New Side-Channel Attack on Homomorphic Encryption

The side-channel attack

• According to the researchers, by monitoring the power consumption in a device encoding data for homomorphic encryption, they can read the data while being encrypted.
• The data leakage attack involves a flaw discovered in Microsoft SEAL that allows the recovery of a piece of plaintext message being homomorphically encrypted and undoing privacy protections.

What is homomorphic encryption?

• This allows sharing of sensitive data with other third-party services (e.g. data analytics firms) for processing while the underlying information remains encrypted and inaccessible to the service provider.
• The aim of homomorphic encryption is the development of end-to-end encrypted computation services and data storage services where the data owner need not share their secret keys with third-party services.

Vulnerability in SEAL and RevEAL attack 

• An attacker can take advantage of a power-based side-channel leakage for Microsoft SEAL prior to v3.6—that implements the Brakerski/Fan-Vercauteren (BFV) protocol— to extract the entire message with a single power measurement.
• SEAL version 3.6 (released on December 3, 2020) and later versions use different sampling algorithms while the newer versions of the library may be affected by other vulnerabilities.

The bottom line