Last Updated on 05/03/2022 by Nidhi Khandelwal
A group of academics from North Carolina State University and Dokuz Eylul University have demonstrated the “first side-channel attack” on homomorphic encryption, which may be used to leak data while the encryption process is in progress, according to the researchers.
“Basically, we can read the data as it is being encrypted by measuring power usage in a device that is encoding data for homomorphic encryption,” said Aydin Aysu, one of the study’s authors. “This highlights the need for side-channel protection in even next-generation encryption methods.”
Homomorphic Encryption is a type of encryption that enables certain sorts of computations to be done directly on encrypted data without the need to first decrypt it.
It’s also designed to protect privacy by allowing sensitive data to be shared with other third-party services, such as data analytics organizations, for additional processing while the underlying data remains encrypted and, as a result, inaccessible to the service provider.
To put it another way, the purpose of homomorphic encryption is to make it easier to create end-to-end encrypted data storage and computation services that don’t require the data owner to provide their secret keys with third-party services.
The researchers propose a data leakage attack based on a vulnerability discovered in Microsoft SEAL, the tech giant’s open-source implementation of the technology, that could be exploited in a way that allows the recovery of a piece of plaintext message that is homomorphically encrypted, effectively undoing the privacy protections.