CRYPTOGRAPHY

Editors: Alfred John Menezes, [email protected] | Douglas Stebila, [email protected]

Computing on Encrypted Data

Nigel Smart | KU Leuven and Zama

The ability to compute on encrypted data is fast becoming a practical reality. We discuss the progress in
four technologies which enable this: Trusted Execution Environments, Fully Homomorphic Encryption,
Multi-Party Computation and Zero-Knowledge Proofs.

T raditionally, cryptography has

been used to secure data while
we move them from one location to
another. For example, consider the
use of the Enigma machine during
World War II or the now ubiquitous
use of Transport Layer Security to
secure Internet traffic. This is often

called securing data in transit. A
more modern idea has also been to
secure data while they are sitting in
one location. Here, one can think of
the (almost) ubiquitous use of hard
disk encryption on company lap-
tops and smartphones. We call such
methods ways of securing the data
when they are at rest.
However, these two forms of
securing data, when they are in tran-
sit and when they are at rest, do not
secure data when they have their
highest value: namely, when we are
actually using them. There is now
a series of technologies that aim to
secure data while they are “in use”:
methods to perform what has been
dubbed computing on encrypted data
(COED). Such COED techniques
form one part of what have been
called privacy-enhancing technologies
(PETs). PETs are, however, a very
wide class of techniques, which can
include statistical methods such as
differential privacy, synthetic data,
Digital Object Identifier 10.1109/MSEC.2023.3279517
Date of current version: 16 July 2023
and federated learning. On the other
hand, COED technologies have a
wider application than simply ensur-
ing the privacy of users. As COED
technologies become more widely
used and deployed, in this article, we
explore what they are and how they
can be used in applications.
COED technologies use some
form of encryption to maintain the
security of the data. However, the
encryption method is used in a way
that enables computation to be per-
formed on the data while they remain
in encrypted form. Here, we use the
term encryption quite loosely as, tech-
nically speaking, the encryption may
not actually be encryption as one is
used to the term usually being used;
for example, we also think of secret
sharing used in multi-party computa-
tion (MPC) discussed later as a form
of “encryption.”
©SHUTTERSTOCK.COM/ZINETRON
Trusted Execution
Environments
The simplest form of COED tech-
nology is that of trusted execu-
tion environments (TEEs), such
as Intel’s SGX or TDX technology
or ARM’s TrustZone technology.
Here, data are encrypted when they
are outside of the microprocessor.
When the data enter the micropro-
cessor, the data are decrypted, and
computations within the micropro-
cessor happen on the unencrypted
data. Then, when the data leave the
processor, the data are reencrypted
for storage. Thus, the only place the
data are unencrypted is when they
are within the hardware itself. This
technology allows arbitrary pro-
grams to be run on the encrypted
data. Complexity comes from ensur-
ing that only valid programs are exe-
cuted on the data, that is, that the

thorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY BHILAI. Downloaded on July 31,2023 at 17:11:14 UTC from IEEE Xplore. Restrictions apply.
94 July/August 2023 Copublished by the IEEE Computer and Reliability Societies  1540-7993/23©2023IEEE
 data owner authorizes the hardware
to execute the programs it wants to
be executed and not the other ones.
TEEs are a relatively simple solu-
tion to deploy for privacy-preserving
computations that has resulted in
a number of companies market-
ing solutions in this space. As well
as the main larger companies, there
are smaller companies offering spe-
cific tailored solutions to various use
cases using TEEs: for example, Cape
Privacy, Cosmian, and Anjuna.
