Secret program execution in the cloud applying homomorphic encryption

Abstract

A growing number of compute and data storage jobs is performed on remote resources. In a cloud environment the customer can't be sure where a particular job is physically executed and thus cannot rely on the security and confidentiality of the remote resource. A solution for this problem is operating on encrypted functions and encrypted data. This enables a customer to generate a program that can be executed by a third party, without revealing the underlying algorithm or the processed data. This helps securing applications and data in a distributed digital ecosystem. We present a method to compute a secret program on an untrusted resource using fully homomorphic encrypted circuits. We sketch an algebraic homomorphism as a cryptographic foundation and define a sample system architecture for which we provide a software implementation. Our concept solves the problems of encrypted storage access with encrypted addresses and encrypted branching: in contrast to other approaches, like static one-pass circuit simulations, our system supports dynamic parameters and non-linear programs, that render branch-decisions at runtime and cannot be represented in a circuit with hard-wired in-circuit parameters and data. Our implementation comprises the runtime environment for an encrypted program and an assembler to generate the encrypted machine code.