CKKS accelerators are starting to embed on-die integrity checkers and precision-budget gauges. None of those monitors hold the secret key. So what can they actually see? We give a three-region decomposition — content is masked under RLWE, the coarse budget signal is public metadata, public relations are verifiable by a Freivalds-style projection — and prove a completeness theorem that upper-bounds any efficient key-free observer's view by a simulator over the metadata plus a local deviation transcript.
A design rule for CKKS hardware monitors, derived from a three-region information decomposition
CKKS is the dominant scheme for encrypted arithmetic on real numbers (FHE inference, encrypted analytics). New hardware accelerators ship on-die monitors: integrity checkers that watch for faulty datapath stages, and budget gauges that estimate when the multiplicative precision is being exhausted. None of these monitors are allowed to see the secret key. The question this paper answers is: what can such a monitor actually learn?
We split the monitor's view into three regions. Content (the ciphertext coefficients) is masked under RLWE — it leaks nothing. Budget (precision left, level, scale) is determined by public metadata — read it from there, not from coefficient magnitudes. Relations (the public linear maps of the datapath) are verifiable key-free with a random projection. That is where integrity effort should go.
For any efficient key-free observer, there is a simulator that reproduces its output distribution from only the public metadata plus a local computation-deviation transcript. The simulator is given the full deviation; a real relation check only ever projects it. The bound deliberately over-approximates what actually leaks. The fault-free case is the usual consequence of semantic security; the refinement is the faulty case.
The decomposition gives a concrete design rule for the next generation of CKKS hardware monitors. Stop computing noise gauges over ciphertext coefficients — they do not gain you usable signal beyond what metadata already encodes. Spend the silicon budget on checking the fixed public linear relations of the datapath with a precomputed Freivalds-style projection: a single random vector, multiplied mod an independently challenged prime, with one-sided false-accept probability at most 1/κ.
A key-free hardware monitor's useful view is simulable from (public metadata + local deviation transcript). The content-bearing part of the ciphertext coefficients contributes no extra information about hidden plaintexts, secrets, or within-level noise predicates. So design the monitor accordingly: read coarse budget signals from metadata, and verify public datapath relations with a precomputed random-projection check. Do not waste integrity effort gauging coefficient-magnitude noise.
Where the information lives — for a key-free observer of a CKKS accelerator
Under multi-sample circular decision-RLWE, no efficient key-free observer of the ciphertext coefficients has non-negligible advantage in distinguishing hidden plaintext content, nor predicates of the residual within-level RLWE noise whose conditioned ensembles remain in the RLWE-pseudorandom class.
For a fixed public parameter set and a public evaluation schedule, the key-free part of the remaining-precision estimate is fully determined by metadata: level, modulus chain, scale, operation history. The fine within-level residual remains masked, and contributes no extra usable signal.
The fixed public linear maps of the CKKS datapath are checked key-free by a precomputed random projection. For a deviation nonzero modulo an independently challenged prime field of size κ, the one-sided algebraic false-accept probability is at most 1/κ.
Fix a checked relation family and an exogenous additive-deviation fault model (deviations independent of key, plaintext, and within-level noise). Then for every efficient key-free observer of the accelerator, there is a simulator that reproduces its output distribution given only the public metadata and the local computation-deviation transcript. The simulator is handed the full local deviation δ; a real relation check might only surface a projection of it. The bound deliberately over-approximates what an actual monitor leaks.
Up to negligible terms, the content-bearing part of the ciphertext coefficients contributes no additional information about hidden plaintexts, secrets, or admissible within-level noise predicates. It may still carry content-free artifacts — for instance a small modulo bias — but not anything a key-free monitor can usefully exploit.
The fault-free case is the usual simulation consequence of semantic security. The refinement is the faulty case: the extra information captured by the ideal transcript is the deviation itself, not plaintext content or fine noise. That separation is what licenses the design rule. An integrity check sees the deviation through its projection. A noise gauge over coefficients does not see anything more than metadata already encoded.
The security here rests on the reduction, not on the experiments. The experiments are reported as a consistency check with an explicit null-advantage baseline.
Hand-built and learned key-free observers remain at the estimator's bias floor for within-level noise across N ∈ {256, 512, 1024}, and for plaintext content (except for one small-sample cell). The same statistic, run after a partial decryption, reaches advantage 0.998 at N = 512 — confirming the gap is the secret key, not the statistic. Public metadata separates the metadata-defined coarse budget classes at advantage 1.0. The precomputed relation check attains the proven false-accept probability for faults not aligned to the tested prime; unconditional fault injection is measured at roughly 2/κ.
For CKKS hardware monitors: read budget information from metadata (level, modulus chain, scale, operation history) and spend integrity effort on public relation checks (precomputed Freivalds-style random projection modulo an independently challenged prime). Do not waste silicon on noise gauges over ciphertext-coefficient magnitudes — they are bounded by the same metadata, and the residual is information-theoretically masked.
This is the actionable form of the completeness theorem. The decomposition tells you where the information lives. The design rule tells you where to spend the integrity budget.
14 pages. Reproducible NumPy experiment scripts ship with the manuscript.