A potential problem for TEE
technology is inherent in the design
of modern processors. To achieve
efficiency, modern processors imple-
ment various techniques to improve
performance: for example, deep pipe-
lines, out-of-order execution, specula-
tive execution, and so forth. Each of
these creates power (or timing) sig-
nals that an external observer can use
to “see” what is happening inside the
processor. Thus, as the TEE technol-
ogy executes the program internally
on the data in the clear, the external
observer can deduce information
about the data hidden within the
hardware. This creates a form of side
channel, which has been exploited
in the laboratory to extract infor-
mation from inside the TEE. These
are not just theoretical exploits; in
2022, such attacks were shown to
be possible (https://sgx.fail) on the
use of SGX in the Secret Network
(a blockchain application) and the
use of SGX in ultra-high-definition
Blu-Ray players.
Homomorphic Encryption
Interestingly, the idea of encrypting
data as they enter and leave a pro-
cessor was suggested as a means of
COED back in a seminal article in
the 1970s, namely one by Rivest et
al.1 This article considered that such
technologies would be too slow
since, at the time, hardware decryp-
tion via the (then) state-of-the-art
algorithm Data Encryption Stan-
dard ( D E S) w a s particularly
slow compared to the execution
thorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY BHILAI. Downloaded on July 31,2023 at 17:11:14 UTC from IEEE Xplore. Restrictions apply.
www.computer.org/security
of a processor. Nowadays, the Ad-
vanced Encryption Standard en-
cryption (the modern replacement
for DES) of data entering and exit-
ing a processor is fast compared to
the time it takes to actually get the
data in and out in the first place! In-
stead of processing data via trusted
hardware, Rivest et al. introduced
the idea of using encryption on
standard processors to process data.
They considered a form of encryp-
tion that they called privacy homo-
morphisms but that we now call fully
homomorphic encryption (FHE). They
imagined an encryption scheme
that would encrypt data but that
would allow a third party to take
two ciphertexts, encrypting, say, x
and y and allowing the third party to
create a ciphertext encrypting the
sum x + y and another procedure
allowing the third party to encrypt
the product x*y. More precisely, in
FHE, there exist two publicly com-
putable functions, Add and Mult,
with the following properties:
Dec (Mult (Enc(x), Enc(y))) = x * y
Dec (Add (Enc(x), Enc(y))) = x + y.
Once one can perform addi-
tions and multiplications, the third
party can then compute any arbi-
trary function on the encrypted
data, obtaining an encrypted result.
When the final result is needed, one
would return the ciphertext to the
holder of the decryption key, who
would then obtain the result.
Such FHE schemes were a pipe
dream until 2009, when Craig
Gentry, a Ph.D. student at Stan-
ford, came up with a construction.2
Gentry’s original scheme was very
inefficient, but in the years that fol-
lowed, great strides have been taken
that now make FHE practical.
A simplification of FHE is the
so-called somewhat homomorphic
encryption (SHE). In an FHE scheme,
one can continue adding and multi-
plying ciphertexts to one’s heart’s
content. In an SHE scheme, there
is a limit as to the complexity of the
function one can compute with such
operations. For example, one may
be only able to compute a function
of degree 1,024. Gentry’s key insight
was that if the algorithm used by the
decryptor is simple enough, then
one can turn an SHE scheme into an
FHE scheme using a process known
as bootstrapping.
Current commercial applica-
tions divide into those that use
bootstrapping, and hence use an
FHE scheme, and those that do
not, and hence use an SHE scheme.
Those that use SHE are usually tar-
geting very specific applications,
where the function being computed
is particularly simple. The reason
for using SHE as opposed to FHE
is that, until recently, computing
the bootstrapping operation was
costly. In the last few years, a new
form of FHE has come along, called
Torus-FHE (TFHE),3 which has an
efficient bootstrapping operation.
Indeed, the bootstrapping opera-
tion with TFHE is so fast that one
can execute thousands of boot-
strapping operations per second. In
addition, during the bootstrapping
operation, one can execute a lookup
table evaluation for free. This
lookup table needs to be relatively
small, but it can be any lookup table
one wants. This so-called program-
mable bootstrapping enables a much
richer function description, which
does not just use additions and mul-
tiplications, again leading to huge
performance advantages.
