832 research outputs found
Faster Bootstrapping of FHE over the Integers
Bootstrapping in fully homomorphic encryption (FHE) over the integers is a homomorphic evaluation of the squashed decryption function suggested by van Dijk et al.
The typical approach for the bootstrapping is representing the decryption function as a binary circuit with a fixed message space. All bootstrapping methods in FHEs over the integers use this approach; however, these methods require too many homomorphic multiplications, slowing down the whole procedure. In this paper, we propose an efficient bootstrapping method using various message spaces. Our bootstrapping method requires only number of homomorphic multiplications, which is significantly lower than of the previous methods. We implement our bootstrapping method on the scale-invariant FHE over the integers; the CLT scheme introduced by Coron, Lepoint and Tibouchi. It takes 6 seconds for a 500-bit message space and a 72-bit security in PC. This is the fastest result among the bootstrapping methods on FHEs over the integers. We also apply our bootstrapping method to evaluate an AES-128 circuit homomorphically. As a result, it takes about 8 seconds per 128-bit block and is faster than the previous result of homomorphic evaluation of AES circuit using FHEs over the integers without bootstrapping
Faster Bootstrapping of FHE over the integers with large prime message space
Bootstrapping of FHE over the integer with large message is a open problem, which is to evaluate double modulo arithmetic homomorphically for large . In this paper, we express this double modulo reduction circuit as a arithmetic circuit of degree at most , with multiplication gates, where and is the security parameter. The complexity of decryption circuit is independent of the message space size with a constraint
๋ํ์ํธ ์ฌ๋ถํ ๊ธฐ๋ฒ์ ๊ดํ ์ฐ๊ตฌ
ํ์๋
ผ๋ฌธ (๋ฐ์ฌ)-- ์์ธ๋ํ๊ต ๋ํ์ : ์์ฐ๊ณผํ๋ํ ์๋ฆฌ๊ณผํ๋ถ, 2019. 2. ์ฒ์ ํฌ.2009๋
Gentry์ ์ํด์ ์์ ๋ํ์ํธ๊ฐ ์ฒ์ ์ค๊ณ๋ ์ดํ๋ก ์ต์ ํ์ ๊ณ ์ํ๋ฅผ ์ํด์ ๋ค์ํ ๊ธฐ๋ฒ๋ค๊ณผ ์คํด๋ค์ด ์ค๊ณ๋์ด ์๋ค. ํ์ง๋ง ๋ํ์ํธ์ ์ฐ์ฐํ์๋ฅผ ๋ฌด์ ํ์ผ๋ก ๋๋ฆฌ๊ธฐ ์ํด์ ํ์์ ์ธ ์ฌ๋ถํ
๊ธฐ๋ฒ์ ํจ์จ์ฑ ๋ฌธ์ ๋ก ์ค์ ์์ฉ์ ์ ์ฉํ๊ธฐ์๋ ๋ถ์ ํฉํ๋ค๋ ํ๊ฐ๋ฅผ ๋ง์ด ๋ฐ์์๋ค. ๋ณธ ๋
ผ๋ฌธ์์๋ ์ฌ๋ถํ
๊ธฐ๋ฒ์ ๊ณ ์ํ๋ฅผ ์ํ ๋ค์ํ ๊ธฐ๋ฒ์ ์ ์ํ๊ณ ์ด๋ฅผ ์ค์ ๋ก ์์ฉ๋ถ์ผ์ ์ ์ฉํ์๋ค.
๋ณธ ๋
ผ๋ฌธ์์๋ ๋ํ์ ์ธ ๋ํ์ํธ ์คํด๋ค์ ๋ํ ์ฌ๋ถํ
๊ธฐ๋ฒ์ ๋ํ ์ฐ๊ตฌ๋ฅผ ์ํํ์๋๋ฐ, ์ฒซ ๋ฒ์งธ๋ก๋ Microsoft Research์ IMB์์ ๋ง๋ ๋ํ์ํธ ๋ผ์ด๋ธ๋ฌ๋ฆฌ์ธ SEAL๊ณผ HElib์ ์ ์ฉ๊ฐ๋ฅํ ์ฌ๋ถํ
๊ธฐ๋ฒ์ ๋ํ ์ฐ๊ตฌ๋ฅผ ์ํํ์๋ค. ํด๋น ์ฌ๋ถํ
๊ธฐ๋ฒ์์ ํต์ฌ์ ์ด ๊ณผ์ ์ ์ํธํ๋ ์ํ์์ ๋ณตํธํ ํจ์๋ฅผ ๊ณ์ฐํ๋ ๋ถ๋ถ์ด๋ค. ์ํธ๋ ์ํ์์ ์ตํ์ ๋นํธ๋ฅผ ์ถ์ถํ๋ ์๋ก์ด ๋ฐฉ๋ฒ์ ์ ์ํ์ฌ ์ฌ๋ถํ
๊ณผ์ ์์ ์๋ชจ๋๋ ๊ณ์ฐ๋๊ณผ ํํ๋๋ ๋คํญ์์ ์ฐจ์๋ฅผ ์ค์ด๋๋ฐ์ ์ฑ๊ณตํ์๋ค.
