A group of academics from North Carolina State University and Dokuz Eylul University have revealed the "first side-channel attack" on homomorphic encryption, which may be used to disclose data while the encryption process is in progress.
Aydin Aysu, one of the authors of the study, stated, "Basically, by monitoring power consumption in a device that is encoding data for homomorphic encryption, we are able to read the data as it is being encrypted. This demonstrates that even next generation encryption technologies need protection against side-channel attacks."
Homomorphic Encryption is a kind of encryption that enables specific sorts of computations to be done directly on encrypted data without the need to first decrypt it.
It's also designed to protect privacy by permitting sensitive data to be shared with other third-party services, such as data analytics organisations, for additional processing while the base data remains encrypted and, as a result, unavailable to the service provider.
To put it another way, the purpose of homomorphic encryption is to make it easier to establish end-to-end encrypted data storage and computation services that don't require the data owner to provide their secret keys with third-party services.
The researchers proposed a data leakage attack based on a vulnerability found in Microsoft SEAL, the tech giant's open-source implementation of the technology, that could be abused in a way that enables the recovery of a piece of plaintext message that is homomorphically encrypted, successfully undoing the privacy safeguards.
The attack, dubbed RevEAL, takes advantage of a "power-based side-channel leakage of Microsoft SEAL prior to v3.6 that implements the Brakerski/Fan-Vercauteren (BFV) protocol" and "targets the Gaussian sampling in the SEAL's encryption phase and can extract the entire message with a single power measurement," as per the researchers.
SEAL versions 3.6 and after, released on December 3, 2020, and beyond, employ a different sampling technique, according to the researchers, who also warn that future versions of the library may have a "different vulnerability."
Kim Laine, Microsoft's principal research manager who heads the Cryptography and Privacy Research Group, stated in the release notes, "Encryption error is sampled from a Centered Binomial Distribution (CBD) by default unless 'SEAL_USE_GAUSSIAN_NOISE' is set to ON. Sampling from a CBD is constant-time and faster than sampling from a Gaussian distribution, which is why it is used by many of the NIST PQC finalists."