SHE and FHE are already used in
a number of applications, with more
applications coming on stream. A major
high-profile usage is the use of SHE
within Microsoft’s Edge browser in
the Password Monitor (https://www.
microsoft.com/en-us/research/blog/
password-monitor-safeguarding
-passwords-in-microsoft-edge/).
There is a range of startup companies
building products, including Crypto-
Lab, Desilo, Duality, Enveil, Inpher,
Ravel, Tune Insight, and Zama. In
95
 CRYPTOGRAPHY

terms of tooling, Google is building without interacting. Namely, each parties do not deviate from the pro-
a cross-compiler that takes arbitrary party just computes tocol, then the bad parties learn no
C++ code and transforms it into a information about the good parties’
format suitable for usage within some zi = xi + yi . input data (so-called semihonest secu-
of these companies’ back ends. There rity). We then have to consider what
is still perhaps a 1,000-fold perfor- The cool thing in MPC is that happens if a subset of the bad parties
mance gap between processing data one can design protocols that enable deviates from the protocol—what
in the clear and processing them the parties to also be able to produce should happen then? The answer
securely using FHE, but this gap is sharings of the product. Thus, using depends on the protocol being used
closing. A major performance boost interaction, the parties are able to and the application.
is due to come in the next couple of compute arbitrary functions on their
years as a number of companies, for secret shared data. ■■ In the strongest situation, we
example, Chain Reaction, Cornami, The aforementioned gives would like not only the secrecy
Kioxia, Intel, Niobium, and Optaly- a simple variant of secret shar- of the good parties’ inputs to be
sys, are looking into producing hard- ing; however, in practice, one uses retained, but we would also like the
ware accelerators for some of the more complex variants that pro- good parties to still be able to com-
FHE schemes. vide additional properties, such as pute the function. This is called
the authentication of the shares, or robust MPC and is only possible
MPC weaken the requirement that all par- when there is a majority of hon-
Our third COED technology takes ties are needed to reconstruct the est parties. It is relatively hard to
a different route to enable computa- secret to a smaller subset of the par- obtain in a highly efficient manner.
tion on secret data. Instead of relying ties. We divide the parties perform- ■■ The next strongest situation again
on hardware or a com- protects the secrecy of
plex encryption scheme, SHE and FHE are already used in a the good parties, but we
in MPC, we utilize dif- would like the good par-
number of applications, with more
ferent self-interested ties to abort the com-
parties to ensure secu- applications coming on stream. putation if a bad party
rity. MPC makes a lot does something wrong.
of sense when one has a situation ing the operation into good and bad This is called security with abort.
where two (or more) companies parties with the restriction that the When such an abort happens, the
want to process functions on their number of bad parties cannot be good parties’ input data remain
joint data. The basic idea is that large enough to reconstruct the data private to those parties. In modern
each item of data is “shared” among on their own. protocols, this can be obtained
the parties. So imagine that we have Just like FHE, the idea of MPC at very little additional cost to the
three parties; then, we take each data is very old, with the early theoretical basic semihonest security men-
value x and then write it as work going back to the 1980s (see tioned previously.
Yao,4 Ben-Or et al.,5 and Chaum
x = x1 + x1 + x3. et al.6 among many, many other arti- There are a number of companies
cles). It was not until the mid-2000s, offering MPC solutions for bringing
The value xi is given to party Pi . however, that it became efficient parties’ data together in a secure man-
It is clear (assuming that the split- enough to be used in practice. The ner; these include CipherMode Labs,
ting has been done in a suitable first (and most famous) deployment Cybernetica, Inpher, Roseman Labs,
random manner) that it requires all was that used to evaluate a secure and Partisia. Even large companies
three parties to come together to auction for the Danish sugar beet are using MPC in applications; for
recover the correct value of x. Thus, industry (https://partisia.com/ example, Meta is using it to secure
we can consider secret sharing to be better-market-solutions/mpc-goes parts of its ad ecosystem (https://
a form of encryption. We write [x] -live/). Since then, the technology privacytech.fb.com/multi-party
to denote that the value x has been has improved dramatically. -computation/), and Google is
secretly shared. The security properties of MPC also investigating similar areas
Such a secret sharing scheme has are quite subtle. First, we require (https://ece.princeton.edu/events/
the nice property that, given shar- that if all the parties are honest, secure-multiparty-computation
ings [x] and [y] of two data items then the correct function will be -theory-google).
