DOCSLIB.ORG

Sok: Fully Homomorphic Encryption Compilers

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Sok: Fully Homomorphic Encryption Compilers SoK: Fully Homomorphic Encryption Compilers Alexander Viand Patrick Jattke Anwar Hithnawi ETH Zurich ETH Zurich ETH Zurich [email protected] [email protected] [email protected] Abstract—Fully Homomorphic Encryption (FHE) allows a seven orders of magnitude slower than an IMUL instruction third party to perform arbitrary computations on encrypted on a modern CPU, it is sufficient to make many applications data, learning neither the inputs nor the computation results. practical. Additionally, modern schemes introduced SIMD- Hence, it provides resilience in situations where computations are carried out by an untrusted or potentially compromised party. style parallelism, encoding thousands of plaintext values into This powerful concept was first conceived by Rivest et al. in a single ciphertext to further improve throughput [12]. the 1970s. However, it remained unrealized until Craig Gentry These advances have enabled a wide range of applications presented the first feasible FHE scheme in 2009. covering a wide range of domains. These include mobile The advent of the massive collection of sensitive data in cloud applications, where FHE has been used to encrypt the back services, coupled with a plague of data breaches, moved highly regulated businesses to increasingly demand confidential and end of a privacy-preserving fitness app [13], while continuing secure computing solutions. This demand, in turn, has led to a to provide a real-time experience. In the medical domain, recent surge in the development of FHE tools. To understand FHE has been used to enable privacy-preserving genome the landscape of recent FHE tool developments, we conduct analysis [14] applications over large datasets. More generally, an extensive survey and experimental evaluation to explore the FHE has been used to solve various well-known problems current state of the art and identify areas for future development. like Private Set Intersection (PSI) [15], outperforming previous In this paper, we survey, evaluate, and systematize FHE tools and compilers. We perform experiments to evaluate these tools’ solutions by 2× in running time. In the domain of machine performance and usability aspects on a variety of applications. learning, FHE has been used for tasks ranging from linear and We conclude with recommendations for developers intending logistic regression [16] to Encrypted Neural Network infer- to develop FHE-based applications and a discussion on future ence [17], which can be used to run privacy-preserving ML-as- directions for FHE tools development. a-Service applications, for example, for private phishing email detection [18]. As a consequence, there has been increasing I. INTRODUCTION interest in FHE-based secure computation solutions [3]–[9]. Recent years have seen unprecedented growth in the adop- Gartner projects [19] that “by 2025, at least 20% of companies tion of cloud computing services. More and more highly reg- will have a budget for projects that include fully homomorphic ulated businesses and organizations (e.g., banks, governments, encryption.” insurances, health), where data security is paramount, move Despite these recent breakthroughs, building secure and their data and services to the cloud. This trend has led to efficient FHE-based applications remains a challenging task. a surge in demand for secure and confidential computing This is largely attributed to the differences between traditional solutions that protect data confidentiality while in transit, rest, programming paradigms and FHE’s computation model, which and in-use. This is an amply justified and expected demand, poses unique challenges. For example, virtually all standard particularly in the light of the numerous reports of data programming paradigms rely on data-dependent branching, breaches [1], [2]. Fully Homomorphic Encryption (FHE) is e.g., if/else statements and loops. On the other hand, FHE a key technological enabler for secure computation and has computations are, by definition, data-independent, or they arXiv:2101.07078v1 [cs.CR] 18 Jan 2021 recently matured to be practical for real-world use [3]–[9]. would violate the privacy guarantees. Working with FHE FHE allows arbitrary computations to be performed over also introduces significant engineering challenges in practice. encrypted data, eliminating the need to decrypt the data and Different schemes offer varying performance