A General Framework for Privacy-preserving Computation on Cloud Environments

Abstract

While privacy and security concerns dominate public cloud services, Homomorphic Encryption (HE) is seen as an emerging solution that can potentially assure secure processing of sensitive data by third-party cloud vendors. It relies on the fact that computations can occur on encrypted data without the need for decryption, although there are major stumbling blocks to overcome before the technology is considered mature for production cloud environments. This paper examines a proposed technology platform, known as the Homomorphic Encryption Bus (HEB), that leverages HE with data obfuscation methods over a minimal network interaction model, allowing a uniform, flexible and general approach to cloud-based privacy-preserving system integration. The platform is uniquely designed to overcome barriers limiting the mainstream application of existing Fully Homomorphic Encryption (FHE) schemes in the cloud. A client-server interaction model involving ciphertext decryption on the client end is necessary to achieve resetting of 'noisy' ciphertexts in place of a much more inefficient (server only) recryption procedure. Data perturbation techniques are used to obfuscate intermediate data decrypted on the client-side of ciphertext interactions, in a way that is unintelligible to the client. In addition to efficient noise resetting, interactions involving data perturbations also achieve plaintext (binary to integer-based and vice versa) message space swapping, and conversion of accumulated integer-based encodings to a reduced embedded binary form. There appears to be little existing literature that examines these techniques as a means of broadening HE processing capabilities and practical application over the cloud. Interaction performance is examined in terms of timing and multiplicative circuit depth costs, through a simple equation evaluation and against standard recryption.