x and y, the parties can produce computed (this is called correctness). An interesting use case of MPC
a sharing [z] = [x + y] of z = x + y Second, we require that if the bad is not to bring data from different

thorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY BHILAI. Downloaded on July 31,2023 at 17:11:14 UTC from IEEE Xplore. Restrictions apply.
96 IEEE Security & Privacy July/August 2023
 parties together but to split the data
one party owns into many differ-
ent shares. This means that one no
longer stores the data in one place,
leading to a single point of failure,
but instead, one distributes the
data to different servers within the
organization (or to different cloud
providers). Thus, an attacker needs
to compromise multiple different
machines to access the data. In the
area of purely data storage, solutions
using secret sharing for this appli-
cation are offered by Astran and
Fragmentix.
This idea of data splitting to
achieve enhanced security is also
found in the area of cryptography
called threshold cryptography, whereby
one secret-shares the secret keys
associated with signing or decryp-
tion operations, and then, one executes
the cryptographic operations without
reconstituting the key using the tech-
niques of MPC. This idea, again an
old one,7 has taken off in the last few
years due to the need to secure the
signing keys associated with crypto-
currency wallets; examples include
Curv (bought by PayPal in 2021),
DFNS, Fireblocks, Sepior (bought by
Blockdaemon in 2022), and Unbound
Security (bought by Coinbase in
2022). In 2023, the U.S. National
Institution for Standards and Technol-
ogy (NIST) announced a specific new
call for cryptographic algorithms that
support such threshold cryptography
(https://csrc.nist.gov/Projects/
threshold-cryptography).
Zero-Knowledge Proofs
Another old technique from the
1980s that is coming to the fore due
to its applications in cryptocurrencies
and beyond is that of zero-knowledge
proofs (ZKPs). Originally invented
in the late 1980s,8 ZKPs allow one
party to prove to another that it knows
some secret data x such that y = F(x),
for a public value of y and a function
F, without revealing to the verifying
party anything about x. Such protocols
form the basis of most digital signature
thorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY BHILAI. Downloaded on July 31,2023 at 17:11:14 UTC from IEEE Xplore. Restrictions apply.
www.computer.org/security
schemes and the kind of identification
schemes one uses to access buildings
and computers using secure tokens.
For these simple (and relatively old)
applications, the complexity of the
function F is quite limited.
What has changed in the last 10
years is that the complexity of the
function F that such ZKP systems
can support has increased dramati-
cally. This has led to a zoo of dif-
ferent proof systems with various
properties, for example, succinct
non-interactive arguments of knowl-
edge (SNARKs),9 scalable trans-
parent arguments of knowledge
(STARKs),10 Bullet-Proofs,11 and
so on. A weaker notion of verifiable
computation (VC)10 enables one
party to prove it computed the given
function F(x) without keeping the
value x necessarily secret.
To see the utility of such ZKP
and VC systems, consider a com-
pany outsourcing a computation to
a cloud service provider. The com-
pany would like to know whether
the cloud provider actually com-
puted the function correctly, and
with VC technology, this can be
done. In particular, the “proof ”
provided by the cloud provider is
quicker to verify than the computa-
tion needed to be performed (oth-
erwise there would be no point in
outsourcing). In this application, as
the verifier knows x and F and sub-
sequently learns y; we do not need
the zero-knowledge property and so
can just use a VC system.
