2,181 research outputs found
Fully Homomorphic Encryption with k-bit Arithmetic Operations
We present a fully homomorphic encryption scheme continuing the line of works
of Ducas and Micciancio (2015, [DM15]), Chillotti et al. (2016, [CGGI16a]; 2017,
[CGGI17]; 2018, [CGGI18a]), and Gao (2018,[Gao18]). Ducas and Micciancio (2015)
show that homomorphic computation of one bit operation on LWE ciphers can be done
in less than a second, which is then reduced by Chillotti et al. (2016, 2017, 2018) to
13ms. According to Chillotti et al. (2018, [CGGI18b]), the cipher expansion for TFHE
is still 8000. The ciphertext expansion problem was greatly reduced by Gao (2018) to
6 with private-key encryption and 20 for public key encryption. The bootstrapping in
Gao (2018) is only done one bit at a time, and the bootstrapping design matches the
previous two works in efficiency.
Our contribution is to present a fully homomorphic encryption scheme based on
these preceding schemes that generalizes the Gao (2018) scheme to perform operations
on k-bit encrypted data and also removes the need for the Independence Heuristic of
the Chillotti et al. papers. The amortized cost of computing k-bits at a time improves
the efficiency. Operations supported include addition and multiplication modulo ,
addition and multiplication in the integers as well as exponentiation, field inversion
and the machine learning activation function RELU. The ciphertext expansion factor
is also further improved, for our scheme achieves a ciphertext expansion factor of
2.5 under secret key and 6.5 under public key. Asymptotically as k increases, our scheme
achieves the optimal ciphertext expansion factor of 1 under private key encryption and
2 under public key encryption. We also introduces techniques for reducing the size of
the bootstrapping key.
Keywords. FHE, lattices, learning with errors (LWE), ring learning with errors
(RLWE), TFHE, data security, RELU, machine learnin
Towards the AlexNet Moment for Homomorphic Encryption: HCNN, theFirst Homomorphic CNN on Encrypted Data with GPUs
Deep Learning as a Service (DLaaS) stands as a promising solution for
cloud-based inference applications. In this setting, the cloud has a
pre-learned model whereas the user has samples on which she wants to run the
model. The biggest concern with DLaaS is user privacy if the input samples are
sensitive data. We provide here an efficient privacy-preserving system by
employing high-end technologies such as Fully Homomorphic Encryption (FHE),
Convolutional Neural Networks (CNNs) and Graphics Processing Units (GPUs). FHE,
with its widely-known feature of computing on encrypted data, empowers a wide
range of privacy-concerned applications. This comes at high cost as it requires
enormous computing power. In this paper, we show how to accelerate the
performance of running CNNs on encrypted data with GPUs. We evaluated two CNNs
to classify homomorphically the MNIST and CIFAR-10 datasets. Our solution
achieved a sufficient security level (> 80 bit) and reasonable classification
accuracy (99%) and (77.55%) for MNIST and CIFAR-10, respectively. In terms of
latency, we could classify an image in 5.16 seconds and 304.43 seconds for
MNIST and CIFAR-10, respectively. Our system can also classify a batch of
images (> 8,000) without extra overhead
A First Practical Fully Homomorphic Crypto-Processor Design: The Secret Computer is Nearly Here
Following a sequence of hardware designs for a fully homomorphic
crypto-processor - a general purpose processor that natively runs encrypted
machine code on encrypted data in registers and memory, resulting in encrypted
machine states - proposed by the authors in 2014, we discuss a working
prototype of the first of those, a so-called `pseudo-homomorphic' design. This
processor is in principle safe against physical or software-based attacks by
the owner/operator of the processor on user processes running in it. The
processor is intended as a more secure option for those emerging computing
paradigms that require trust to be placed in computations carried out in remote
locations or overseen by untrusted operators.
The prototype has a single-pipeline superscalar architecture that runs
OpenRISC standard machine code in two distinct modes. The processor runs in the
encrypted mode (the unprivileged, `user' mode, with a long pipeline) at 60-70%
of the speed in the unencrypted mode (the privileged, `supervisor' mode, with a
short pipeline), emitting a completed encrypted instruction every 1.67-1.8
cycles on average in real trials.Comment: 6 pages, draf
- …