PETA: A Privacy-Enhanced Framework for Secure and Auditable Tax Analysis

Authors

  • Devharsh Trivedi Department of Computer Science, Bowie State University, Bowie, MD, USA Author
  • Chanord Malcolm Department of Computer Science, Bowie State University, Bowie, MD, USA Author
  • Joshua Harrell Department of Computer Science, Bowie State University, Bowie, MD, USA Author
  • Henry Omisakin Department of Computer Science, Bowie State University, Bowie, MD, USA Author
  • Patrick Addison Department of Computer Science, Bowie State University, Bowie, MD, USA Author

DOI:

https://doi.org/10.65879/3070-5789.2025.01.08

Keywords:

Fully homomorphic encryption, CKKS scheme, encrypted tax computation

Abstract

The increasing global adoption of electronic tax systems inherently introduces significant privacy and security risks, primarily stemming from the reliance on cloud infrastructure for storing and processing highly sensitive financial data. Conventional digital tax platforms typically necessitate unrestricted access to taxpayers’ raw data, thereby rendering these systems acutely vulnerable to sophisticated cyberattacks, large-scale data breaches, and malicious insider threats. This exposure fundamentally compromises the confidentiality of personal financial records and demonstrably contributes to the erosion of public trust in governmental digital services. To address these challenges, we introduce a privacy-preserving framework specifically engineered for secure tax calculation. Our technical solution is founded on the strategic integration of Fully Homomorphic Encryption (FHE), specifically employing the Cheon-Kim-Kim-Song (CKKS) scheme. The CKKS scheme is uniquely suited to enabling approximate arithmetic on encrypted data, which facilitates the secure evaluation of complex, real-valued inputs, including income figures, allowable deductions, and financial risk metrics. We implemented an encrypted tax pipeline utilizing the CKKS scheme. This pipeline rigorously supports the necessary real-valued operations and ensures the secure computation of core tax outcomes, including the exact tax owed, potential refund amounts, and predictive fraud assessment, with inherent implications for compliant auditing and maintaining evidentiary integrity. Experimental results conclusively demonstrate that our proposed system maintains both high utility and accuracy in its calculations while simultaneously guaranteeing data confidentiality. This approach establishes a practical foundation for building secure, transparent, and trustworthy digital tax infrastructures.

References

[1] D. C. Snell, Ledgers and Prices: Early Mesopotamian Merchant Accounts. Yale Univ. Press, 1982.

[2] D. Patel, “Historical Evolution of Tax Laws: Key Developments — taxguru.in,” https://taxguru.in/income-tax/ historical-evolution-tax-laws-key-developments.html, [Accessed 04-11-2025].

[3] adm virs, “A Global History of Taxation: From Ancient Tributes to Modern Systems — virsa.co,” https://virsa.co/ a-global-history-of-taxation-from-ancient-tributes-to-modern-systems/, [Accessed 04-11-2025].

[4] K. McMahon, “Stressed About Taxes? Blame the Ancient Egyptians — smithsonianmag.com,” https://www.smithsonianmag.com/history/ stressed-about-taxes-blame-the-ancient-egyptians-180984059/, [Accessed 04-11-2025].

[5] “History of Taxes: A Brief Overview — taxfoundation.org,” https: //taxfoundation.org/taxedu/primers/primer-history-of-taxes/, [Accessed 04-11-2025].

[6] A. Kumar, “State tax policy from the oldest civilisation to Kautilya,” International Journal of Science & Engineering Development Research, vol. 8, no. 2, pp. 443–445, Feb 2023, available online. [Online]. Available: http://www.ijrti.org/papers/IJRTI2302073.pdf

[7] “You have almost certainly been hacked — theweek.com,” https: //theweek.com/articles/730439/have-almost-certainly-been-hacked, [Ac- cessed 04-11-2025].

[8] “The Ultimate Guide to Attack Surface — Netenrich — netenrich.com,” https://netenrich.com/guides/attack-surface, [Accessed 04-11-2025].

[9] “Neiman Marcus says 64,000 affected by breach of Snowflake customer account — therecord.media,” https://therecord.media/ neiman-marcus-snowflake-breach-thousands, [Accessed 04-11-2025].

