Verifiable Computing Using Computation Fingerprints Within FHE

TL;DR

This paper proposes a method using Fully Homomorphic Encryption (FHE) to verify computations efficiently by embedding verification data within encrypted values, enabling detection of incorrect results without significant overhead.

Contribution

It introduces a novel verification approach using computation fingerprints within FHE, leveraging hardware separation and logarithmic representations for secure, low-overhead validation.

Findings

Server can produce consistent wrong results without public key

Verification parts are fixed across input vectors

Method supports addition and multiplication in encrypted domain

Abstract

We suggest using Fully Homomorphic Encryption (FHE) to be used, not only to keep the privacy of information but also, to verify computations with no additional significant overhead, using only part of the variables length for verification. This method supports the addition of encrypted values as well as multiplication of encrypted values by the addition of their logarithmic representations and is based on a separation between hardware functionalities. The computer/server performs blackbox additions and is based on the separation of server/device/hardware, such as the enclave, that may deal with additions of logarithmic values and exponentiation. The main idea is to restrict the computer operations and to use part of the variable for computation verification (computation fingerprints) and the other for the actual calculation. The verification part holds the FHE value, of which the calculated result is known (either due to computing locally once or from previous verified computations) and will be checked against the returned FHE value. We prove that a server with bit computation granularity can return consistent encrypted wrong results even when the public key is not provided. For the case of computer word granularity the verification and the actual calculation parts are separated, the verification part (the consecutive bits from the LSB to the MSB of the variables) is fixed across all input vectors. We also consider the case of Single Instruction Multiple Data (SIMD) where the computation fingerprints index in the input vectors is fixed across all vectors.