Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

On the Vulnerability of FHE Computation to Silent Data Corruption

Jianan Mu, Ge Yu, Zhaoxuan Kan, Song Bian, Liang Kong, Zizhen Liu, Cheng Liu, Jing Ye, Huawei Li

Abstract

Fully Homomorphic Encryption (FHE) is rapidly emerging as a promising foundation for privacy-preserving cloud services, enabling computation directly on encrypted data. As FHE implementations mature and begin moving toward practical deployment in domains such as secure finance, biomedical analytics, and privacy-preserving AI, a critical question remains insufficiently explored: how reliable is FHE computation on real hardware? This question is especially important because, compared with plaintext computation, FHE incurs much higher computational overhead, making it more susceptible to transient hardware faults. Moreover, data corruptions are likely to remain silent: the FHE service has no access to the underlying plaintext, causing unawareness even though the corresponding decrypted result has already been corrupted. To this end, we conduct a comprehensive evaluation of SDCs in FHE ciphertext computation. Through large-scale fault-injection experiments, we characterize the vulnerability of FHE to transient faults, and through a theoretical analysis of error-propagation behaviors, we gain deeper algorithmic insight into the mechanisms underlying this vulnerability. We further assess the effectiveness of different fault-tolerance mechanisms for mitigating these faults.

On the Vulnerability of FHE Computation to Silent Data Corruption

Abstract

Fully Homomorphic Encryption (FHE) is rapidly emerging as a promising foundation for privacy-preserving cloud services, enabling computation directly on encrypted data. As FHE implementations mature and begin moving toward practical deployment in domains such as secure finance, biomedical analytics, and privacy-preserving AI, a critical question remains insufficiently explored: how reliable is FHE computation on real hardware? This question is especially important because, compared with plaintext computation, FHE incurs much higher computational overhead, making it more susceptible to transient hardware faults. Moreover, data corruptions are likely to remain silent: the FHE service has no access to the underlying plaintext, causing unawareness even though the corresponding decrypted result has already been corrupted. To this end, we conduct a comprehensive evaluation of SDCs in FHE ciphertext computation. Through large-scale fault-injection experiments, we characterize the vulnerability of FHE to transient faults, and through a theoretical analysis of error-propagation behaviors, we gain deeper algorithmic insight into the mechanisms underlying this vulnerability. We further assess the effectiveness of different fault-tolerance mechanisms for mitigating these faults.
Paper Structure (27 sections, 1 equation, 5 figures, 1 table)

This paper contains 27 sections, 1 equation, 5 figures, 1 table.

Table of Contents

  1. Introduction
  2. Preliminary
  3. Silent Data Corruptions
  4. CKKS Scheme
  5. Encryption and Decryption
  6. Multi-Level Data Structures
  7. Multi-Level Operators
  8. Related Works
  9. Notations
  10. Exploration of SDC in CKKS Evaluation
  11. Fault Model
  12. Vulnerability Evaluation on Single Basic Ciphertext Operations
  13. (1) Operator set.
  14. (2) Parameter configurations.
  15. (3) Fault injection and Evaluation.
  16. ...and 12 more sections

Figures (5)

  • Figure 1: (a) Typical application scenarios of FHE. (b) An FHE-based cancer detection service showing that accuracy degrades sharply under a single-bit hardware fault.
  • Figure 2: Multi-level structure of data and operators in CKKS.
  • Figure 3: Vulnerability evaluation of 5 CKKS homomorphic operations (ct-pt mult, ct-ct mult, ct-pt add, ct-ct add, ct rot): (a) Parameter settings. (b) Slot-level error variation of different parameter settings.
  • Figure 4: (a) Seven polynomial operation steps in Keyswitch: op-0: intt, op-1: bconv, op-2: ntt, op-3: point-mult, op-4: intt, op-5: bconv, op-6: ntt. The PM in Decrypt denotes point-mult. (b) Error evaluation on the decrypted message after injecting faults on each step.
  • Figure 5: (a) SDC rate evaluation. (b) The overhead of fault-tolerant ciphertext computation.