Fully Homomorphic Encryption (FHE) is seeing increasing real-world deployment to protect data in use by allowing computation over encrypted data. However, the same malleability that enables homomorphic computations also raises integrity issues, which have so far been mostly overlooked for practical deployments. While FHE’s lack of integrity has obvious implications for correctness, it also has severe implications for confidentiality: a malicious server can leverage the lack of integrity to carry out interactive key-recovery attacks.
As a result, virtually all FHE schemes and applications assume an honest-but-curious server who does not deviate from the protocol. However, this assumption is insufficient for a wide range of deployment scenarios. While there has been work that aims to address this gap, current approaches fail to fully address the needs and characteristics of modern FHE schemes and applications.
In this talk, I will discuss the need for and challenges of achieving verifiable Fully Homomorphic Encryption (vFHE). I will then introduce a new notion for maliciously secure verifiable FHE and provide concrete instantiations of the protocol based on a variety of integrity primitives (primarily based on Zero-Knowledge Proofs). Finally, I will examine the practicality of verifiable FHE today and highlight the need for further research on tailored integrity solutions for FHE. This is joint work with Alexander Viand and Anwar Hithnawi.
I also gave this talk at the following venues: