Practical data-in-use protection using binary decision diagrams

Abstract

Protection of data-in-use, contrary to the protection of data-at-rest or data-in-transit, remains a challenge. Cryptography advances such as Fully Homomorphic Encryption (FHE) provide theoretical, albeit impractical, solutions to functionally-complete computation over encrypted operands, necessary for general-purpose computation. In this work, we propose a practical data-in-use protection mechanism that, contrary to application-specific homomorphic encryption approaches, focuses on arbitrary computation native to established programming languages, such as C++. Therefore, our work provides a more efficient alternative to FHE schemes that can be used for general-purpose computation. Specifically, we use Binary Decision Diagrams (BDD) to transform high-level programming operations to their equivalents working on protected data. To automate this, we develop a framework that allows automatic conversion of program expressions over encrypted operands into efficient circuits that are reduced using BDDs and can simulate corresponding composed operations. Our experimental results show that our methodology is orders of magnitude faster than state-of-the-art FHE schemes and enables execution of real C++ applications with practical overheads. Our framework is complemented with security analysis proving resistance to different attack methods.