Multi-dimensional Packing for HEAAN for Approximate Matrix Arithmetics

HEAAN is a homomorphic encryption (HE) scheme for approximate arithmetics. Its vector packing technique proved its potential in cryptographic applications requiring approximate computations, including data analysis and machine learning. In this paper, we propose MHEAAN - a generalization of HEAAN to the case of a tensor structure of plaintext slots. Our design takes advantage of the HEAAN scheme, that the precision losses during the evaluation are limited by the depth of the circuit, and it exceeds no more than one bit compared to unencrypted approximate arithmetics, such as floating point operations. Due to the multi-dimensional structure of plaintext slots along with rotations in various dimensions, MHEAAN is a more natural choice for applications involving matrices and tensors. We provide a concrete two-dimensional construction and show the efficiency of our scheme on several matrix operations, such as matrix multiplication, matrix transposition, and inverse. As an application, we implement the non-interactive Deep Neural Network (DNN) classification algorithm on encrypted data and encrypted model. Due to our efficient bootstrapping, the implementation can be easily extended to DNN structure with an arbitrary number of hidden layer

SHIP: A Shallow and Highly Parallelizable CKKS Bootstrapping Algorithm

The CKKS fully homomorphic encryption scheme enables efficient homomorphic operations in terms of throughput, but its bootstrapping algorithm incurs a significant latency. In this work, we introduce SHIP, a novel bootstrapping algorithm for CKKS ciphertexts. SHIP enjoys a very shallow homomorphic multiplicative depth compared to state-of-the-art CKKS bootstrapping algorithms. Bootstrapping depth directly impacts the required Ring-LWE modulus, and hence the Ring- LWE degree. The massive depth saving allows us to report the first bootstrapping of CKKS ciphertexts for full-dimensional cleartext vectors in ring degree N=2^13, without resorting to an expensive scheme switching to DM/CGGI. SHIP also enjoys great parallelizability, with minimal communication between threads. The combined ring size reduction and high parallelizability lead to very low latency. In ring degree N=2^13, our experimental implementation runs in 215ms on a 32-core CPU for real-valued cleartext vectors. This is 2.5x lower than the smallest latency we could observe with the HEaaN library (using 48 cores). For binary cleartext vectors, the latency is lowered to 174ms, which is 2.2x lower than Bae et al [Eurocrypt’24] (with 32 cores)

FHERMA: Building the Open-Source FHE Components Library for Practical Use

Fully Homomorphic Encryption (FHE) is a powerful Privacy-Enhancing Technology (PET) that enables computations on encrypted data without having access to the secret key. While FHE holds immense potential for enhancing data privacy and security, creating its practical applications is associated with many difficulties. A significant barrier is the absence of easy-to-use, standardized components that developers can utilize as foundational building blocks. Addressing this gap requires constructing a comprehensive library of FHE components, a complex endeavor due to multiple inherent problems. We propose a competition-based approach for building such a library. More concretely, we present FHERMA, a new challenge platform that introduces black-box and white-box challenges, and fully automated evaluation of submitted FHE solutions. The initial challenges on the FHERMA platform are motivated by practical problems in machine learning and blockchain. The winning solutions get integrated into an open-source library of FHE components, which is available to all members of the PETs community under the Apache 2.0 license

On the Security of Homomorphic Encryption on Approximate Numbers

We present passive attacks against CKKS, the homomorphic encryption scheme for arithmetic on approximate numbers presented at Asiacrypt 2017. The attack is both theoretically efficient (running in expected polynomial time) and very practical, leading to complete key recovery with high probability and very modest running times. We implemented and tested the attack against major open source homomorphic encryption libraries, including HEAAN, SEAL, HElib and PALISADE, and when computing several functions that often arise in applications of the CKKS scheme to machine learning on encrypted data, like mean and variance computations, and approximation of logistic and exponential functions using their Maclaurin series. The attack shows that the traditional formulation of IND-CPA security (or indistinguishability against chosen plaintext attacks) achieved by CKKS does not adequately capture security against passive adversaries when applied to approximate encryption schemes, and that a different, stronger definition is required to evaluate the security of such schemes. We provide a solid theoretical basis for the security evaluation of homomorphic encryption on approximate numbers (against passive attacks) by proposing new definitions, that naturally extend the traditional notion of INDCPA security to the approximate computation setting. We propose both indistinguishability-based and simulation-based variants, as well as restricted versions of the definitions that limit the order and number of adversarial queries (as may be enforced by some applications). We prove implications and separations among different definitional variants, and discuss possible modifications to CKKS that may serve as a countermeasure to our attacks