tradeoffs, and expose it to potential risk while in use. While first proposed optimal choices are heavily application-dependent. To address in the 1970s [10], FHE was long considered impossible or some of the engineering challenges in this space, we have seen impractical. However, thanks to advances in the underlying a surge of work on tools that aim to improve accessibility and theory, general hardware improvements, and more efficient reduce barriers to entry in this field. implementations, it has become increasingly practical. In Without tool support, realizing FHE-based computations by 2009, breakthrough work from Craig Gentry proposed the implementing the required mathematical operations directly or first feasible FHE scheme [11]. In the last decade, FHE has using an arbitrary-precision arithmetic library is complex, re- gone from a theoretical concept to reality, with performance quiring considerable expertise in both cryptography and high- improving by up to five orders of magnitude. For example, performance numerical computation. Therefore, FHE libraries times for a multiplication between ciphertexts dropped from 30 like the Simple Encrypted Arithmetic Library (SEAL) [20] minutes to less than 20 milliseconds. While this is still around or the Fast Fully Homomorphic Encryption Library over the 1 FHE ALCHEMY Cingulata EVA nGraph-HE SEALion Therefore, this paper aims to fill in this knowledge gap Compilers CHET E3 Marble RAMPARTS by studying and surveying the current state-of-the-art of FHE FHE concrete FHEW HEAAN lattigo PALISADE TFHE Libraries cuFHE FV-NFLib HElib nuFHE SEAL use tools. More concretely, this survey has two objectives: First, to Maths & ABC FLINT GMP MPFR NFLib OpenMP assist developers looking to develop FHE-based applications Other Libs. Boost FFTW Λ ○ λ MPIR NTL … use in selecting a suitable approach and, second, to provide the Figure 1: Overview of the FHE tool space. community with valuable insights on both successes and remaining issues in this space. Towards this goal, we conduct an extensive survey of Torus (TFHE) [21] implement the underlying cryptographic existing tools and highlight their features and characteristics. operations and expose a higher-level API. In addition to key Subsequently, we consider these tools in practice by experi- generation, encryption, and decryption, these APIs also expose mentally evaluating them across a range of case study applica- at least homomorphic addition and multiplication. tions, contrasting usability, expressiveness, and performance. In practice, however, library APIs often include dozens In our experimental evaluation, we consider a selection of additional functionalities for ciphertext maintenance and of tools in more detail and provide an in-depth analysis of manipulation. Since schemes vary in features, these APIs their usability and expressiveness in practice. We implement differ significantly not just in their implementation but also and benchmark three case-study applications that represent conceptually. Efforts are being made to standardize APIs different domains of FHE-based computation. Our benchmarks for FHE schemes [22] and, simultaneously, there are first allow us to study not only the overall performance of FHE for steps towards interoperability via wrappers around existing these applications across tools but also the relative strengths libraries [23]. However, achieving competitive performance of different tools compared to each other. frequently still requires working with libraries directly. Along with this paper, we provide an online repository1 While FHE libraries make the process of writing FHE-based that includes Docker images for all the tools we evaluate, applications substantially more efficient, they still require sig- our automated benchmarking framework, and the example nificant expertise and understanding of the underlying scheme applications. Additionally, it includes further benchmarks and since they remain relatively low-level cryptographic libraries. tool descriptions that we could not include in this paper due Therefore, recent years have seen the development of higher- to space limitations. level tools, frequently known as FHE compilers, that aim to We conclude our paper with a discussion of the current state translate standard programs into FHE-based implementations. of FHE and FHE tools. We discuss applications for which FHE These tools focus on making FHE accessible to non-experts is likely practical today and show gaps between state-of-the-art by improving usability and increasingly offering advanced results and what non-expert users can realistically implement. optimizations previously accessible only to experts. Compilers Based on the insights gained through our study, we highlight generally rely on FHE libraries to realize the actual en- successes in the FHE tool space and identify gaps that remain /decryption and homomorphic computation. FHE libraries, in to be addressed. Finally, we discuss a possible road map for turn, frequently employ existing libraries for fast numerical the next generation of FHE tools. computations, parallelization, or other non-FHE-specific fea- tures. Figure