๋ ๋ฒ์งธ๋ก๋, ๋น๊ต์ ์ต๊ทผ์ ๊ฐ๋ฐ๋ ๊ทผ์ฌ๊ณ์ฐ ๋ํ์ํธ์ธ HEAAN ์คํด์ ์ฌ๋ถํ
๊ธฐ๋ฒ์ ๊ฐ์ ํ๋ ์ฐ๊ตฌ๋ฅผ ์ํํ์๋ค. 2018๋
์ ์ผ๊ฐํจ์๋ฅผ ์ด์ฉํ ๊ทผ์ฌ๋ฒ์ ํตํด์ ์ฒ์ ํด๋น ์คํด์ ๋ํ ์ฌ๋ถํ
๊ธฐ๋ฒ์ด ์ ์๋์๋๋ฐ, ๋ง์ ๋ฐ์ดํฐ๋ฅผ ๋ด๊ณ ์๋ ์ํธ๋ฌธ์ ๋ํด์๋ ์ ์ฒ๋ฆฌ, ํ์ฒ๋ฆฌ ๊ณผ์ ์ด ๊ณ์ฐ๋์ ๋๋ถ๋ถ์ ์ฐจ์งํ๋ ๋ฌธ์ ๊ฐ ์์๋ค. ํด๋น ๊ณผ์ ๋ค์ ์ฌ๋ฌ ๋จ๊ณ๋ก ์ฌ๊ท์ ์ธ ํจ์๋ค๋ก ํํํ์ฌ ๊ณ์ฐ๋์ด ๋ฐ์ดํฐ ์ฌ์ด์ฆ์ ๋ํด์ ๋ก๊ทธ์ ์ผ๋ก ์ค์ด๋ ๊ฒ์ ์ฑ๊ณตํ์๋ค. ์ถ๊ฐ๋ก, ๋ค๋ฅธ ์คํด๋ค์ ๋นํด์ ๋ง์ด ์ฌ์ฉ๋์ง๋ ์์ง๋ง, ์ ์๊ธฐ๋ฐ ๋ํ์ํธ๋ค์ ๋ํด์๋ ์ฌ๋ถํ
๊ธฐ๋ฒ์ ๊ฐ์ ํ๋ ์ฐ๊ตฌ๋ฅผ ์ํํ์๊ณ ๊ทธ ๊ฒฐ๊ณผ ๊ณ์ฐ๋์ ๋ก๊ทธ์ ์ผ๋ก ์ค์ด๋ ๊ฒ์ ์ฑ๊ณตํ์๋ค.
๋ง์ง๋ง์ผ๋ก, ์ฌ๋ถํ
๊ธฐ๋ฒ์ ํ์ฉ์ฑ๊ณผ ์ฌ์ฉ ๊ฐ๋ฅ์ฑ์ ๋ณด์ด๊ธฐ ์ํด ์ค์ ๋ฐ์ดํฐ ๋ณด์์ ํ์๋ก ํ๋ ๊ธฐ๊ณํ์ต ๋ถ์ผ์ ์ ์ฉํด๋ณด์๋ค. ์ค์ ๋ก 400,000๊ฑด์ ๊ธ์ต ๋ฐ์ดํฐ๋ฅผ ์ด์ฉํ ํ๊ท๋ถ์์ ์ํธํ๋ ๋ฐ์ดํฐ๋ฅผ ์ด์ฉํด์ ์ํํ์๋ค. ๊ทธ ๊ฒฐ๊ณผ ์ฝ 16์๊ฐ ์์ 80\% ์ด์์ ์ ํ๋์ 0.8 ์ ๋์ AUROC ๊ฐ์ ๊ฐ์ง๋ ์ ์๋ฏธํ ๋ถ์ ๋ชจ๋ธ์ ์ป์ ์ ์์๋ค.After Gentry's blueprint on homomorphic encryption (HE) scheme, various efficient schemes have been suggested. For unlimited number of operations between encrypted data, the bootstrapping process is necessary. There are only few works on bootstrapping procedure because of the complexity and inefficiency of bootstrapping. In this paper, we propose various method and techniques for improved bootstrapping algorithm, and we apply it to logistic regression on large scale encrypted data.
