Lightweight Fault Tolerance for Secure Aggregation of Homomorphic Data

Homomorphic encryption constitutes a powerful cryptographic method that enables data aggregation in distributed applications over large datasets, such as electronic voting, electronic wallets, secure auctions, lotteries and secret sharing. At the same time, as attack trends move towards the lower levels of the computation stack and new threats continue to emerge, the lack of trust in contemporary computing paradigms keeps increasing. Since, homomorphic encryption helps preserve the confidentiality of sensitive information, it offers a powerful countermeasure against contemporary and future privacy threats, while allowing meaningful processing even though the data remains unreadable. Nevertheless, when homomorphic primitives are mapped to hardware circuits to improve performance, they become vulnerable to random faults and soft errors since homomorphic operations are malleable by construction and do not provide any explicit assurance towards data integrity. In this chapter, we present a fault tolerance methodology that protects homomorphic aggregation circuits through concurrent detection of random errors in homomorphic ALUs and encrypted values stored in memory. Our approach establishes the theoretical foundations to extend residue numbering to additive homomorphic operations, which enables lightweight fault detection with detection rates of more than 99.98% for ALU operations, and 100% for clustered faults and single bitflips in memory values. Using an efficient modular reduction algorithm, our method incurs a performance overhead between 3.6 and 8%, for a minimal area penalty.

[1]  Michail Maniatakos,et al.  Multiple-Bit Upset Protection in Microprocessor Memory Arrays Using Vulnerability-Based Parity Optimization and Interleaving , 2015, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[2]  Nektarios Georgios Tsoutsos,et al.  Advanced techniques for designing stealthy hardware trojans , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).

[3]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[4]  R. Robinson Mersenne and Fermat numbers , 1954 .

[5]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[6]  J. Zhan,et al.  Cloud Computing Security Case Studies and Research , 2013 .

[7]  Doe Hyun Yoon,et al.  Memory mapped ECC: low-cost error protection for last level caches , 2009, ISCA '09.

[8]  Yael Tauman Kalai,et al.  Improved Delegation of Computation using Fully Homomorphic Encryption , 2010, IACR Cryptol. ePrint Arch..

[9]  Jim-Min Lin,et al.  Concurrent Error Detection in Montgomery Multiplication over GF(2m) , 2006, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[10]  Michail Maniatakos,et al.  Trust No One: Thwarting "heartbleed" Attacks Using Privacy-Preserving Computation , 2014, 2014 IEEE Computer Society Annual Symposium on VLSI.

[11]  Jonathan Katz,et al.  Introduction to Modern Cryptography: Principles and Protocols , 2007 .

[12]  Minoru Kuribayashi,et al.  Fingerprinting protocol for images based on additive homomorphic property , 2005, IEEE Transactions on Image Processing.

[13]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[14]  Tsutomu Sasao,et al.  Fast Hardware Computation of x Mod z , 2011, 2011 IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum.

[15]  Ronald Cramer,et al.  A Secure and Optimally Efficient Multi-Authority Election Scheme ( 1 ) , 2000 .

[16]  Frederik Vercauteren,et al.  Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes , 2010, Public Key Cryptography.

[17]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[18]  Steven Scott Gorshe,et al.  Concurrent error detection , 2002 .

[19]  W. Kenneth Jenkins,et al.  The Design of Error Checkers for Self-Checking Residue Number Arithmetic , 1983, IEEE Transactions on Computers.

[20]  Colin D. Walter Data Integrity in Hardware for Modular Arithmetic , 2000, CHES.

[21]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[22]  E. Wright,et al.  An Introduction to the Theory of Numbers , 1939 .

[23]  Frederik Vercauteren,et al.  Somewhat Practical Fully Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[24]  Edward J. McCluskey,et al.  Which concurrent error detection scheme to choose ? , 2000, Proceedings International Test Conference 2000 (IEEE Cat. No.00CH37159).

[25]  Jacques Stern,et al.  Sharing Decryption in the Context of Voting or Lotteries , 2000, Financial Cryptography.

[26]  Nektarios Georgios Tsoutsos,et al.  Cryptographic vote-stealing attacks against a partially homomorphic e-voting architecture , 2016, 2016 IEEE 34th International Conference on Computer Design (ICCD).

[27]  Craig Gentry,et al.  Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.

[28]  Flora D. Salim,et al.  Urban computing in the wild: A survey on large scale participation and citizen engagement with ubiquitous computing, cyber physical systems, and Internet of Things , 2015, Int. J. Hum. Comput. Stud..

[29]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[30]  Christof Paar,et al.  Stealthy dopant-level hardware Trojans: extended version , 2013, Journal of Cryptographic Engineering.

[31]  M. McLoone,et al.  Fast Montgomery modular multiplication and RSA cryptographic processor architectures , 2003, The Thrity-Seventh Asilomar Conference on Signals, Systems & Computers, 2003.

[32]  Nektarios Georgios Tsoutsos,et al.  Fabrication Attacks: Zero-Overhead Malicious Modifications Enabling Modern Microprocessor Privilege Escalation , 2014, IEEE Transactions on Emerging Topics in Computing.

[33]  Dan Boneh,et al.  Fast Variants of RSA , 2007 .

[34]  Nektarios Georgios Tsoutsos,et al.  The HEROIC Framework: Encrypted Computation Without Shared Keys , 2015, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[35]  Ron Steinfeld,et al.  Faster Fully Homomorphic Encryption , 2010, ASIACRYPT.

[36]  Nektarios Georgios Tsoutsos,et al.  HEROIC: Homomorphically EncRypted One Instruction Computer , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[37]  Ivan Damgård,et al.  A generalization of Paillier’s public-key system with applications to electronic voting , 2010, International Journal of Information Security.

[38]  Robert Baumann,et al.  Soft errors in advanced computer systems , 2005, IEEE Design & Test of Computers.

[39]  Caroline Fontaine,et al.  A Survey of Homomorphic Encryption for Nonspecialists , 2007, EURASIP J. Inf. Secur..

[40]  David Lyon,et al.  Surveillance, Snowden, and Big Data: Capacities, consequences, critique , 2014, Big Data Soc..

[41]  H. Garner The residue number system , 1959, IRE-AIEE-ACM '59 (Western).

[42]  David Pointcheval,et al.  Efficient Public-Key Cryptosystems Provably Secure Against Active Adversaries , 1999, ASIACRYPT.

[43]  Jean-Claude Bajard,et al.  An RNS Montgomery Modular Multiplication Algorithm , 1998, IEEE Trans. Computers.

[44]  Dennis Sylvester,et al.  A2: Analog Malicious Hardware , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[45]  Manoj Prabhakaran,et al.  Homomorphic Encryption with CCA Security , 2008, ICALP.

[46]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[47]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[48]  Markus Jakobsson,et al.  Controlling data in the cloud: outsourcing computation without outsourcing control , 2009, CCSW '09.