31 research outputs found
CoFHEE: A Co-processor for Fully Homomorphic Encryption Execution
The migration of computation to the cloud has raised privacy concerns as
sensitive data becomes vulnerable to attacks since they need to be decrypted
for processing. Fully Homomorphic Encryption (FHE) mitigates this issue as it
enables meaningful computations to be performed directly on encrypted data.
Nevertheless, FHE is orders of magnitude slower than unencrypted computation,
which hinders its practicality and adoption. Therefore, improving FHE
performance is essential for its real world deployment. In this paper, we
present a year-long effort to design, implement, fabricate, and post-silicon
validate a hardware accelerator for Fully Homomorphic Encryption dubbed CoFHEE.
With a design area of , CoFHEE aims to improve performance of
ciphertext multiplications, the most demanding arithmetic FHE operation, by
accelerating several primitive operations on polynomials, such as polynomial
additions and subtractions, Hadamard product, and Number Theoretic Transform.
CoFHEE supports polynomial degrees of up to with a maximum
coefficient sizes of 128 bits, while it is capable of performing ciphertext
multiplications entirely on chip for . CoFHEE is fabricated in
55nm CMOS technology and achieves 250 MHz with our custom-built low-power
digital PLL design. In addition, our chip includes two communication interfaces
to the host machine: UART and SPI. This manuscript presents all steps and
design techniques in the ASIC development process, ranging from RTL design to
fabrication and validation. We evaluate our chip with performance and power
experiments and compare it against state-of-the-art software implementations
and other ASIC designs. Developed RTL files are available in an open-source
repository
Medha: Microcoded Hardware Accelerator for computing on Encrypted Data
Homomorphic encryption enables computation on encrypted data, and hence it has a great potential in privacy-preserving outsourcing of computations to the cloud. Hardware acceleration of homomorphic encryption is crucial as software implementations are very slow. In this paper, we present design methodologies for building a programmable hardware accelerator for speeding up the cloud-side homomorphic evaluations on encrypted data.
First, we propose a divide-and-conquer technique that enables homomorphic evaluations in the polynomial ring RQ,2N = ZQ[x]/(x2N + 1) to use a hardware accelerator that has been built for the smaller ring RQ,N = ZQ[x]/(xN + 1). The technique makes it possible to use a single hardware accelerator flexibly for supporting several homomorphic encryption parameter sets.
Next, we present several architectural design methods that we use to realize the flexible and instruction-set accelerator architecture, which we call ‘Medha’. At every level of the implementation hierarchy, we explore possibilities for parallel processing. Starting from hardware-friendly parallel algorithms for the basic building blocks, we gradually build heavily parallel RNS polynomial arithmetic units. Next, many of these parallel units are interconnected elegantly so that their interconnections require the minimum number of nets, therefore making the overall architecture placement-friendly on the platform. As homomorphic encryption is computation- as well as data-centric, the speed of homomorphic evaluations depends greatly on the way the data variables are handled. For Medha, we take a memory-conservative design approach and get rid of any off-chip memory access during homomorphic evaluations.
Finally, we implement Medha in a Xilinx Alveo U250 FPGA and measure timing performances of the microcoded homomorphic addition, multiplication, key-switching, and rescaling routines for the leveled fully homomorphic encryption scheme RNSHEAAN at 200 MHz clock frequency. For the large parameter sets (log Q,N) = (438, 214) and (546, 215), Medha achieves accelerations by up to 68× and 78× times respectively compared to a highly optimized software implementation Microsoft SEAL running at 2.3 GHz
CiFHER: A Chiplet-Based FHE Accelerator with a Resizable Structure
Fully homomorphic encryption (FHE) is in the spotlight as a definitive
solution for privacy, but the high computational overhead of FHE poses a
challenge to its practical adoption. Although prior studies have attempted to
design ASIC accelerators to mitigate the overhead, their designs require
excessive amounts of chip resources (e.g., areas) to contain and process
massive data for FHE operations.
