Authors:
Nges Brian Njungle
1
;
Milan Stojkov
2
and
Michel A. Kinsy
1
Affiliations:
1
STAM Center, Ira A. Fulton Schools of Engineering, Arizona State University, 85281, U.S.A.
;
2
Faculty of Technical Sciences, University of Novi Sad, Serbia
Keyword(s):
Open-Source Software, Advanced Cryptography, Homomorphic Encryption, Security and Performance Analysis.
Abstract:
Homomorphic Encryption (HE) is a rapidly evolving field in secure computation, offering very strong security guarantees in privacy-preserving data processing. A large number of commercial systems that prioritize privacy depend on open-source HE libraries to ensure secure and confidential computation. However, the security of these open-source libraries remains questionable, as they do not demonstrate strong security assurances, such as formal verification, in their development process. In this work, we investigate security vulnerabilities and the efficiency of the implementations of the four main HE schemes in the most commonly used open-source HE libraries. To analyze security, we employ the SafeRewrite open-source dynamic analysis tool, which uses symbolic execution techniques to validate code correctness. The study reveals several security vulnerabilities, errors, and warnings in all of the libraries. In terms of performance, we assess the latency and scalability of the fundamenta
l HE operations in these libraries. The results indicate that the Cheon-Kim-Kim-Song (CKKS) scheme is the fastest HE scheme, whereas OpenFHE is, on average, the best-performing HE library. Overall, this research underscores the significance of using secure development approaches and frameworks in implementing HE algorithms to ensure stronger security guarantees and correctness while minimizing performance impacts.
(More)