The bootstrapping process depends on based homomorphic encryption scheme. For various schemes such as BGV, BFV, HEAAN, and integer-based scheme, we improve bootstrapping algorithm. First, we improved bootstrapping for BGV (HElib) and FV (SEAL) schemes which is implemented by Microsoft Research and IMB respectively. The key process for bootstrapping in those two scheme is extracting lower digits of plaintext in encrypted state. We suggest new polynomial that removes lowest digit of input, and we apply it to bootstrapping with previous method. As a result, both the complexity and the consumed depth are reduced. Second, bootstrapping for multiple data needs homomorphic linear transformation. The complexity of this part is O(n) for number of slot n, and this part becomes a bottleneck when we use large n. We use the structure of linear transformation which is used in bootstrapping, and we decompose the matrix which is corresponding to the transformation. By applying recursive strategy, we reduce the complexity to O(log n). Furthermore, we suggest new bootstrapping method for integer-based HE schemes which are based on approximate greatest common divisor problem. By using digit extraction instead of previous bit-wise approach, the complexity of bootstrapping algorithm reduced from O(poly(lambda)) to O(log^2(lambda)). Our implementation for this process shows 6 seconds which was about 3 minutes.
To show that bootstrapping can be used for practical application, we implement logistic regression on encrypted data with large scale. Our target data has 400,000 samples, and each sample has 200 features. Because of the size of the data, direct application of homomorphic encryption scheme is almost impossible. Therefore, we decide the method for encryption to maximize the effect of multi-threading and SIMD operations in HE scheme. As a result, our homomorphic logistic regression takes about 16 hours for the target data. The output model has 0.8 AUROC with about 80% accuracy. Another experiment on MNIST dataset shows correctness of our implementation and method.Abstract
1 Introduction
1.1 Homomorphic Encryption
1.2 Machine Learning on Encrypted Data
1.3 List of Papers
2 Background
2.1 Notation
2.2 Homomorphic Encryption
2.3 Ring Learning with Errors
2.4 Approximate GCD
3 Lower Digit Removal and Improved Bootstrapping
3.1 Basis of BGV and BFV scheme
3.2 Improved Digit Extraction Algorithm
3.3 Bootstrapping for BGV and BFV Scheme
3.3.1 Our modications
3.4 Slim Bootstrapping Algorithm
3.5 Implementation Result
4 Faster Homomorphic DFT and Improved Bootstrapping
4.1 Basis of HEAAN scheme
4.2 Homomorphic DFT
4.2.1 Previous Approach
4.2.2 Our method
4.2.3 Hybrid method
4.2.4 Implementation Result
4.3 Improved Bootstrapping for HEAAN
4.3.1 Linear Transformation in Bootstrapping
4.3.2 Improved CoeToSlot and SlotToCoe
4.3.3 Implementation Result
5 Faster Bootstrapping for FHE over the integers
5.1 Basis of FHE over the integers
5.2 Decryption Function via Digit Extraction
5.2.1 Squashed Decryption Function
5.2.2 Digit extraction Technique
5.2.3 Homomorphic Digit Extraction in FHE over the integers
5.3 Bootstrapping for FHE over the integers
5.3.1 CLT scheme with M Z_t
5.3.2 Homomorphic Operations with M Z_t^a
5.3.3 Homomorphic Digit Extraction for CLT scheme
5.3.4 Our Method on the CLT scheme
5.3.5 Analysis of Proposed Bootstrapping Method
5.4 Implementation Result
6 Logistic Regression on Large Encrypted Data
6.1 Basis of Logistic Regression
6.2 Logistic Regression on Encrypted Data
6.2.1 HE-friendly Logistic Regression Algorithm
6.2.2 HE-Optimized Logistic Regression Algorithm
6.2.3 Further Optimization
6.3 Evaluation
6.3.1 Logistic Regression on Encrypted Financial Dataset
6.3.2 Logistic Regression on Encrypted MNIST Dataset
6.3.3 Discussion
7 Conclusions
Abstract (in Korean)Docto
A Survey on Homomorphic Encryption Schemes: Theory and Implementation
Legacy encryption systems depend on sharing a key (public or private) among
the peers involved in exchanging an encrypted message. However, this approach
poses privacy concerns. Especially with popular cloud services, the control
over the privacy of the sensitive data is lost. Even when the keys are not
shared, the encrypted material is shared with a third party that does not
necessarily need to access the content. Moreover, untrusted servers, providers,
and cloud operators can keep identifying elements of users long after users end
the relationship with the services. Indeed, Homomorphic Encryption (HE), a
special kind of encryption scheme, can address these concerns as it allows any
third party to operate on the encrypted data without decrypting it in advance.