Towards Privacy-Preserving Fingerprint Verification

I kontorlokaler og ved grensekontroller blir autentisering ofte gjennomført ved bruk av fysiske ID-kort eller pass, mens i en digital setting er det som oftest autentisering med brukerdefinerte passord dersom det ikke er et system som krever sterk autentisering. Dessverre er det sårbarheter knyttet til de fleste av disse autentiseringsmetodene. ID-kort og pass innehar en risiko for å bli stjålet eller forfalsket, og passord kan enten bli gjettet eller lekket som resultat av cyberangrep. Fingeravtrykk er foreløpig ikke brukt som autentisering i bruksområder som krever et høyt sikkerhetsnivå, til tross for at det er en av de mest unike karakteristikkene hos mennesker. For å verifisere fingeravtrykket til et subjekt er det ønskelig med en både presis og effektiv fingeravtrykksgjenkjenning. Imidlertid er bruken av fingeravtrykk som autentisering heller ikke risikofritt. En utfordring er personvernsaspektet ved bruk av fingeravtrykk som autentisering i digitale settinger, ettersom det er klassifisert som sensitiv informasjon og ikke bør bli lekket offentlig. Denne masteroppgaven forsøker å lage en fingeravtrykkgjenkjenningsapplikasjon som bevarer personvern uten at det går på bekostning av nøyaktighet. Den foreslåtte løsningen bruker et Fullstendig Homomorft Krypterings (FHE) skjema, som muliggjør å kalkulere på kryptert data. Hensikten med det er å oppnå sikker gjenkjenning av fingeravtrykk. En eksisterende fingeravtrykksgjenkjenningsalgoritme blir brukt som utgangspunkt for den foreslåtte løsningens fingeravtrykksformat og gjenkjenningsalgoritme. Denne masteroppgaven sitt bidrag er en fingeravtrykksgjenkjenningsimplementasjon som opererer i det krypterte domenet, hvor krypterte fingeravtrykksformat blir brukt som inndata. Den er skrevet i C++, og PALISADE, et bibliotek som støtter en rekke FHE skjemaer og operasjoner, gir FHE funksjonaliteten som blir brukt i implementasjonen. Implementasjonen gjør det mulig å samle resultater gjennom eksperimentering, testing, og en rekke kjøringer med ulike fingeravtrykk. Resultatene viser at implementasjonen har samme presisjon i det krypterte domenet og i klartekst. Basert på resultatene blir også implementasjonen diskutert med hensyn til kjøretidsytelse, og en analyse av systemets sikkerhet og personvern blir gjennomført. I den endelige diskusjonen blir avvikene denne implementasjonen har fra den ideelle løsningen presentert, som leder til en konklusjon og en seksjon om forslag til videre arbeid.In offices and border controls, authentication is often verified by physical ID cards or passports, while in a digital setting, authentication is performed using passwords created by the users. Unfortunately, there are vulnerabilities related to most of these authentication methods. ID cards and passports are at risk of being stolen or forged, and passwords could be guessed or leaked as a result of a cyber attack. Fingerprints are currently not used for authentication in use cases that require a high level of security, even though they are one of the unique features of a human being. In order to verify a data subject’s fingerprint, both an accurate and efficient fingerprint comparison algorithm is desired. However, using fingerprints for authentication is not without risk either. A challenge is the privacy aspect of using fingerprints for authentication in a digital setting, as it is regarded as sensitive information and should not be pub- licly exposed. The aim of this master thesis is to implement a fingerprint verification application that is privacy-preserving without compromising on accuracy. The proposed solution uses a Fully Homomorphic Encryption (FHE) scheme, which has the property of computing on encrypted data, to achieve secure verification of fingerprints. An existing fingerprint compar- ison algorithm is used as the basis for the proposed solution’s fingerprint templates and comparison algorithm. This thesis’ contribution is a finger- print verification application operating in the encrypted domain, using encrypted fingerprint templates as input. It is implemented in C++, and PALISADE, a library supporting a range of FHE schemes and operations, provides the FHE capabilities used in the implementation. Having the implementation allows for gathering results through experi- mentation, testing, and several executions with different fingerprints. The results verify that the implementation has the same accuracy in the encrypted domain as in cleartext. Based on the results, the implementation is also discussed regarding runtime performance, and an analysis of the security and privacy of the system is conducted. In this final discussion, this implementation’s deviations from the ideal solution are presented, leading to a conclusion and a section suggesting further work