[10] “Neiman Marcus confirms data breach after Snowflake account hack — bleepingcomputer.com,” https://www.bleepingcomputer.com/news/security/neiman-marcus-confirms-data-breach-after-snowflake-account-hack/, [Accessed 04-11-2025].

[11] “Neiman Marcus Data Breach Litigation - Home — nmgsettlement.com,” https://nmgsettlement.com/, [Accessed 04-11-2025].

[12] “IRS (2015-05-01) Cyber-Attack Hack Breach - The Cyber Security Incident Database (CSIDB) — csidb.net,” https://www.csidb.net/csidb/ incidents/955f99e7-b45b-4d38-98a7-77379e2a749b/, [Accessed 04-11- 2025].

[13] “IRS: Crooks Stole Data on 100K Taxpayers Via ’Get Transcript’ Feature — Krebs on Security — krebsonsecurity.com,” https://krebsonsecurity.com/2015/05/ irs-crooks-stole-data-on-100k-taxpayers-via-get-transcript-feature/, [Accessed 04-11-2025].

[14] C. Gentry, “Fully homomorphic encryption using ideal lattices,” in Proceedings of the forty-first annual ACM symposium on Theory of Computing, 2009, pp. 169–178.

[15] D. Trivedi, “Privacy-preserving security analytics,” 5 2023. [Online]. Available: https://www.isaca.org/resources/news-and-trends/ isaca-now-blog/2023/privacy-preserving-security-analytics

[16] ——, “The future of cryptography: Performing computations on encrypted data,” ISACA Journal, vol. 1, no. 2023, 2 2023. [Online]. Available: https://www.isaca.org/resources/isaca-journal/ issues/2023/volume-1/the-future-of-cryptography

[17] S. Angel, H. Chen, K. Laine, and S. Setty, “Pir with compressed queries and amortized query processing,” in 2018 IEEE Symposium on Security and Privacy (SP). IEEE, 2018, pp. 962–979.

[18] J. W. Bos, W. Castryck, I. Iliashenko, and F. Vercauteren, “Privacy-friendly forecasting for the smart grid using homomorphic encryption and the group method of data handling,” in Progress in Cryptology- AFRICACRYPT 2017: 9th International Conference on Cryptology in Africa, Dakar, Senegal, May 24-26, 2017, Proceedings. Springer, 2017, pp. 184–201.

[19] Boudguiga, O. Stan, H. Sedjelmaci, and S. Carpov, “Homomorphic encryption at work for private analysis of security logs.” in ICISSP, 2020, pp. 515–523.

[20] F. Bourse, M. Minelli, M. Minihold, and P. Paillier, “Fast homo- morphic evaluation of deep discretized neural networks,” in Advances in Cryptology–CRYPTO 2018: 38th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19–23, 2018, Proceedings, Part III 38. Springer, 2018, pp. 483–512.

[21] M. Kim and K. Lauter, “Private genome analysis through homomorphic encryption,” in BMC medical informatics and decision making, vol. 15, no. 5. BioMed Central, 2015, pp. 1–12.

[22] D. Trama, P.-E. Clet, A. Boudguiga, and R. Sirdey, “Building blocks for LSTM homomorphic evaluation with tfhe,” in International Symposium on Cyber Security, Cryptology, and Machine Learning. Springer, 2023, pp. 117–134.

[23] D. Trivedi, A. Boudguiga, and N. Triandopoulos, “Sigml: Supervised log anomaly with fully homomorphic encryption,” in International Symposium on Cyber Security, Cryptology, and Machine Learning. Springer, 2023, pp. 372–388.

[24] Z. Brakerski, C. Gentry, and V. Vaikuntanathan, “(leveled) fully homomorphic encryption without bootstrapping,” ACM Transactions on Computation Theory (TOCT), vol. 6, no. 3, pp. 1–36, 2014.

[25] J. H. Cheon, A. Kim, M. Kim, and Y. Song, “Homomorphic encryption for arithmetic of approximate numbers,” in Advances in Cryptology– ASIACRYPT 2017: 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Hong Kong, China, December 3-7, 2017, Proceedings, Part I 23. Springer, 2017, pp. 409–437.

[26] J. Fan and F. Vercauteren, “Somewhat practical fully homomorphic encryption,” Cryptology ePrint Archive, 2012.

[27] C. Gentry, A. Sahai, and B. Waters, “Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attribute-based,” in Advances in Cryptology–CRYPTO 2013: 33rd Annual Cryptology Conference, Santa Barbara, CA, USA, August 18-22, 2013. Proceedings, Part I. Springer, 2013, pp. 75–92.

[28] Chillotti, N. Gama, M. Georgieva, and M. Izabachene, “Faster fully homomorphic encryption: Bootstrapping in less than 0.1 seconds,” in Advances in Cryptology–ASIACRYPT 2016: 22nd International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam, December 4-8, 2016, Proceedings, Part I 22. Springer, 2016, pp. 3–33.

[29] L. Ducas and D. Micciancio, “Fhew: bootstrapping homomorphic encryption in less than a second,” in Advances in Cryptology– EUROCRYPT 2015: 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part I 34. Springer, 2015, pp. 617–640.

[30] H. Cheon, A. Kim, M. Kim, and Y. Song, “Homomorphic encryption for arithmetic of approximate numbers,” Cryptology ePrint Archive, Report 2016/421, 2016, https://eprint.iacr.org/2016/421.

[31] Acar, H. Aksu, A. S. Uluagac, and M. Conti, “A survey on homomorphic encryption schemes: Theory and implementation,” ACM Computing Surveys (Csur), vol. 51, no. 4, pp. 1–35, 2018.

[32] D. Boneh, A. Sahai, and B. Waters, “Functional encryption: Definitions and challenges,” in Theory of Cryptography Conference. Springer, 2011, pp. 253–273.

[33] M. Abdalla, D. Catalano, R. Gay, and B. Ursu, “Inner-product functional encryption with fine-grained access control,” Cryptology ePrint Archive, Paper 2020/577, 2020. [Online]. Available: https://eprint.iacr.org/2020/577

[34] U. Fiege, A. Fiat, and A. Shamir, “Zero knowledge proofs of identity,” in Proceedings of the nineteenth annual ACM symposium on Theory of Computing, 1987, pp. 210–217.

[35] O. Goldreich, “Secure multiparty computation,” Manuscript. Preliminary version, vol. 78, no. 110, pp. 1–108, 1998.

[36] “MPC Library — CoinFabrik — coinfabrik.com,” https://www.coinfabrik.com/products/mpc-multi-party-computation-library/, [Accessed 10-11-2025].

[37] “Glossary — FHE, Differential Privacy & Multiparty Computation — dualitytech.com,” https://dualitytech.com/glossary/, [Accessed 11-11- 2025].

[38] D. Bogdanov, L. Kamm, B. Kubo, R. Rebane, V. Sokk, and R. Talviste, “Students and taxes: a privacy-preserving study using secure computation,” Proceedings on Privacy Enhancing Technologies, 2016.

[39] Burman, B. Johnson, V. L. Bryant, G. MacDonald, and R. McClelland, “Protecting privacy and expanding access in a modern administrative tax data system,” National Tax Journal, vol. 77, no. 4, pp. 927–947, 2024.

[40] “Compliance FAQ — sarus.tech,” https://www.sarus.tech/solutions/ use-cases/security-compliance/compliance-faq, [Accessed 10-11-2025].

[41] “Protecting Privacy: Differential Privacy and Homomorphic Encryption — The Central Texas IT Guy — thecentexitguy.com,” https://thecentexitguy.com/protecting-privacy-differential-privacy-and-homomorphic-encryption/, [Accessed 10-11-2025].

[42] “Understanding Robust Privacy with Differential Privacy (DP) and Data Transformation Systems (DTS) - 7/25 - Azoo Blogs — cubig.ai,” https://cubig.ai/blogs/ understanding-robust-privacy-with-differential-privacy-dp-and-data- transformation-systems-dts-7-25, [Accessed 10-11-2025].

[43] “Differentially private median and more — research.google,” https://research.google/blog/differentially-private-median-and-more/, [Accessed 11-11-2025].

[44] C. Dwork, “Differential privacy,” in International Colloquium on Automata, Languages, and Programming. Springer, 2006, pp. 1–12.