Although this extremely useful feature of the HE scheme has been known for over
30 years, the first plausible and achievable Fully Homomorphic Encryption (FHE)
scheme, which allows any computable function to perform on the encrypted data,
was introduced by Craig Gentry in 2009. Even though this was a major
achievement, different implementations so far demonstrated that FHE still needs
to be improved significantly to be practical on every platform. First, we
present the basics of HE and the details of the well-known Partially
Homomorphic Encryption (PHE) and Somewhat Homomorphic Encryption (SWHE), which
are important pillars of achieving FHE. Then, the main FHE families, which have
become the base for the other follow-up FHE schemes are presented. Furthermore,
the implementations and recent improvements in Gentry-type FHE schemes are also
surveyed. Finally, further research directions are discussed. This survey is
intended to give a clear knowledge and foundation to researchers and
practitioners interested in knowing, applying, as well as extending the state
of the art HE, PHE, SWHE, and FHE systems.Comment: - Updated. (October 6, 2017) - This paper is an early draft of the
survey that is being submitted to ACM CSUR and has been uploaded to arXiv for
feedback from stakeholder
Towards the AlexNet Moment for Homomorphic Encryption: HCNN, theFirst Homomorphic CNN on Encrypted Data with GPUs
Deep Learning as a Service (DLaaS) stands as a promising solution for
cloud-based inference applications. In this setting, the cloud has a
pre-learned model whereas the user has samples on which she wants to run the
model. The biggest concern with DLaaS is user privacy if the input samples are
sensitive data. We provide here an efficient privacy-preserving system by
employing high-end technologies such as Fully Homomorphic Encryption (FHE),
Convolutional Neural Networks (CNNs) and Graphics Processing Units (GPUs). FHE,
with its widely-known feature of computing on encrypted data, empowers a wide
range of privacy-concerned applications. This comes at high cost as it requires
enormous computing power. In this paper, we show how to accelerate the
performance of running CNNs on encrypted data with GPUs. We evaluated two CNNs
to classify homomorphically the MNIST and CIFAR-10 datasets. Our solution
achieved a sufficient security level (> 80 bit) and reasonable classification
accuracy (99%) and (77.55%) for MNIST and CIFAR-10, respectively. In terms of
latency, we could classify an image in 5.16 seconds and 304.43 seconds for
MNIST and CIFAR-10, respectively. Our system can also classify a batch of
images (> 8,000) without extra overhead
SHE based Non Interactive Privacy Preserving Biometric Authentication Protocols
Being unique and immutable for each person, biometric signals are widely used in access control systems. While biometric recognition appeases concerns about password's theft or loss, at the same time it raises concerns about individual privacy. Central servers store several enrolled biometrics, hence security against theft must be provided during biometric transmission and against those who have access to the database. If a server's database is compromised, other systems using the same biometric templates could also be compromised as well. One solution is to encrypt the stored templates. Nonetheless, when using traditional cryptosystem, data must be decrypted before executing the protocol, leaving the database vulnerable. To overcame this problem and protect both the server and the client, biometrics should be processed while encrypted. This is possible by using secure two-party computation protocols, mainly based on Garbled Circuits (GC) and additive Homomorphic Encryption (HE). Both GC and HE based solutions are efficient yet interactive, meaning that the client takes part in the computation. Instead in this paper we propose a non-interactive protocol for privacy preserving biometric authentication based on a Somewhat Homomorphic Encryption (SHE) scheme, modified to handle integer values, and also suggest a blinding method to protect the system from spoofing attacks. Although our solution is not as efficient as the ones based on GC or HE, the protocol needs no interaction, moving the computation entirely on the server side and leaving only inputs encryption and outputs decryption to the client
A Verifiable Fully Homomorphic Encryption Scheme for Cloud Computing Security
Performing smart computations in a context of cloud computing and big data is
highly appreciated today. Fully homomorphic encryption (FHE) is a smart
category of encryption schemes that allows working with the data in its
encrypted form. It permits us to preserve confidentiality of our sensible data
and to benefit from cloud computing powers. Currently, it has been demonstrated
by many existing schemes that the theory is feasible but the efficiency needs
to be dramatically improved in order to make it usable for real applications.
One subtle difficulty is how to efficiently handle the noise. This paper aims
to introduce an efficient and verifiable FHE based on a new mathematic
structure that is noise free
- โฆ