The zero-knowledge property
becomes useful when you wish to
execute a function and have the
evaluation verified by parties who
you do not wish to have access to
the original data. For example, one
could be randomly shuffling a set
of transactions in a way such that
one does not want the verifier to
link a specific input transaction
with a specific output transaction,
but the verifier wants to know that
the set that is output corresponds
in a one-to-one way with the set
that was input. This use of ZKPs
forms the basis of the Zcash proto-
col (https://zips.z.cash/protocol/
protocol.pdf).
ZKP finds widespread use in
blockchains, beyond the application
to Zcash. Indeed, ZKPs enable a key
feature of performance improve-
ment in blockchain ecosystems. A
set of transactions (or operations
on the blockchain) can be bundled
up and proved to be correct via a
ZKP. Then, only the small final
ZKP needs to be committed to the
blockchain by the entity doing the
bundling. All the validators (and
external users) know that the bun-
dling was done correctly due to the
ZKP. However, since the proof
is small and can be cheaply veri-
fied, the cost of adding the bundle
of transactions to the blockchain is
cheaper than adding each transac-
tion individually. The leading pro-
vider of such ZKPs to the blockchain
space is the company StarkWare.
This application to blockchains
is drawing a lot of interest. A major
problem is that while proof veri-
fication times for SNARKs and
STARKs are very fast and the proof
size can be relatively small, the time
to generate the proof can be pro-
hibitively long in some applications.
Just as in the FHE space, companies
are also starting to look into spe-
cific hardware accelerator engines
for speeding up the generation of
ZKPs: for example, Chain Reaction,
Cysic, and Ingonyama.
Combining Together
One should not think that these
four technologies—TEE, FHE,
MPC, and ZKPs—should be used
separately and are mutually exclu-
sive. In practice, an application may
want (and indeed need) to combine
them together.
■■ A TEE provides a strong attesta-
tion that a specific piece of code
was executed, but it has problems
with side-channel leakage. Thus,
97
 CRYPTOGRAPHY
some companies have utilized
MPC protocols where each party
is executed on a separate TEE.
■■ FHE provides communication-
efficient secure computation in
comparison with MPC, but the
need for a single decryption key
may be a limiting factor in some
applications. Thus, one can com-
pute the function securely using
FHE and then perform a threshold
decryption operation using MPC.
■■ In (public key) FHE, a poten-
tial attack vector is for a party to
enter an invalid ciphertext. How-
ever, providing a ZKP with every
input ciphertext, which proves it
is a valid encryption, avoids such
attack vectors.
■■ Some ZKP systems, and in par-
ticular, the one used by Zcash
mentioned previously, require
a so-called trusted setup. Such
trusted setups create data that are
used by the ZKP system, but if the
random values used in the trusted
setup ever leak, then the security
of the ZKP is broken. Hence, some
ZKP applications in the real world
create a trusted setup ceremony in
which the setup algorithm is exe-
cuted via MPC between a number
of parties. The most famous exam-
ple of such a ceremony is the one
performed by Zcash.
Amazon Web Services (AWS)
has recently launched its AWS
Clean Rooms to enable AWS cus-
tomers to collaborate and share data
across organizations. AWS Clean
Rooms claims to combine various
privacy-preserving technologies,
including MPC and FHE, to ensure
the security of customers’ data.
C OED technologies have come
a long way since their theo-
retical conception in the 1970s and
1980s. We are now on the cusp of
a paradigm shift in cryptography,
away from considering secure data
[email protected]
.
thorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY BHILAI. Downloaded on July 31,2023 at 17:11:14 UTC from IEEE Xplore. Restrictions apply.
98 IEEE Security & Privacy
in transit and at rest and toward a
world in which data are secured
while in use. The use, deployment,
and marketing of these technolo-
gies are rapidly expanding. In the
next 10 years, we will see the idea
of securing data during use becom-
ing as standard as assuming that our
Internet connection is encrypted.
