Characterizing the Sensitivity to Individual Bit Flips in Client-Side Operations of the CKKS Scheme

TL;DR

This paper investigates how single bit-flip errors affect the CKKS homomorphic encryption scheme, revealing that optimizations like RNS and NTT increase error sensitivity, which is crucial for designing resilient privacy-preserving systems.

Contribution

It provides the first systematic theoretical and empirical analysis of fault tolerance in CKKS, especially under common performance optimizations, highlighting their impact on error propagation.

Findings

RNS and NTT optimizations increase error sensitivity in CKKS

Vanilla CKKS shows some resilience to bit flips

Understanding error propagation aids in designing fault-tolerant HE systems

Abstract

Homomorphic Encryption (HE) enables computation on encrypted data without decryption, making it a cornerstone of privacy-preserving computation in untrusted environments. As HE sees growing adoption in sensitive applications such as secure machine learning and confidential data analysis ensuring its robustness against errors becomes critical. Faults (e.g., transmission errors, hardware malfunctions, or synchronization failures) can corrupt encrypted data and compromise the integrity of HE operations. However, the impact of soft errors (such as bit flips) on modern HE schemes remains unexplored. Specifically, the CKKS scheme-one of the most widely used HE schemes for approximate arithmetic-lacks a systematic study of how such errors propagate across its pipeline, particularly under optimizations like the Residue Number System (RNS) and Number Theoretic Transform (NTT). This work bridges that gap by presenting a theoretical and empirical analysis of CKKS's fault tolerance under single bit-flip errors. We focus on client-side operations (encoding, encryption, decryption, and decoding) and demonstrate that while the vanilla CKKS scheme exhibits some resilience, performance optimizations (RNS/NTT) introduce significant fragility, amplifying error sensitivity. By characterizing these failure modes, we lay the groundwork for error-resilient HE designs, ensuring both performance and integrity in privacy-critical applications.