Can you guard against forged outputs? If you give me a program ciphertext and the public keys, I can simply encrypt a bogus answer and hand it back to you...
...but, if you interleave your Brainfuck program with, say, (classical) encryption of a canary constant, then you can check the canary constant when you decrypt the result, and you have high assurance that the computation is genuine - an attacker couldn't distinguish canary operations from real code, though you'd have to scatter the output bytes uniformly in the output. This scheme is a bit like obfuscation inside FHE.
- Is there a more efficient way to securely tamper-proof your results?
- How robust is this (or your own) scheme against a small number of adversarial bit flippings?
(Note that adversaries can mutate arbitrary bits via BlindRotate() in NuFHE/other TLWE schemes, they just can't extract the plaintext value (though they can set it, for example by NANDing.)
...but, if you interleave your Brainfuck program with, say, (classical) encryption of a canary constant, then you can check the canary constant when you decrypt the result, and you have high assurance that the computation is genuine - an attacker couldn't distinguish canary operations from real code, though you'd have to scatter the output bytes uniformly in the output. This scheme is a bit like obfuscation inside FHE.
- Is there a more efficient way to securely tamper-proof your results?
- How robust is this (or your own) scheme against a small number of adversarial bit flippings?
(Note that adversaries can mutate arbitrary bits via BlindRotate() in NuFHE/other TLWE schemes, they just can't extract the plaintext value (though they can set it, for example by NANDing.)