Load more

Recommended publications
  • A Survey Report on Partially Homomorphic Encryption Techniques in Cloud Computing
    International Journal of Engineering Research & Technology (IJERT) ISSN: 2278-0181 Vol. 2 Issue 12, December - 2013 A Survey Report On Partially Homomorphic Encryption Techniques In Cloud Computing 1. S. Ramachandram 2. R.Sridevi 3. P. Srivani 1. Professor &Vice Principal, Oucollege Of Engineering,Dept Of Cse,Hyd 2. Associate Professor, Jntuh, Dept Of Cse,Hyd 3. Research Scholar & Asso.Prof., Det Of Cse, Hitam, Hyd Abstract: Homomorphic encryption is a used to create secure voting systems, form of encryption which allows specific collision-resistant hash functions, private types of computations to be carried out on information retrieval schemes and enable cipher text and obtain an encrypted result widespread use of cloud computing by which decrypted matches the result of ensuring the confidentiality of processed operations performed on the plaintext. As data. cloud computing provides different services, homomorphic encryption techniques can be There are several efficient, partially used to achieve security. In this paper , We homomorphic cryptosystems. Although a presented the partially homomorphic cryptosystem which is unintentionally encryption techniques. homomorphic can be subject to attacks on this basis, if treated carefully, Keywords: Homomorphic, ElGamal, Pailler, homomorphism can also be used to perform RSA, Goldwasser–Micali , Benaloh, computations securely. Section 2 describes Okamoto Uchiyama cryptosystemIJERT, IJERTabout the partially homomorphic encryption Naccache–Stern cryptosystem, RNS. techniques. 2. Partially Homomorphic Encryption Techniques 1. INTRODUCTION RSA Security is a desirable feature in modern system architectures. Homomorphic In cryptography, RSA[1] is an asymmetric encryption would allow the chaining encryption system. If the RSA public key is together of different services without modulus and exponent , then the exposing the data to each of those services.
    [Show full text]
  • ARTIFICIAL INTELLIGENCE and ALGORITHMIC LIABILITY a Technology and Risk Engineering Perspective from Zurich Insurance Group and Microsoft Corp
    White Paper ARTIFICIAL INTELLIGENCE AND ALGORITHMIC LIABILITY A technology and risk engineering perspective from Zurich Insurance Group and Microsoft Corp. July 2021 TABLE OF CONTENTS 1. Executive summary 03 This paper introduces the growing notion of AI algorithmic 2. Introduction 05 risk, explores the drivers and A. What is algorithmic risk and why is it so complex? ‘Because the computer says so!’ 05 B. Microsoft and Zurich: Market-leading Cyber Security and Risk Expertise 06 implications of algorithmic liability, and provides practical 3. Algorithmic risk : Intended or not, AI can foster discrimination 07 guidance as to the successful A. Creating bias through intended negative externalities 07 B. Bias as a result of unintended negative externalities 07 mitigation of such risk to enable the ethical and responsible use of 4. Data and design flaws as key triggers of algorithmic liability 08 AI. A. Model input phase 08 B. Model design and development phase 09 C. Model operation and output phase 10 Authors: D. Potential complications can cloud liability, make remedies difficult 11 Zurich Insurance Group 5. How to determine algorithmic liability? 13 Elisabeth Bechtold A. General legal approaches: Caution in a fast-changing field 13 Rui Manuel Melo Da Silva Ferreira B. Challenges and limitations of existing legal approaches 14 C. AI-specific best practice standards and emerging regulation 15 D. New approaches to tackle algorithmic liability risk? 17 Microsoft Corp. Rachel Azafrani 6. Principles and tools to manage algorithmic liability risk 18 A. Tools and methodologies for responsible AI and data usage 18 Christian Bucher B. Governance and principles for responsible AI and data usage 20 Franziska-Juliette Klebôn C.
