Side Channel Analysis in Homomorphic Encryption
Baraq Ghaleb, William J Buchanan
TL;DR
This work surveys side-channel threats in fully and partially homomorphic encryption, emphasizing lattice-based HE schemes (e.g., BFV/BGV and CKKS) and libraries such as SEAL and OpenFHE. It catalogs SCA categories and presents real-world case studies showing how single-trace measurements or induced decryption errors can compromise keys or plaintext, exemplified by attacks that reduce security levels from $2^{128}$ to $2^{4.4}$ and require only a handful of queries. The paper then discusses mitigation strategies, notably constant-time implementations, masking/blinding, and shuffling/randomization, and highlights the need for hardened HE libraries in privacy-preserving cloud and ML deployments. Overall, it underscores that practical HE deployments face non-mathematical vulnerabilities in implementations, which must be addressed to realize secure in-process encrypted computation.
Abstract
Homomorphic encryption provides many opportunities for privacy-aware processing, including with methods related to machine learning. Many of our existing cryptographic methods have been shown in the past to be susceptible to side channel attacks. With these, the implementation of the cryptographic methods can reveal information about the private keys used, the result, or even the original plaintext. An example of this includes the processing of the RSA exponent using the Montgomery method, and where 0's and 1's differ in their processing time for modular exponentiation. With FHE, we typically use lattice methods, and which can have particular problems in their implementation in relation to side channel leakage. This paper aims to outline a range of weaknesses within FHE implementations as related to side channel analysis. It outlines a categorization for side-channel analysis, some case studies, and mitigation strategies.
