GlitchFHE: Attacking Fully Homomorphic Encryption Using Fault Injection

Fully homomorphic encryption (FHE) enables outsourced computation on encrypted data, thereby ensuring confidentiality by design. However, a critical vulnerability remains for FHE: cloud-based adversaries could tamper with the encrypted data itself, undermining the integrity of FHE applications. Fault-injection attacks (FIAs) are particularly concerning, as they allow attackers to directly manipulate the encrypted data during computation within FHE hardware.

Here, we present the first in-depth study of FIAs on FHE accelerators. We identify and overcome key challenges for such attacks, namely (i) understanding when and where to glitch encrypted data across different FHE applications and formats, (ii) limiting the number of required faults, and (iii) controlling the errors' impact on the final, decrypted output. We develop GlitchFHE, an analytical framework that guides toward such adversarial security assessment of FHE applications against FIAs. We run through a set of timely and relevant case studies, covering established applications like image processing, neural networks, and polynomial evaluation, for the prominent CKKS and BFV schemes, both at the analytical/software level and the physical/real-world level. Ultimately, we show that attacks on data integrity are a serious threat for FHE. Our work is equally relevant for real-world attackers and to educate FHE developers on this largely overlooked threat. We release GlitchFHE and our case studies at https://doi.org/10.5281/zenodo.15615934.