Thwarting covert adversaries in FHE pipelines

Fully Homomorphic Encryption (FHE) enables computations to be executed directly on encrypted data without decryption, thus it is becoming an auspicious solution to protect the confidentiality of sensitive data without impeding its usability for the purpose of analytics. While many practical systems rely on FHE to achieve strong privacy guarantees, their constructions only consider an honest-but-curious threat model by default, FHE provides no guarantees that the cryptographic material has been honestly generated nor that the computation was executed correctly on the encrypted data. In particular, in multiparty settings with numerous clients providing data and one or several servers performing the computation, this threat-model becomes even less realistic. Only recently, the cryptographic community has started analysing the guarantees of FHE under stronger adversaries and proposed solutions tailored to the malicious threat-model, however these efforts have remained theoretical and not applicable to real-life scenarios.In our work, we aim at reducing this gap by considering covert adversaries that are malicious but rational (i.e., they do not want to be detected when cheating) and we build different systems that protect the FHE pipeline against such entities. We first propose an efficient solution to prove the correctness of homomorphic operations performed by a server without compromising the expressiveness of the FHE scheme. Then, we propose different protocols to secure input verification and correct encryption in settings where the client encrypting its data is not trusted. Our constructions provide baselines to evaluate the impact of the threat model change in FHE pipelines with real-life implementation constraints.