We propose CiFHER, a chiplet-based FHE accelerator with a resizable
structure, to tackle the challenge with a cost-effective multi-chip module
(MCM) design. First, we devise a flexible architecture of a chiplet core whose
configuration can be adjusted to conform to the global organization of chiplets
and design constraints. The distinctive feature of our core is a recomposable
functional unit providing varying computational throughput for number-theoretic
transform (NTT), the most dominant function in FHE. Then, we establish
generalized data mapping methodologies to minimize the network overhead when
organizing the chips into the MCM package in a tiled manner, which becomes a
significant bottleneck due to the technology constraints of MCMs. Also, we
analyze the effectiveness of various algorithms, including a novel limb
duplication algorithm, on the MCM architecture. A detailed evaluation shows
that a CiFHER package composed of 4 to 64 compact chiplets provides performance
comparable to state-of-the-art monolithic ASIC FHE accelerators with
significantly lower package-wide power consumption while reducing the area of a
single core to as small as 4.28mm.Comment: 15 pages, 9 figure
RISE: RISC-V SoC for En/decryption Acceleration on the Edge for Homomorphic Encryption
Today edge devices commonly connect to the cloud to use its storage and
compute capabilities. This leads to security and privacy concerns about user
data. Homomorphic Encryption (HE) is a promising solution to address the data
privacy problem as it allows arbitrarily complex computations on encrypted data
without ever needing to decrypt it. While there has been a lot of work on
accelerating HE computations in the cloud, little attention has been paid to
the message-to-ciphertext and ciphertext-to-message conversion operations on
the edge. In this work, we profile the edge-side conversion operations, and our
analysis shows that during conversion error sampling, encryption, and
decryption operations are the bottlenecks. To overcome these bottlenecks, we
present RISE, an area and energy-efficient RISC-V SoC. RISE leverages an
efficient and lightweight pseudo-random number generator core and combines it
with fast sampling techniques to accelerate the error sampling operations. To
accelerate the encryption and decryption operations, RISE uses scalable,
data-level parallelism to implement the number theoretic transform operation,
the main bottleneck within the encryption and decryption operations. In
addition, RISE saves area by implementing a unified en/decryption datapath, and
efficiently exploits techniques like memory reuse and data reordering to
utilize a minimal amount of on-chip memory. We evaluate RISE using a complete
RTL design containing a RISC-V processor interfaced with our accelerator. Our
analysis reveals that for message-to-ciphertext conversion and
ciphertext-to-message conversion, using RISE leads up to 6191.19X and 2481.44X
more energy-efficient solution, respectively, than when using just the RISC-V
processor
TPU as Cryptographic Accelerator
Polynomials defined on specific rings are heavily involved in various
cryptographic schemes, and the corresponding operations are usually the
computation bottleneck of the whole scheme.
We propose to utilize TPU, an emerging hardware designed for AI applications,
to speed up polynomial operations and convert TPU to a cryptographic
accelerator.
We also conduct preliminary evaluation and discuss the limitations of current
work and future plan
Accelerator for Computing on Encrypted Data
Fully homomorphic encryption enables computation on encrypted data, and hence it has a great potential in privacy-preserving outsourcing of computations. In this paper, we present a complete instruction-set processor architecture ‘Medha’ for accelerating the cloud-side operations of an RNS variant of the HEAAN homomorphic encryption scheme. Medha has been designed following a modular hardware design approach to attain a fast computation time for computationally expensive homomorphic operations on encrypted data. At every level of the implementation hierarchy, we explore possibilities for parallel processing. Starting from hardware-friendly parallel algorithms for the basic building blocks, we gradually build heavily parallel RNS polynomial arithmetic units. Next, many of these parallel units are interconnected elegantly so that their interconnections require the minimum number of nets, therefore making the overall architecture placement-friendly on the implementation platform. As homomorphic encryption is computation- as well as data-centric, the speed of homomorphic evaluations depends greatly on the way the data variables are handled. For Medha, we take a memory-conservative design approach and get rid of any off-chip memory access during homomorphic evaluations.
Our instruction-set accelerator Medha is programmable and it supports all homomorphic evaluation routines of the leveled
fully RNS-HEAAN scheme. For a reasonably large parameter with the polynomial ring dimension 214 and ciphertext coefficient modulus 438-bit (corresponding to 128-bit security), we implemented Medha in a Xilinx Alveo U250 card. Medha achieves the fastest computation latency to date and is almost 2.4× faster in latency and also somewhat smaller in area than a state-of-the-art reconfigurable hardware accelerator for the same parameter
HEAX: An Architecture for Computing on Encrypted Data
With the rapid increase in cloud computing, concerns surrounding data
privacy, security, and confidentiality also have been increased significantly.
Not only cloud providers are susceptible to internal and external hacks, but
also in some scenarios, data owners cannot outsource the computation due to
privacy laws such as GDPR, HIPAA, or CCPA. Fully Homomorphic Encryption (FHE)
is a groundbreaking invention in cryptography that, unlike traditional
cryptosystems, enables computation on encrypted data without ever decrypting
it. However, the most critical obstacle in deploying FHE at large-scale is the
enormous computation overhead.
In this paper, we present HEAX, a novel hardware architecture for FHE that
achieves unprecedented performance improvement. HEAX leverages multiple levels
of parallelism, ranging from ciphertext-level to fine-grained modular
arithmetic level. Our first contribution is a new highly-parallelizable
architecture for number-theoretic transform (NTT) which can be of independent
interest as NTT is frequently used in many lattice-based cryptography systems.
