ENCRYPT Blog Series #13: Combining Trusted Execution Environment and Homomorphic Encryption

by Giovanni Mazzeo, Co-founder of Trust Up srl and Assistant Professor at University of Naples ‘Parthenope’.

The field of privacy-preserving computing techniques has gained momentum among the research and industrial communities. In fact, the protection of data-in-use is of paramount importance to ensure information security in the most vulnerable phase, i.e., during its computation in a non-trusted environment. In such a vulnerability window, malicious actors could gain access to system memory and thus to data in clear form.

Different techniques are available to achieve the protection of data-in-use via computation over encrypted data, the most popular examples being: i) Homomorphic Encryption (HE); ii) Secure multi-party computation (MPC), iii) Functional Encryption (FE). A totally different approach is offered by Confidential Computing. According to the Confidential Computing Consortium, the protection of data in use is achieved by performing computations in a hardware-based Trusted Execution Environment (TEE). Each approach has its own set of advantages and disadvantages; thus, the adoption of a specific technique highly depends on the use case requirements.

  • Homomorphic Encryption (HE): The security model of HE foresees that the data owner first encrypts data in a trusted infrastructure and then outsources the processing — on ciphered data — upon a non-trusted platform. The security guarantees are strong considering that data is always encrypted and that keys never leave trusted premises. A specificity of HE lies in the fact that different cryptosystems are suited to different kinds of computations. For instance, BGV, BFV or CKKS cryptosystems fit well with linear processing over a large amount of data points in parallel, while the TFHE encryption scheme is more suitable for non-linear processing over a single data point at a time. Switching between both types of cryptosystems can therefore be crucial for some applications. However, HE is notoriously slow. While it would be ideal to be able to switch between cryptosystems to increase the performance and the range of applications, existing methods are not yet practical.
  • Trusted Execution Environment (TEE): In a TEE, protection is achieved by preventing access to data (as opposed to transforming/dispersing it). TEEs create secure areas of a computing device where sensitive data is isolated from the rest of the device software and hardware. The security model of a TEE, instead foresees the data owner pushing data in a trusted — CPU-secured — memory area in the non-secure environment where it will be protected from external attacks by means of hardware. The computation is then performed in the TEE on clear text. However, the trust model of a TEE is weaker than that of HE. The data owner must trust the TEE manufacturer and the software running in the secure enclave. Moreover, protection against side-channel attacks – while inherent when performing computation over homomorphic ciphers – needs to be fine-tuned to every different computation inside the TEE.

In ENCRYPT, we combine TEE and HE to mitigate their limitations and draw on their respective strengths. This allows us to achieve several properties that would be unattainable without this marriage of TEE and HE:

  • It performs efficient and protected crypto-scheme switches inside a TEE. We can therefore optimize the homomorphic processing of algorithms containing both linear and non-linear functions, which perform better with different crypto schemes.
  • Because the noise inside ciphertexts is refreshed inside the TEE, it allows the AI model that we use to have an arbitrarily large multiplicative depth, with no effect on parameter size and therefore on performance.
  • It relies on HE for most of the computation time, in this way we reduce the time window in which data would have been exposed to side-channel attacks if it was processed inside the TEE.
  • It is protected against the threat of a corrupted TEE through a “flooding” process that makes it impossible to distinguish real data from fake data.
  • It achieves generic side-channel attack protection whenever computation is carried out on the client’s data.

In ENCRYPT, the HE+TEE solution will be validated on the financial case study provided by the Cooperative Bank of Epirus (EPIBANK) and the EXUS Software LTD company. The former is a government banking agency that offers personal banking, loans, venture capital, and online banking services. The latter is a software publisher that develops solutions for banks and financial institutions, which supported EPIBANK to set up an AI-driven application to better manage its debt collection services offered to its clients and shape its overall strategy. The AI processing includes linear and non-linear processing on very sensitive clients’ data, which requires the adoption of a privacy-preserving solution. The HE alone is not a viable solution since it would impact the performance too much, while the TEE alone would expose the data to side-channel attacks for the entire processing period and rely on an assumption of trust toward the TEE’s manufacturer.

Stay tuned to know more insights about the development of this use case.