Here we attach our performance evaluation:
1. Motivation
To thoroughly assess the performance and effectiveness of FHE-DKSAP, we analyse SAP computation time and storage of the generated stealth addresses. Specifically, we evaluated the stealth address generation process using three different setups: DK-SAP (Plain), HE-DKSAP (Pallier), and FHE-DKSAP(Concrete). We found that FHE-DKSAP achieves advantage by striking a balance between computational complexity and efficiency, ensuring efficient processing while maintaining a secure and private transaction environment.
2. Environment setup:
Processor: Linux, 2.3 GHz Quad-Core Intel Core i5; Memory: 8 GB 2133 MHz LPDDR3
Python Version 3.9
Python-Paillier 1.2.2
Concrete: zamafhe/concrete-python:v2.0.0
3. Computation Time Benchmark:
| DK-SAP (Plain) | HE-DKSAP-Pallier | FHE-DKSAP-Concrete | |
|---|---|---|---|
| Average 100 times (s) | 0.019381137 | 0.445608739 | 0.035593492 |
| Max (s) | 0.022189946 | 0.98295696 | 0.050955667 |
| Min (s) | 0.017513547 | 0.108804308 | 0.028709731 |
We summarize as follows:
-
DK-SAP excels in computational speed due to its lack of privacy-preserving encryption.
-
HE-DKSAP-Paillier balances enhanced data privacy with longer computational time due to the intricate encryption and decryption of the Paillier scheme, which is around 20 times slower compared to the plain scheme.
-
FHE-DKSAP-Concrete is slightly slower than unencrypted DK-SAP but notably faster than HE-DKSAP-Paillier. This efficiency is thanks to its implementation in the RUST programming language, highlighting the importance of suitable tools for execution.
4. On-Chain Storage Benchmark:
DK-SAP Plain:
| Information on chain | Bits | Example |
|---|---|---|
| PK_scan | 160 | (0x86b1aa5120f079594348c67647679e7ac4c365b2c01330db782b0ba611c1d677, 0x5f4376a23eed633657a90f385ba21068ed7e29859a7fab09e953cc5b3e89beba) |
| PK_spent | 160 | |
| R (public key of Alice) | 160 |
HE-DKSAP-Paillier:
| Information on chain | Bits | Example |
|---|---|---|
| PK_bob | 160 | (0x86b1aa5120f079594348c67647679e7ac4c365b2c01330db782b0ba611c1d677, 0x5f4376a23eed633657a90f385ba21068ed7e29859a7fab09e953cc5b3e89beba) |
| PK_fhe_bob | 128 | 192ace432e |
| C1 | 48 | 0x7faf7cf217c0 |
FHE-DKSAP-Concrete
| Information on chain | Bits | Example |
|---|---|---|
| PK_bob | 160 | (0x86b1aa5120f079594348c67647679e7ac4c365b2c01330db782b0ba611c1d677, 0x5f4376a23eed633657a90f385ba21068ed7e29859a7fab09e953cc5b3e89beba) |
| PK_fhe_bob | 128 | hi+SltsSwYnILVvNl5mFp+jbKJnlxwg7r7g1DGr8QQs= |
| C1 | NA* | NA* |
NA*: The outcomes are contingent upon the specific FHE schemes adopted by the Concrete library.
We can see both HE-DKSAP-Paillier and FHE-DKSAP-Concrete consume less storage than DK-SAP Plain.
5. Analysis
From our performance testing, we have identified the key advantages of FHE-DKSAP:
-
Protection Against Quantum Computing Attacks: It’s worth noting that FHE schemes like BGV, BFV, and CKKS are built upon learning with error assumptions, inherently fortifying our FHE-DKSAP against potential quantum computing attacks.
-
Key Reusability: The process of generating the Stealth Address (SA) hinges on the public keys of both parties involved. Yet, should Alice decide to alter her key pair, it results in a distinct SA. This, in turn, allows for the potential reusability of Bob’s key pair.
-
Optimized Computation Time: The off-chain computation of the stealth address using FHE-DPSAP proves to be acceptable in terms of computation time.
-
Minimal Storage Footprint: FHE-based DK-SAP demonstrates an advantage in terms of storage efficiency on the chain, which is considerably smaller than that of the plain DK-SAP method.