), vol. 15, pp. 911--926, 2019, https://doi.org/10.1109/TIFS.2019.2929409.

Digital Library

[104]

G. Xu, H. Li, H. Ren, J. Sun, S. Xu, J. Ning, H. Yang, K. Yang, and R. H. Deng, 'Secure and verifiable inference in deep neural networks,' in Annual Computer Security Applications Conference, 2020, pp. 784--797, https://doi.org/10.1145/3427228.3427232.

Digital Library

[105]

S. Xu, Y. He, and L. F. Zhang, 'Cryptanalysis of Tran-Pang-Deng verifiable homomorphic encryption,' in ICISC, 2017, https://doi.org/10.1007/978--3--319--78556--1_4.

[106]

Y. Xu, W. Cui, and M. Peinado, 'Controlled-channel attacks: Deterministic side channels for untrusted operating systems,' in IEEE Symposium on Security and Privacy (S&P). IEEE, 2015, pp. 640--656, https://doi.org/10.1109/SP.2015.45.

Digital Library

[107]

C. Zhang, S. Li, J. Xia, W. Wang, F. Yan, and Y. Liu, 'BatchCrypt: Efficient homomorphic encryption for cross-silo federated learning,' in USENIX ATC, 2020, www.usenix.org/conference/atc20/presentation/zhang-chengliang.

[108]

X. Zhang, A. Fu, H.Wang, C. Zhou, and Z. Chen, 'Aprivacy-preserving and verifiable federated learning scheme,' in IEEE International Conference on Communications (ICC). IEEE, 2020, pp. 1--6, https://doi.org/10.1109/ICC40277.2020.9148628.

[109]

W. Zheng, R. A. Popa, J. E. Gonzalez, and I. Stoica, 'Helen: Maliciously secure coopetitive learning for linear models,' in IEEE Symposium on Security and Privacy (S&P). IEEE, 2019, pp. 724--738, https://doi.org/10.1109/SP.2019.00045.

[110]

L. Zhu, Z. Liu, and S. Han, 'Deep leakage from gradients,' in Advances in Neural Information Processing Systems (NeurIPS), vol. 32, 2019, https://arxiv.org/abs/1906.08935. [Online]. Available: https://proceedings.neurips.cc/paper/2019/file/60a6c4002cc7b29142def8871531281a-Paper.pdf

Cited By

Knabenhans CViand AMerino-Gallardo AHithnawi ABergamaschi FCostache ARohloff K(2024)vFHE: Verifiable Fully Homomorphic EncryptionProceedings of the 12th Workshop on Encrypted Computing & Applied Homomorphic Cryptography10.1145/3689945.3694806(11-22)Online publication date: 19-Nov-2024
https://dl.acm.org/doi/10.1145/3689945.3694806
Mouchet CChatel SNürnberger LLueks WLuo BLiao XXu JKirda ELie D(2024)Poster: Multiparty Private Set Intersection from Multiparty Homomorphic EncryptionProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3691405(5003-5005)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3691405
Mouchet CChatel SPyrgelis ATroncoso CLuo BLiao XXu JKirda ELie D(2024)Helium: Scalable MPC among Lightweight Participants and under ChurnProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670346(3038-3052)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670346

Index Terms

VERITAS: Plaintext Encoders for Practical Verifiable Homomorphic Encryption
1. Security and privacy
  1. Cryptography

Recommendations

Poster: Verifiable Encodings for Maliciously-Secure Homomorphic Encryption Evaluation
CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

Homomorphic encryption has become a promising solution for protecting the privacy of computations on sensitive data. However, existing homomorphic encryption pipelines do not guarantee the correctness of the computation result in the presence of a ...
Delegatable homomorphic encryption with applications to secure outsourcing of computation
CT-RSA'12: Proceedings of the 12th conference on Topics in Cryptology

We propose a new cryptographic primitive called Delegatable Homomorphic Encryption (DHE). This allows a Trusted Authority to control/delegate the evaluation of circuits over encrypted data to untrusted workers/evaluators by issuing tokens. This ...
Practical and Efficient Attribute-Based Encryption with Constant-Size Ciphertexts in Outsourced Verifiable Computation
ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

In cloud computing, computationally weak users are always willing to outsource costly computations to a cloud, and at the same time they need to check the correctness of the result provided by the cloud. Such activities motivate the occurrence of ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '24: Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security

December 2024

5188 pages

ISBN:9798400706363

DOI:10.1145/3658644

General Chairs:
Bo Luo
University of Kansas, USA
,
Xiaojing Liao
Indiana University Bloomington, USA
,
Jun Xu
University of Utah, USA
,
Program Chairs:
Engin Kirda
Northeastern University, USA
,
David Lie
University of Toronto, Canada

Copyright © 2024 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 December 2024

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Author Tags

Qualifiers

Research-article

Funding Sources

Swiss National Science Foundation (SNF)

Conference

CCS '24

Sponsor:

SIGSAC

CCS '24: ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

UT, Salt Lake City, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
219
Total Downloads

Downloads (Last 12 months)219
Downloads (Last 6 weeks)219

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Knabenhans CViand AMerino-Gallardo AHithnawi ABergamaschi FCostache ARohloff K(2024)vFHE: Verifiable Fully Homomorphic EncryptionProceedings of the 12th Workshop on Encrypted Computing & Applied Homomorphic Cryptography10.1145/3689945.3694806(11-22)Online publication date: 19-Nov-2024
https://dl.acm.org/doi/10.1145/3689945.3694806
Mouchet CChatel SNürnberger LLueks WLuo BLiao XXu JKirda ELie D(2024)Poster: Multiparty Private Set Intersection from Multiparty Homomorphic EncryptionProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3691405(5003-5005)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3691405
Mouchet CChatel SPyrgelis ATroncoso CLuo BLiao XXu JKirda ELie D(2024)Helium: Scalable MPC among Lightweight Participants and under ChurnProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670346(3038-3052)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670346

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents