Lightweight Fault Tolerance for Secure Aggregation of Homomorphic Data

  • Nektarios Georgios TsoutsosEmail author
  • Michail Maniatakos
Part of the Internet of Things book series (ITTCC)


Homomorphic encryption constitutes a powerful cryptographic method that enables data aggregation in distributed applications over large datasets, such as electronic voting, electronic wallets, secure auctions, lotteries and secret sharing. At the same time, as attack trends move towards the lower levels of the computation stack and new threats continue to emerge, the lack of trust in contemporary computing paradigms keeps increasing. Since, homomorphic encryption helps preserve the confidentiality of sensitive information, it offers a powerful countermeasure against contemporary and future privacy threats, while allowing meaningful processing even though the data remains unreadable. Nevertheless, when homomorphic primitives are mapped to hardware circuits to improve performance, they become vulnerable to random faults and soft errors since homomorphic operations are malleable by construction and do not provide any explicit assurance towards data integrity. In this chapter, we present a fault tolerance methodology that protects homomorphic aggregation circuits through concurrent detection of random errors in homomorphic ALUs and encrypted values stored in memory. Our approach establishes the theoretical foundations to extend residue numbering to additive homomorphic operations, which enables lightweight fault detection with detection rates of more than 99.98% for ALU operations, and 100% for clustered faults and single bitflips in memory values. Using an efficient modular reduction algorithm, our method incurs a performance overhead between 3.6 and 8%, for a minimal area penalty.


  1. 1.
    Bajard, J.-C., Didier, L.-S., Kornerup, P.: An RNS montgomery modular multiplication algorithm. IEEE Trans. Comput. 47(7), 766–776 (1998)MathSciNetCrossRefGoogle Scholar
  2. 2.
    Barron, C., Yu, H., Zhan, J.: Cloud computing security case studies and research. In: World Congress on Engineering, pp. 1287–1291 (2013)Google Scholar
  3. 3.
    Baumann, R.: Soft errors in advanced computer systems. IEEE Des. Test Comput. 22(3), 258–266 (2005)CrossRefGoogle Scholar
  4. 4.
    Becker, G.T., Regazzoni, F., Paar, C., Burleson, W.P.: Stealthy dopant-level hardware Trojans. In: Cryptographic Hardware and Embedded Systems Workshop, pp. 197–214 (2013)CrossRefGoogle Scholar
  5. 5.
    Boneh, D., Shacham, H.: Fast variants of RSA. CryptoBytes 5(1), 1–9 (2002)Google Scholar
  6. 6.
    Butler, J.T., Sasao, T.: Fast hardware computation of x mod z. In: Parallel and Distributed Processing Workshops and Phd Forum (IPDPSW), pp. 294–297. IEEE (2011)Google Scholar
  7. 7.
    Chiou, C.-W., Lee, C.-Y., Deng, A.-W., Lin, J.-M.: Concurrent error detection in montgomery multiplication over \(GF(2^m)\). IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 89(2), 566–574 (2006)CrossRefGoogle Scholar
  8. 8.
    Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R., Molina, J.: Controlling data in the cloud: outsourcing computation without outsourcing control. In: Cloud Computing Security Workshop, pp. 85–90. ACM (2009)Google Scholar
  9. 9.
    Chung, K.-M., Kalai, Y., Vadhan, S.: Improved delegation of computation using fully homomorphic encryption. In: Advances in Cryptology—CRYPTO 2010, pp. 483–501. Springer (2010)Google Scholar
  10. 10.
    Cramer, R., Gennaro, R., Schoenmakers, B.: A secure and optimally efficient multi-authority election scheme. In: Advances in Cryptology—EUROCRYPT’97, pp. 103–118. Springer (1997)Google Scholar
  11. 11.
    Damgård, I., Jurik, M., Nielsen, J.B.: A generalization of Paillier’s public-key system with applications to electronic voting. Int. J. Inf. Secur. 9(6), 371–385 (2010)CrossRefGoogle Scholar
  12. 12.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (1985)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Fan, J., Vercauteren, F.: Somewhat practical fully homomorphic encryption. IACR Cryptol. ePrint Archive 2012, 144 (2012)Google Scholar
  14. 14.
    Fontaine, C., Galand, F.: A survey of homomorphic encryption for nonspecialists. EURASIP J. Inf. Secur. 2007(1), 26–35 (2007)Google Scholar
  15. 15.
    Fouque, P.-A., Poupard, G., Stern, J.: Sharing decryption in the context of voting or lotteries. In: International Conference on Financial Cryptography, pp. 90–104. Springer (2000)Google Scholar
  16. 16.
    Garner, H.L.: The residue number system. IRE Trans. Electron. Comput. EC-8(2):140–147 (1959)CrossRefGoogle Scholar
  17. 17.
    Gentry, C.: A Fully Homomorphic Encryption Scheme. Ph.D. thesis, Stanford University (2009)Google Scholar
  18. 18.
    Giry, D., Bulens, P.: Cryptographic Key Length Recommendation [Online] (2017).
  19. 19.
    Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984)MathSciNetCrossRefGoogle Scholar
  20. 20.
    Gorshe, S.S.: Concurrent Error Detection. Ph.D. thesis, Oregon State University (2002)Google Scholar
  21. 21.
    Hardy, G.H., Wright, E.M.: An Introduction to the Theory of Numbers. Oxford University Press (1979)Google Scholar
  22. 22.
    Hodson, H.: Apple vs FBI: first salvo in the information war. New Sci. 229(3062), 24–25 (2016)CrossRefGoogle Scholar
  23. 23.
    Jenkins, W.: The design of error checkers for self-checking residue number arithmetic. IEEE Trans. Comput. 100(4), 388–396 (1983)CrossRefGoogle Scholar
  24. 24.
    Katz, J., Lindell, Y.: Introduction to Modern Cryptography. CRC Press (2008)Google Scholar
  25. 25.
    Kuribayashi, M., Tanaka, H.: Fingerprinting protocol for images based on additive homomorphic property. IEEE Trans. Image Process. 14(12), 2129–2139 (2005)CrossRefGoogle Scholar
  26. 26.
    Lyon, D.: Surveillance, Snowden, and big data: capacities, consequences, critique. Big Data Soc. 1(2), 1–13 (2014)CrossRefGoogle Scholar
  27. 27.
    Maniatakos, M., Michael, M.K., Makris, Y.: Multiple-bit upset protection in microprocessor memory arrays using vulnerability-based parity optimization and interleaving. IEEE Trans. Very Large Scale Integr. (VLSI) Syst. 23(11), 2447–2460 (2015)CrossRefGoogle Scholar
  28. 28.
    Mclvor, C., McLoone, M., McCanny, J.V.: Fast Montgomery modular multiplication and RSA cryptographic processor architectures. In: Asilomar Conference on Signals, Systems and Computers, vol. 1, pp. 379–384. IEEE (2003)Google Scholar
  29. 29.
    Mitra, S., McCluskey, E.J.: Which concurrent error detection scheme to choose? In: International Test Conference (ITC), pp. 985–994. IEEE (2000)Google Scholar
  30. 30.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Advances in Cryptology—EUROCRYPT’99, pp. 223–238. Springer (1999)Google Scholar
  31. 31.
    Paillier, P., Pointcheval, D.: Efficient public-key cryptosystems provably secure against active adversaries. In: Advances in Cryptology—ASIACRYPT’99, pp. 165–179. Springer (1999)Google Scholar
  32. 32.
    Prabhakaran, M., Rosulek, M.: Homomorphic encryption with CCA security. In: Automata, Languages and Programming, pp. 667–678. Springer, Berlin, Heidelberg (2008)Google Scholar
  33. 33.
    Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Computer and Communications Security (CCS), pp. 199–212. ACM (2009)Google Scholar
  34. 34.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)MathSciNetCrossRefGoogle Scholar
  35. 35.
    Robinson, R.M.: Mersenne and fermat numbers. Proc. Am. Math. Soc. 5(5), 842–846 (1954)MathSciNetCrossRefGoogle Scholar
  36. 36.
    Salim, F., Haque, U.: Urban computing in the wild: a survey on large scale participation and citizen engagement with ubiquitous computing, cyber physical systems, and internet of things. Int. J. Hum. Comput. Stud. 81, 31–48 (2015)CrossRefGoogle Scholar
  37. 37.
    Shannon, C.E.: Communication theory of secrecy systems. Bell Syst. Tech. J. 28(4), 656–715 (1949)MathSciNetCrossRefGoogle Scholar
  38. 38.
    Smart, N., Vercauteren, F.: Fully homomorphic encryption with relatively small key and ciphertext sizes. IACR Cryptol. ePrint Archive 2009, 571 (2009)zbMATHGoogle Scholar
  39. 39.
    Stehlé, D., Steinfeld, R.: Faster fully homomorphic encryption. In: Advances in Cryptology—ASIACRYPT, pp. 377–394. Springer (2010)Google Scholar
  40. 40.
    Tsoutsos, N.G., Konstantinou, C., Maniatakos, M.: Advanced techniques for designing stealthy hardware trojans. In: Design Automation Conference (DAC), pp. 1–4 (2014)Google Scholar
  41. 41.
    Tsoutsos, N.G., Maniatakos, M.: Fabrication attacks: zero-overhead malicious modifications enabling modern microprocessor privilege escalation. IEEE Trans. Emerg. Top. Comput. 2(1), 81–93 (2014)CrossRefGoogle Scholar
  42. 42.
    Tsoutsos, N.G., Maniatakos, M.: HEROIC: Homomorphically EncRypted One Instruction Computer. In: Design, Automation and Test in Europe Conference and Exhibition (DATE), pp. 1–6 (2014)Google Scholar
  43. 43.
    Tsoutsos, N.G., Maniatakos, M.: Trust no one: thwarting “heartbleed” attacks using privacy-preserving computation. In: Symposium on VLSI (ISVLSI), pp. 59–64. IEEE (2014)Google Scholar
  44. 44.
    Tsoutsos, N.G., Maniatakos, M.: The HEROIC framework: encrypted computation without shared keys. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 34(6), 875–888 (2015)CrossRefGoogle Scholar
  45. 45.
    Tsoutsos, N.G., Maniatakos, M.: Cryptographic vote-stealing attacks against a partially homomorphic e-voting architecture. In: International Conference on Computer Design (ICCD), pp. 157–160. IEEE (2016)Google Scholar
  46. 46.
    Van Dijk, M., Gentry, C., Halevi, S., Vaikuntanathan, V.: Fully homomorphic encryption over the integers. In: Advances in Cryptology—EUROCRYPT, pp. 24–43. Springer (2010)Google Scholar
  47. 47.
    Walter, C.D.: Data integrity in hardware for modular arithmetic. In: Cryptographic Hardware and Embedded Systems (CHES), pp. 204–215. Springer (2000)Google Scholar
  48. 48.
    Will, M.A., Ko, R.K.L.: Computing mod without mod. IACR Cryptol. ePrint Archive 2014, 755 (2014)Google Scholar
  49. 49.
    Yang, K., Hicks, M., Dong, Q., Austin, T., Sylvester, D.: A2: analog malicious hardware. In: IEEE Symposium on Security and Privacy (S&P). IEEE (2016)Google Scholar
  50. 50.
    Yoon, D.H., Erez, M.: Memory mapped ECC: low-cost error protection for last level caches. In: International Symposium on Computer Architecture (ISCA). ACM (2009)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Nektarios Georgios Tsoutsos
    • 1
    Email author
  • Michail Maniatakos
    • 2
  1. 1.University of DelawareNewarkUSA
  2. 2.New York UniversityAbu DhabiUAE

Personalised recommendations