On the use of homomorphic encryption to secure cloud computing, services, and routing protocols

The trend towards delegating data processing to a remote party raises major concerns related to privacy violations for both end-users and service providers. These concerns have attracted the attention of the research community, and several techniques have been proposed to protect against malicious parties by providing secure communication protocols. Most of the proposed techniques, however, require the involvement of a third party, and this by itself can be viewed as another security concern. These security breaches can be avoided by following a new approach that depends on data sorted, managed, and stored in encrypted form at the remote servers. To realize such an approach, the encryption cryptosystem must support algebraic operations over encrypted data. This cryptosystem can be effective in protecting data and supporting the construction of programs that can process encrypted input and produce encrypted output. In fact, the latter programs do not decrypt the input, and therefore, they can be run by an un-trusted party without revealing their data and internal states. Furthermore, such programs prove to be practical in situations where we need to outsource private computations, especially in the context of cloud computing. Homomorphic cryptosystems are perfectly aligned with these objectives as they are a strong foundation for schemes that allow a blind processing of encrypted data without the need to decrypt them. In this dissertation we rely on homomorphic encryption schemes to secure cloud computing, services and routing protocols. We design several circuits that allow for the blind processing and management of data such that malicious parties are denied access to sensitive information. We select five areas to apply our models to. These models are easily customized for many other areas. We also provide prototypes that we use to study the performance and robustness of our models.

💡 Research Summary

The paper addresses the growing privacy concerns that arise when users and service providers outsource data processing to remote, potentially untrusted, cloud servers. Traditional cryptographic solutions typically protect data in transit but require decryption before computation, re‑introducing a trust dependency on the server. To eliminate this reliance, the authors adopt homomorphic encryption (HE), a class of cryptosystems that permit algebraic operations directly on ciphertexts, thereby enabling “blind” computation: the server can manipulate encrypted inputs and produce encrypted outputs without ever seeing the underlying plaintexts.

The authors first review the theoretical foundations of partially and fully homomorphic encryption, focusing on the BFV and CKKS schemes, which are currently the most practical for real‑world workloads. They discuss the inherent challenges of noise growth, relinearization, and bootstrapping, and describe how these mechanisms are integrated into circuit design to keep the noise within decryptable bounds while supporting deep computational graphs.

A central contribution is the systematic construction of a library of homomorphic circuits that implement common primitives needed for cloud services and network routing. Five application domains are selected to demonstrate the versatility of the approach:

1. Privacy‑Preserving Search – A homomorphic keyword‑matching circuit that operates on encrypted indexes, returning only the encrypted search result.
2. Encrypted Machine‑Learning Inference – Linear models (e.g., linear regression, logistic regression) are evaluated on ciphertexts, preserving model accuracy while keeping both inputs and model parameters confidential.
3. Encrypted Workflow Orchestration – Dependency checking and scheduling decisions are performed on encrypted task descriptors, allowing a cloud orchestrator to allocate resources without learning the logical structure of the workflow.
4. Encrypted Integrity Verification – A homomorphic Merkle‑tree construction that enables verification of file integrity without exposing file hashes or contents.
5. Encrypted Routing Protocols – A shortest‑path computation performed on an encrypted network topology, ensuring that routing decisions do not leak topology or traffic information.

The prototypes are built using the Microsoft SEAL and PALISADE libraries, compiled in C++, and executed on an 8‑core CPU with 32 GB RAM. Performance metrics include execution time, communication overhead, noise‑refresh frequency, and, where applicable, prediction accuracy. Results show that while homomorphic versions incur a slowdown (typically 2–3× for search and routing, 5–7× for inference), they achieve negligible loss in functional correctness (e.g., <0.2 % accuracy drop for ML inference) and provide strong confidentiality guarantees. Notably, the routing prototype adds about 150 ms of latency compared with plaintext Dijkstra, but completely hides the underlying graph from the router.

The discussion acknowledges remaining limitations: bootstrapping remains costly, noise management restricts circuit depth, and the current implementations rely on CPU‑only execution. The authors suggest future work on hardware acceleration (GPU, FPGA, ASIC), more sophisticated key‑management schemes for multi‑tenant environments, and extending the circuit library to support non‑linear models and dynamic network conditions.

In conclusion, the dissertation demonstrates that homomorphic encryption can be practically integrated into cloud computing services and routing protocols, offering a concrete pathway to “trust‑free” outsourcing of sensitive computations. By providing detailed circuit designs, prototype implementations, and thorough performance evaluations across five distinct domains, the work establishes a solid foundation for further research and commercial deployment of privacy‑preserving cloud infrastructures.