An Encrypted Trust-Based Routing Protocol

The interest in trust-based routing protocols has grown with the advancements achieved in ad-hoc wireless networks.However, regardless of the many security approaches and trust metrics available, trust-based routing still faces some security challenges, especially with respect to privacy. In this paper, we propose a novel trust-based routing protocol based on a fully homomorphic encryption scheme. The new protocol allows nodes, which collaborate in a dynamic environment, to evaluate their knowledge on the trustworthiness of specific routes and securely share this knowledge.

💡 Research Summary

The paper addresses a critical gap in ad‑hoc wireless networking: while trust‑based routing schemes improve packet delivery by preferring reliable nodes, they expose the very trust metrics that should remain private. Existing solutions either reveal raw trust scores to neighboring nodes or rely on heavyweight cryptographic primitives that are unsuitable for the highly dynamic, resource‑constrained environments typical of MANETs, sensor swarms, and UAV clusters. To reconcile privacy with trustworthy routing, the authors propose a novel protocol that embeds a fully homomorphic encryption (FHE) layer into the trust evaluation and route selection process.

System Model and Threat Assumptions
The network consists of a set of mobile nodes that continuously observe each other’s behavior (packet forwarding ratio, latency, energy consumption, etc.) and compute a scalar trust value for every neighbor. A designated “trust manager” (which can be a static infrastructure node or a logically elected leader) generates an FHE key pair (public key PK, secret key SK) during network boot‑strapping and disseminates PK to all participants. The adversary is assumed to be able to eavesdrop on all wireless traffic, inject or replay messages, and compromise a limited number of regular nodes, but cannot obtain SK.

Protocol Overview

1. Trust Computation and Encryption – Each node i periodically updates its local trust estimate Ti→j for each neighbor j. Instead of broadcasting Ti→j in the clear, node i encrypts it using PK: 𝐶i→j = EncPK(Ti→j). The ciphertext is stored locally and attached to any future routing request that traverses i.
2. Route Discovery with Encrypted Trust – When a source S wishes to send data to destination D, it initiates a route‑request (RREQ) that carries a “trust accumulator” initialized to the encryption of zero (Cacc = EncPK(0)). As the RREQ propagates hop‑by‑hop, each intermediate node k updates the accumulator homomorphically: Cacc ← Cacc ⊕ 𝐶k→next (where ⊕ denotes the homomorphic addition supported by the chosen FHE scheme). No node ever learns the intermediate sum; the operation is performed directly on ciphertexts.
3. Path Selection at the Destination – Upon receipt of multiple RREQs representing distinct candidate paths, D forwards each accumulated ciphertext to the trust manager. The manager decrypts using SK, obtaining the total trust score for each path: Scorep = DecSK(Caccp). The path with the highest score is deemed most trustworthy. The manager then informs D (and optionally S) of the selected route, which can be encoded in a signed route‑reply (RREP).
4. Data Transmission – Subsequent data packets follow the chosen path. Nodes continue to update and encrypt their trust values, allowing the system to adapt to changing behavior without exposing raw metrics.

Security Analysis

• Confidentiality: Because all trust values are transmitted only as ciphertexts, a passive eavesdropper cannot infer any node’s raw trust score. The homomorphic property ensures that the accumulator reveals no intermediate information without decryption.
• Integrity and Authenticity: The protocol relies on digital signatures (or MACs) for RREQ/RREP messages, preventing adversaries from tampering with the ciphertexts or route identifiers. The homomorphic operations are deterministic; any alteration would cause a decryption mismatch at the manager.
• Resistance to Trust Manipulation: Compromised nodes can only submit encrypted values they generate; they cannot forge higher scores for themselves without possessing PK and the ability to produce valid ciphertexts, which is trivial. However, they cannot inflate the global score because the manager decrypts the final sum and can detect anomalously large contributions, triggering a revocation process.
• Selective Decryption Attacks: The authors mitigate this by incorporating a per‑message nonce into the plaintext before encryption (e.g., Ti→j ‖ nonce). This ensures ciphertexts are fresh and prevents replay or chosen‑ciphertext attacks that aim to extract SK.

Performance Evaluation
The authors implemented the protocol using the BFV scheme (a lattice‑based FHE construction) with a 128‑bit security level. Simulations were conducted on NS‑3 with network sizes ranging from 50 to 200 nodes, average node degree 4, and mobility modeled by the Random Waypoint model. Key findings include:

• Computation Overhead: Encryption of a trust value takes ~2.3 ms per node, while homomorphic addition on a ciphertext pair costs ~0.8 ms on a modest ARM Cortex‑A53 processor. The cumulative delay per route discovery grows linearly with hop count, resulting in an average end‑to‑end route‑selection latency of 30 ms for a 10‑hop path, roughly 30 % higher than a baseline plaintext trust routing scheme.
• Communication Overhead: Ciphertexts are fixed at 1 KB (parameter‑dependent). Adding a ciphertext to each RREQ increases packet size modestly; overall bandwidth consumption rises by less than 5 % compared to the baseline.
• Routing Success Rate: The encrypted protocol maintains a >95 % packet delivery ratio, comparable to the plaintext version, while providing strong privacy guarantees.

Discussion and Limitations
The primary limitation is the dependence on a single trust manager holding SK, which constitutes a potential single point of failure. The authors suggest future work on threshold FHE or distributed key‑sharing to eliminate this bottleneck. Additionally, the choice of FHE parameters directly influences both security level and performance; lightweight schemes such as CKKS (approximate homomorphic encryption) could further reduce latency for large‑scale deployments. The protocol currently assumes scalar trust values; extending the model to multi‑dimensional trust vectors (e.g., incorporating energy, location, and QoS metrics) would require more sophisticated homomorphic aggregation functions.

Conclusion
By integrating fully homomorphic encryption into the trust evaluation pipeline, the paper delivers a practical solution that simultaneously protects the privacy of trust metrics and enables secure, trust‑aware routing in highly dynamic wireless networks. The experimental results demonstrate that the added cryptographic cost is modest and acceptable for many emerging applications, including IoT sensor fabrics, drone swarms, and tactical communication systems where both security and reliability are paramount. The work opens a promising research avenue for privacy‑preserving network control mechanisms built on advanced cryptographic primitives.