[45] ——, “Differential privacy: A survey of results,” in Theory and Applications of Models of Computation: 5th International Conference, TAMC 2008, Xi’an, China, April 25-29, 2008. Proceedings 5. Springer, 2008, pp. 1–19.

[46] C. Dwork, A. Roth et al., “The algorithmic foundations of differential privacy,” Foundations and Trends® in Theoretical Computer Science, vol. 9, no. 3–4, pp. 211–407, 2014.

[47] F. Barrientos, A. R. Williams, J. Snoke, and C. M. Bowen, “A feasibility study of differentially private summary statistics and regression analyses with evaluations on administrative and survey data,” 2023. [Online]. Available: https://arxiv.org/abs/2110.12055

[48] J. Kato, E. O. Pinyi, I. D. Ssetimba, H. N. Nakayenga, B. Akashaba, and E. Twineamatsiko, “Securing taxpayer data: Advancing cybersecurity in tax accounting practices,” International Journal of Research in Interdisciplinary Studies, vol. 2, no. 7, p. 42–46, Jul. 2024. [Online]. Available: https://journal.ijris.com/index.php/ijris/article/view/65

[49] D. Vangjeli, “Policy enforcement using attribute-based encryption in distributed environments,” Master’s thesis, Eindhoven University of Technology, August 2014, available at https://research.tue.nl/en/studentTheses/ policy-enforcement-using-attribute-based-encryption-in-distribute/.

[50] Berke, T. South, R. Mahari, K. Larson, and A. Pentland, “zktax: A pragmatic way to support zero-knowledge tax disclosures,” arXiv preprint arXiv:2311.13008, 2023.

[51] “What is a Zero-Knowledge Proof? — nmkr.io,” https://www.nmkr.io/ glossary/zero-knowledge-proof, [Accessed 11-11-2025].

[52] “GitHub - sarojaerabelli/py-fhe: A Python library for fully homomorphic encryption — github.com,” https://github.com/sarojaerabelli/py-fhe, [Accessed 10-11-2025].

[53] Ibarrondo and A. Viand, “Pyfhel: Python for homomorphic encryption libraries,” in Proceedings of the 9th Workshop on Encrypted Computing & Applied Homomorphic Cryptography, 2021, pp. 11–16.

[54] T. Kluyver, B. Ragan-Kelley, F. Pe´rez, B. Granger, M. Bussonnier, J. Frederic, K. Kelley, J. Hamrick, J. Grout, S. Corlay, P. Ivanov, D. Avila, S. Abdalla, and C. Willing, “Jupyter notebooks – a publishing format for reproducible computational workflows,” in Positioning and Power in Academic Publishing: Players, Agents and Agendas, F. Loizides and B. Schmidt, Eds. IOS Press, 2016, pp. 87–90.

[55] “Microsoft SEAL (release 4.0),” https://github.com/Microsoft/SEAL, Mar. 2022, Microsoft Research, Redmond, WA.

[56] “PALISADE Lattice Cryptography Library (release 1.11.2),” https:// palisade-crypto.org/, May 2021.

[57] Zama, “Concrete: TFHE Compiler that converts Python programs into FHE equivalent,” 2022, https://github.com/zama-ai/concrete.

[58] Z. Brakerski, “Fully homomorphic encryption without modulus switching from classical gapsvp,” in Proceedings of the 32Nd Annual Cryptology Conference on Advances in Cryptology — CRYPTO 2012 - Volume 7417. New York, NY, USA: Springer-Verlag New York, Inc., 2012, pp. 868–886, http://dx.doi.org/10.1007/978-3-642-32009-5 50.

[59] J. Fan and F. Vercauteren, “Somewhat practical fully homomorphic encryption,” Cryptology ePrint Archive, Report 2012/144, 2012, https://eprint.iacr.org/2012/144.

[60] Z. Brakerski, C. Gentry, and V. Vaikuntanathan, “Fully homomorphic encryption without bootstrapping,” Cryptology ePrint Archive, Paper 2011/277, 2011, https://eprint.iacr.org/2011/277.

[61] Benaissa, B. Retiat, B. Cebere, and A. E. Belfedhal, “Tenseal: A library for encrypted tensor operations using homomorphic encryption,” 2021.

Downloads

Published

2025-12-08

Issue

Vol. 1 (2025)

Section

Articles

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.