Understanding the Error Sensitivity of Privacy-Aware Computing

TL;DR

This paper investigates the error sensitivity of homomorphic encryption, specifically CKKS, highlighting how hardware and software errors can cause silent data corruption, which impacts the robustness of privacy-preserving computations.

Contribution

It provides the first detailed analysis of error sensitivity in CKKS HE scheme, including effects of RNS and NTT optimizations, advancing understanding of HE robustness.

Findings

CKKS error sensitivity is significantly affected by hardware errors.

Residue number system and NTT influence error propagation in HE.

First comprehensive study on HE robustness and error sensitivity.

Abstract

Homomorphic Encryption (HE) enables secure computation on encrypted data without decryption, allowing a great opportunity for privacy-preserving computation. In particular, domains such as healthcare, finance, and government, where data privacy and security are of utmost importance, can benefit from HE by enabling third-party computation and services on sensitive data. In other words, HE constitutes the "Holy Grail" of cryptography: data remains encrypted all the time, being protected while in use. HE's security guarantees rely on noise added to data to make relatively simple problems computationally intractable. This error-centric intrinsic HE mechanism generates new challenges related to the fault tolerance and robustness of HE itself: hardware- and software-induced errors during HE operation can easily evade traditional error detection and correction mechanisms, resulting in silent data corruption (SDC). In this work, we motivate a thorough discussion regarding the sensitivity of HE applications to bit faults and provide a detailed error characterization study of CKKS (Cheon-Kim-Kim-Song). This is one of the most popular HE schemes due to its fixed-point arithmetic support for AI and machine learning applications. We also delve into the impact of the residue number system (RNS) and the number theoretic transform (NTT), two widely adopted HE optimization techniques, on CKKS' error sensitivity. To the best of our knowledge, this is the first work that looks into the robustness and error sensitivity of homomorphic encryption and, as such, it can pave the way for critical future work in this area.