Secure and Efficient Outsourced Matrix Multiplication with Homomorphic Encryption

Fully Homomorphic Encryption (FHE) is a promising privacy-enhancing technique that enables secure and private data processing on untrusted servers, such as privacy-preserving neural network (NN) evaluations. However, its practical application presents significant challenges. Limitations in how data is stored within homomorphic ciphertexts and restrictions on the types of operations that can be performed create computational bottlenecks. As a result, a growing body of research focuses on optimizing existing evaluation techniques for efficient execution in the homomorphic domain. One key operation in this space is matrix multiplication, which forms the foundation of most neural networks. Several studies have even proposed new FHE schemes specifically to accelerate this operation. The optimization of matrix multiplication is also the primary goal of our work. We leverage the Single Instruction Multiple Data (SIMD) capabilities of FHE to increase data packing and significantly reduce the KeySwitch operation count— an expensive low-level routine in homomorphic encryption. By minimizing KeySwitching, we surpass current state-of-the-art solutions, requiring only a minimal multiplicative depth of two. The best-known complexity for matrix multiplication at this depth is $\mathcal{O}(d)$ for matrices of size $d\times d$. Remarkably, even the leading techniques that require a multiplicative depth of three still incur a KeySwitch complexity of $\mathcal{O}(d)$. In contrast, our method reduces this complexity to $\mathcal{O}(\log{d})$ while maintaining the same level of data packing. Our solution broadly applies to all FHE schemes supporting Single Instruction Multiple Data (SIMD) operations. We further generalize the technique in two directions: allowing arbitrary packing availability and extending it to rectangular matrices. This versatile approach offers significant improvements in matrix multiplication performance and enables faster evaluation of privacy-preserving neural network applications

Speech Command Recognition on Encrypted Data

This thesis examines the use of fully homomorphic encryption (FHE) schemes, specifically the CKKS and TFHE schemes, in combination with machine learning models for speech command recognition. Advancements in machine learning and artificial intelligence has put concerns over data protection at the forefront. This thesis aims to investigate FHE as a way to securely process speech data. Speech recognition is approached as an image classification problem on spectrograms using Convolutional Neural Networks (CNN). CNN models using TFHE or CKKS are implemented using leading cryptographic libraries, and then benchmarked and compared with each other. The results show that currently available libraries for CKKS and TFHE can be used for encrypted inference, but that runtime and memory usage remains too high to be practical. The model with the highest accuracy used the TFHE scheme, with an accuracy of 89.6%, an average inference time of 470 seconds for one sample, and a memory usage of 5.9 GB. A model using CKKS with a similar accuracy of 87.6% had an average inference time of 155 seconds, but also a memory usage of 22.7 GB. The CKKS scheme seems to be more suitable due to its faster inference time. Conversely, the TFHE library offer better machine learning function- ality and compatibility with existing machine learning frameworks. These factors might come to play a more important role in the coming years. Ad- ditionally, the experiments demonstrate that the FHE schemes can be used on consumer hardware by those without cryptographic expertise, and is therefore available for exploration on other machine learning problems.Masteroppgave i informatikkINF399MAMN-INFMAMN-PRO

