Homomorphic encryption targeted by a new side-channel attack campaign

March 15, 2022
Homomorphic Encryption Side Channel CyberAttack Campaign Data Leakage MS SEAL Vulnerability

Researchers have demonstrated the pioneer side-channel campaign on homomorphic encryption. Threat actors could abuse the side-channel attack to leak data during the ongoing encryption process.

Based on the researchers’ discovery, they can examine the data while being encrypted by monitoring the power consumption in a network inputting data for homomorphic encryption.

The data leakage attack includes a critical flaw, where it can allow hackers to recover a fragment of plaintext message being homomorphically encrypted and disabling privacy protections and solutions.

Experts explained that homomorphic encryption is an encryption algorithm that enables certain types of computation to be operated on encrypted information directly without using any decryption tool or key.

This algorithm allows anyone to share a piece of information or sensitive data with third-party services. The exchange of information is quite common to data analytics firms since it will allow the receiver to examine the data. In contrast, the underlying information stays inaccessible and encrypted to the service provider.

 

Numerous researchers believe that the true objective of homomorphic encryption is the evolution of end-to-end encrypted computation services and data storage services.

 

If experts achieve this objective, data owners can share their info with third-party sources without giving them their secret encryption keys.

Threat actors can exploit a power-based side-channel leakage for Microsoft SEAL before the patch v3.6 employs the Brakerski/Fan-Vercauteren (BFV) protocol to exfiltrate the whole message with a single power measurement.

Researchers said that the campaign abusing the SEAL vulnerability is called RevEAL and exploits the Gaussian sampling in SEAL’s encryption stage.

Microsoft SEAL version 3.6 was released in December two years ago. Its later patches utilise different sampling algorithms, while another critical flaw may impact the latest versions of the library.

The recently portrayed side-channel campaign on homomorphic encryption revealed that even the newest encryption strategies and tools are prone to cyberattacks.

About the author