Towards a DSL for hybrid secure computation
Romain de Laage
TL;DR
This paper addresses the challenge of performing privacy-preserving data processing in hybrid environments that combine fully homomorphic encryption (FHE) with trusted execution environments (TEEs). It introduces a domain-specific language (DSL) that provides a common representation of computations and a single codebase that can run on either FHE or TEE backends via a unified AST interpreter. Preliminary results demonstrate a covariance computation implemented in the DSL running on both backends, with the TEE backend approaching baseline performance and the FHE backend incurring notable overhead. The approach reduces cross-backend maintenance, enabling practical privacy-preserving workflows, and the authors outline future work to quantify performance across elementary operations.
Abstract
Fully homomorphic encryption (FHE) and trusted execution environments (TEE) are two approaches to provide confidentiality during data processing. Each approach has its own strengths and weaknesses. In certain scenarios, computations can be carried out in a hybrid environment, using both FHE and TEE. However, processing data in such hybrid settings presents challenges, as it requires to adapt and rewrite the algorithms for the chosen technique. We propose a domain-specific language (DSL) for secure computation that allows to express the computations to perform and execute them using a backend that leverages either FHE or TEE, depending on what is available.