CIPHERMATCH: Accelerating Homomorphic Encryption-Based String Matching via Memory-Efficient Data Packing and In-Flash Processing

TL;DR

CIPHERMATCH tackles the bottlenecks of homomorphic encryption-based secure exact string matching by combining a memory-efficient data packing scheme with an addition-only secure matching algorithm and an in-flash processing architecture. This algorithm–hardware co-design reduces memory growth after encryption, removes costly multiplications, and cuts data movement by moving computation into NAND flash, enabling end-to-end SSD integration. Across DNA string matching and encrypted database search workloads, CM-SW achieves substantial speedups and energy savings over prior software baselines, while CM-IFP further improves performance by up to several orders of magnitude and dramatically reduces energy consumption. The work demonstrates the practicality of near-storage HE acceleration and lays a foundation for privacy-preserving search in cloud-era storage systems.

Abstract

Homomorphic encryption (HE) allows secure computation on encrypted data without revealing the original data, providing significant benefits for privacy-sensitive applications. Many cloud computing applications (e.g., DNA read mapping, biometric matching, web search) use exact string matching as a key operation. However, prior string matching algorithms that use homomorphic encryption are limited by high computational latency caused by the use of complex operations and data movement bottlenecks due to the large encrypted data size. In this work, we provide an efficient algorithm-hardware codesign to accelerate HE-based secure exact string matching. We propose CIPHERMATCH, which (i) reduces the increase in memory footprint after encryption using an optimized software-based data packing scheme, (ii) eliminates the use of costly homomorphic operations (e.g., multiplication and rotation), and (iii) reduces data movement by designing a new in-flash processing (IFP) architecture. We demonstrate the benefits of CIPHERMATCH using two case studies: (1) Exact DNA string matching and (2) encrypted database search. Our pure software-based CIPHERMATCH implementation that uses our memory-efficient data packing scheme improves performance and reduces energy consumption by 42.9X and 17.6X, respectively, compared to the state-of-the-art software baseline. Integrating CIPHERMATCH with IFP improves performance and reduces energy consumption by 136.9X and 256.4X, respectively, compared to the software-based CIPHERMATCH implementation.

Figures (12)

• Figure 1: High-level overview of a modern SSD.
• Figure 2: Comparison of one Boolean aziz2024secure and one arithmetic yasuda2013secure technique in terms of (a) memory footprint, (b) execution time (in s), and (c) latency breakdown of the arithmetic approach yasuda2013secure.
• Figure 3: Transfer latency (normalized to the latency of transferring data to the CPU, denoted as Y=100) for loading data from flash chips to perform secure string matching in (1) CPU; (2) main memory; and (3) storage (SSD) controller. X-axis denotes the encrypted database size that is transferred.
• Figure 4: NAND flash peripheral circuitry with S-latch and D-latches to perform bitwise operations. Transistors (in red) show the modifications proposed by prior work cho-patent-2022. The arrows (in blue) denote the data flow between the latches.
• Figure 5: A single step of bit-serial addition using sensing and data latch circuitry in the flash array. Red, blue, and black lines denote data transfer from S-latch to D-latch, bitwise operations, and flash read operations, respectively.