Building on top of NTT engine, we design a novel architecture for computation
on homomorphically encrypted data. We also introduce several techniques to
enable an end-to-end, fully pipelined design as well as reducing on-chip memory
consumption. Our implementation on reconfigurable hardware demonstrates
164-268x performance improvement for a wide range of FHE parameters.Comment: To appear in proceedings of ACM ASPLOS 202
GME: GPU-based Microarchitectural Extensions to Accelerate Homomorphic Encryption
Fully Homomorphic Encryption (FHE) enables the processing of encrypted data
without decrypting it. FHE has garnered significant attention over the past
decade as it supports secure outsourcing of data processing to remote cloud
services. Despite its promise of strong data privacy and security guarantees,
FHE introduces a slowdown of up to five orders of magnitude as compared to the
same computation using plaintext data. This overhead is presently a major
barrier to the commercial adoption of FHE.
In this work, we leverage GPUs to accelerate FHE, capitalizing on a
well-established GPU ecosystem available in the cloud. We propose GME, which
combines three key microarchitectural extensions along with a compile-time
optimization to the current AMD CDNA GPU architecture. First, GME integrates a
lightweight on-chip compute unit (CU)-side hierarchical interconnect to retain
ciphertext in cache across FHE kernels, thus eliminating redundant memory
transactions. Second, to tackle compute bottlenecks, GME introduces special
MOD-units that provide native custom hardware support for modular reduction
operations, one of the most commonly executed sets of operations in FHE. Third,
by integrating the MOD-unit with our novel pipelined -bit integer
arithmetic cores (WMAC-units), GME further accelerates FHE workloads by .
Finally, we propose a Locality-Aware Block Scheduler (LABS) that exploits the
temporal locality available in FHE primitive blocks. Incorporating these
microarchitectural features and compiler optimizations, we create a synergistic
approach achieving average speedups of , , and
over Intel Xeon CPU, NVIDIA V100 GPU, and Xilinx FPGA
implementations, respectively
GME: GPU-based Microarchitectural Extensions to Accelerate Homomorphic Encryption
Fully Homomorphic Encryption (FHE) enables the processing of encrypted data without decrypting it. FHE has garnered significant attention over the past decade as it supports secure outsourcing of data processing to remote cloud services. Despite its promise of strong data privacy and security guarantees, FHE introduces a slowdown of up to five orders of magnitude as compared to the same computation using plaintext data. This overhead is presently a major barrier to the commercial adoption of FHE. While prior efforts recommend moving to custom accelerators to accelerate FHE computing, these solutions lack cost-effectiveness and scalability. In this work, we leverage GPUs to accelerate FHE, capitalizing on a well-established GPU ecosystem that is available in the cloud. We propose GME, which combines three key microarchitectural extensions along with a compile-time optimization to the current AMD CDNA GPU architecture. First, GME integrates a lightweight on-chip compute unit (CU)-side hierarchical interconnect to retain ciphertext in cache across FHE kernels, thus eliminating redundant memory transactions and improving performance. Second, to tackle compute bottlenecks, GME introduces special MOD-units that provide native custom hardware support for modular reduction
operations, one of the most commonly executed sets of operations in FHE. Third, by integrating the MOD-unit with our novel pipelined 64-bit integer arithmetic cores (WMAC-units), GME further accelerates FHE workloads by 19%. Finally, we propose a Locality-Aware Block Scheduler (LABS) that improves FHE workload performance, exploiting the temporal locality available in FHE primitive blocks. Incorporating these microarchitectural features and compiler optimizations, we create a synergistic approach achieving average speedups of 796×, 14.2×, and 2.3× over Intel Xeon CPU, NVIDIA V100 GPU, and Xilinx FPGA implementations, respectively
Design of a Flexible Schoenhage-Strassen FFT Polynomial Multiplier with High-Level Synthesis
Homomorphic Encryption (HE) is a promising field because it allows for encrypted data to be sent to and operated on by untrusted parties without the risk of privacy compromise. The benefits and applications of HE are far reaching, especially in regard to cloud computing. However, current HE solutions require resource intensive arithmetic operations such as high precision, high degree polynomial multiplication resulting in a minimum computational complexity of O(n log(n)) on standard CPUs though application of the Fast Fourier Transform (FFT). These operations result in poor overall performance for HE schemes in software and would benefit greatly from hardware acceleration.
This work aims to accelerate the multi-precision arithmetic operations used in HE with specific focus on an implementation of the Schönhage-Strassen FFT based multiplication algorithm. It is to be incorporated into a larger HE library of arithmetic functions tuned for High Level Synthesis (HLS) that enables flexible solutions for hardware/software systems on reconfigurable cloud resources. Although this project was inspired by HE, it could be incorporated within a generic mathematical library and support other domains. The developed FFT based polynomial multiplier exhibits flexibility in the selection of security parameters facilitating its use in a wide range of HE schemes and applications. The design also displayed substantial speedup over the polynomial multiplication functions implemented in the Number Theory Library (NTL) utilized by software based HE solutions