References
1. R. L. Rivest, L. Adleman, and M.
L. Dertouzos, “On data banks and
privacy homomorphisms,” in Foun-
dations of Secure Computation, New
York, NY, USA: Academic, 1978, pp.
169–179.
2. C. Gentry, “Fully homomorphic
encryption using ideal lattices,” in
Proc. 41st ACM Symp. Theory Comput.
(STOC), 2009, pp. 169–178, doi:
10.1145/1536414.1536440.
3. I. Chillotti, N. Gama, M. Georgieva,
and M. Izabachène, “TFHE: Fast
fully homomorphic encryption
over the torus,” J. Cryptology, vol.
33, no. 1, pp. 34–91, Jan. 2020, doi:
10.1007/s00145-019-09319-x.
4. A. C.-C. Yao, “Protocols for secure
computations,” in Proc. 23rd IEEE
Symp. Found. Comput. Sci. (FOCS),
1982, pp. 160–164, doi: 10.1109/
SFCS.1982.38.
5. M. Ben-Or, M. Shafi Goldwasser,
and A. Wigderson, “Completeness
theorems for non-cryptographic
fault-tolerant distributed compu-
tation,” in Proc. 20th ACM Symp.
Theory Comput. (STOC), 1988, pp.
1–10, doi: 10.1145/62212.62213.
6. D. Chaum, C. Crépeau, and I.
Damgård, “Multiparty uncon-
ditionally secure protocols,” in
Proc. 20th ACM Symp. Theory Com-
put. (STOC), 1988, pp. 11–19, doi:
10.1145/62212.62214.
7. A. De Santis, Y. Desmedt, Y. Frankel,
and M. Yung, “How to share a function
securely,” in Proc. 26th ACM Symp. The-
ory Comput. (STOC), 1994, pp. 522–
533, doi: 10.1145/195058.195405.
8. S. Goldwasser, S. Micali, and
C. R ackof f , “ The know ledge
complexity of interactive proof
systems,” SIAM J. Comput., vol. 18,
no. 1, pp. 186–208, Feb. 1989, doi:
10.1137/0218012.
9. N. Bitansky, R. Canetti, A. Chiesa, and
E. Tromer, “From extractable collision
resistance to succinct non-interactive
arguments of knowledge, and back
again,” in Proc. Innov. Theor. Com-
put. Sci. Conf., 2012, pp. 326–349, doi:
10.1145/2090236.2090263.
10. E. Ben-Sasson, I. Bentov, Y. Horesh,
and M. Riabzev, “Scalable zero
knowledge with no trusted setup,”
in Proc. Adv. Cryptology (CRYPTO),
2019, vol. 3, pp. 701–732.
11. B. Bünz, J. Bootle, D. Boneh, A.
Poelstra, P. Wuille, and G. Maxwell,
“Bulletproofs: Short proofs for con-
fidential transactions and more,”
in Proc. IEEE Symp. Secur. Privacy,
2018, pp. 315–334, doi: 10.1109/
SP.2018.00020.
12. R. Gennaro, C. Gentry, and B.
Parno, “Non-interactive verifiable
computing: Outsourcing computa-
tion to untrusted workers,” in Proc.
Adv. Cryptology (CRYPTO), 2010,
pp. 465–482.
Nigel Smart is a cryptographer, a
professor at imec-COSIC, KU
Leuven, 3001 Leuven, Belgium,
and the chief academic officer at
Zama, 75002 Paris, France. His
research interests include turning
theoretical cryptographic ideas
into practical solutions. Over the
last 10 years, his work has focused
on fully homomorphic encryp-
tion and multi-party computation.
Smart received a Ph.D. in mathe-
matics from the University of Kent.
He was a founder of the startup
Identum, which was bought by
Trend Micro in 2008. In 2013,
he cofounded Unbound Secu-
rity, which was sold to Coinbase
in 2022. He is also the cofounder,
along with Kenny Paterson, of the
Real World Cryptography confer-
ence series. Contact him at nigel.
July/August 2023