The Alliance of HE and TEE to Enhance their Performance and Security

While protection of data at-rest and data in-transit can be achieved using standard algorithms and technologies, the protection of data in-use is still, to a large extent, an open issue. Homomorphic Encryption (HE) and Trusted Execution Environment (TEE) are among the most popular approaches to shield computations. The former ensures high security guarantees but it suffers from a significant overhead. The latter, instead, provides lower execution time but it is affected by security drawbacks. In this paper, we propose SOTERIA, a privacy-preserving computation solution that combines HE and TEE to mitigate their limitations. The approach foresees the execution of sensitive processing with homomorphic encryption and the usage of a TEE to perform switches between different homomorphic cryptosystems. In fact, there are different kinds of computation algorithms where the co-existence of linear and non-linear functions makes the HE-based processing even more onerous. SOTERIA is developed in the context of the ENCRYPT project and will be validated in a use case of financial data processing.