Towards Efficient Privacy-Preserving Machine Learning: A Systematic Review from Protocol, Model, and System Perspectives

Privacy-preserving machine learning (PPML) based on cryptographic protocols has emerged as a promising paradigm to protect user data privacy in cloud-based machine learning services. While it achieves formal privacy protection, PPML often incurs significant efficiency and scalability costs due to orders of magnitude overhead compared to the plaintext counterpart. Therefore, there has been a considerable focus on mitigating the efficiency gap for PPML. In this survey, we provide a comprehensive and systematic review of recent PPML studies with a focus on cross-level optimizations. Specifically, we categorize existing papers into protocol level, model level, and system level, and review progress at each level. We also provide qualitative and quantitative comparisons of existing works with technical insights, based on which we discuss future research directions and highlight the necessity of integrating optimizations across protocol, model, and system levels. We hope this survey can provide an overarching understanding of existing approaches and potentially inspire future breakthroughs in the PPML field. As the field is evolving fast, we also provide a public GitHub repository to continuously track the developments, which is available at https://github.com/PKU-SEC-Lab/Awesome-PPML-Papers

Improved Matrix Inversion with Packed Ciphertexts using Fully Homomorphic Encryption

Matrix inversion is a fundamental operation, but performing it over encrypted matrices remains a significant challenge. This is mainly due to the fact that conventional inversion algorithms—such as Gaussian elimination—depend heavily on comparison and division operations, which are computationally expensive to perform under homomorphic encryption. To mitigate this, Ahn et al. (ESORICS 2023) introduced an inversion method based on iterative matrix multiplications. However, their approach encrypts matrices entry-wise, leading to poor scalability. A key limitation of prior work stems from the absence of an efficient matrix multiplication technique for matrix-packed ciphertexts, particularly one with low multiplicative depth. In this paper, we present a novel homomorphic matrix multiplication algorithm optimized for matrix-packed ciphertexts, requiring only a multiplicative depth of two. Building on this foundation, we propose an efficient algorithm for homomorphic matrix inversion. Experimental results show that our method outperforms the state-of-the-art: for $8\times 8$ matrices, it achieves a $6.8\times$ speedup over the method by Ahn et al., and enables inversion of larger matrices that were previously infeasible. We further compare our homomorphic matrix multiplication technique against existing matrix-packed homomorphic matrix multiplication algorithms. When used for iterative inversion, our method consistently outperforms prior approaches. In particular, for $16\times 16$ and $32\times 32$ matrices, it achieves $1.88\times$ and $1.43\times$ speedups, respectively, over the algorithm by Aikata and Roy. Finally, we demonstrate the practical benefits of our method by applying it to privacy-preserving linear regression. For a dataset of $64$ samples with $8$ features, our approach achieves a $1.13\times$ speedup in training time compared to the state-of-the-art homomorphic matrix inversion solution

Generalized BGV, BFV, and CKKS for Homomorphic Encryption over Matrix Rings

Some of the most valuable applications of homomorphic encryption, such as encrypted machine learning inference, require efficient large-scale plaintext-ciphertext and ciphertext-ciphertext matrix multiplications. Current state-of-the-art techniques for matrix multiplications all build on the ability to pack many ciphertexts into a ciphertext and compute on them in a Single Instruction, Multiple Data (SIMD) manner. However, to fit the operation of matrix multiplication into this computational model, a large number of additional costly operations need to be performed, such as the rotation of elements between the plaintext slots. In this work, we propose an orthogonal approach to performing encrypted matrix operations with BGV-like encryption schemes, where the plaintext and ciphertext spaces are generalized to a matrix ring of arbitrary dimension. To deal with the inherent problem of noncommutativity in the case of matrix rings, we present a new superoperator technique to better represent linear and quadratic expressions in the secret key, which allows for the relinearization of ciphertexts after multiplication. The security of the modified encryption schemes is based on Module-LWE with module rank equal to the dimension of the matrices. With this construction, we demonstrate that Ring-LWE, Module-LWE, and LWE are potentially equally efficient for homomorphic encryption, both in terms of useful information density and noise growth, only for different sizes of matrices