    [Show full text]
  • Practical Homomorphic Encryption and Cryptanalysis
    Practical Homomorphic Encryption and Cryptanalysis Dissertation zur Erlangung des Doktorgrades der Naturwissenschaften (Dr. rer. nat.) an der Fakult¨atf¨urMathematik der Ruhr-Universit¨atBochum vorgelegt von Dipl. Ing. Matthias Minihold unter der Betreuung von Prof. Dr. Alexander May Bochum April 2019 First reviewer: Prof. Dr. Alexander May Second reviewer: Prof. Dr. Gregor Leander Date of oral examination (Defense): 3rd May 2019 Author's declaration The work presented in this thesis is the result of original research carried out by the candidate, partly in collaboration with others, whilst enrolled in and carried out in accordance with the requirements of the Department of Mathematics at Ruhr-University Bochum as a candidate for the degree of doctor rerum naturalium (Dr. rer. nat.). Except where indicated by reference in the text, the work is the candidates own work and has not been submitted for any other degree or award in any other university or educational establishment. Views expressed in this dissertation are those of the author. Place, Date Signature Chapter 1 Abstract My thesis on Practical Homomorphic Encryption and Cryptanalysis, is dedicated to efficient homomor- phic constructions, underlying primitives, and their practical security vetted by cryptanalytic methods. The wide-spread RSA cryptosystem serves as an early (partially) homomorphic example of a public- key encryption scheme, whose security reduction leads to problems believed to be have lower solution- complexity on average than nowadays fully homomorphic encryption schemes are based on. The reader goes on a journey towards designing a practical fully homomorphic encryption scheme, and one exemplary application of growing importance: privacy-preserving use of machine learning.
    [Show full text]
  • Information Guide
    INFORMATION GUIDE 7 ALL-PRO 7 NFL MVP LAMAR JACKSON 2018 - 1ST ROUND (32ND PICK) RONNIE STANLEY 2016 - 1ST ROUND (6TH PICK) 2020 BALTIMORE DRAFT PICKS FIRST 28TH SECOND 55TH (VIA ATL.) SECOND 60TH THIRD 92ND THIRD 106TH (COMP) FOURTH 129TH (VIA NE) FOURTH 143RD (COMP) 7 ALL-PRO MARLON HUMPHREY FIFTH 170TH (VIA MIN.) SEVENTH 225TH (VIA NYJ) 2017 - 1ST ROUND (16TH PICK) 2020 RAVENS DRAFT GUIDE “[The Draft] is the lifeblood of this Ozzie Newsome organization, and we take it very Executive Vice President seriously. We try to make it a science, 25th Season w/ Ravens we really do. But in the end, it’s probably more of an art than a science. There’s a lot of nuance involved. It’s Joe Hortiz a big-picture thing. It’s a lot of bits and Director of Player Personnel pieces of information. It’s gut instinct. 23rd Season w/ Ravens It’s experience, which I think is really, really important.” Eric DeCosta George Kokinis Executive VP & General Manager Director of Player Personnel 25th Season w/ Ravens, 2nd as EVP/GM 24th Season w/ Ravens Pat Moriarty Brandon Berning Bobby Vega “Q” Attenoukon Sarah Mallepalle Sr. VP of Football Operations MW/SW Area Scout East Area Scout Player Personnel Assistant Player Personnel Analyst Vincent Newsome David Blackburn Kevin Weidl Patrick McDonough Derrick Yam Sr. Player Personnel Exec. West Area Scout SE/SW Area Scout Player Personnel Assistant Quantitative Analyst Nick Matteo Joey Cleary Corey Frazier Chas Stallard Director of Football Admin. Northeast Area Scout Pro Scout Player Personnel Assistant David McDonald Dwaune Jones Patrick Williams Jenn Werner Dir.
    [Show full text]
  • Decentralized Evaluation of Quadratic Polynomials on Encrypted Data
    This paper is a slight variant of the Extended Abstract that appears in the Proceedings of the 22nd Information Security Conference, ISC 2019 (September 16–18, New-York, USA) Springer-Verlag, LNCS ?????, pages ???–???. Decentralized Evaluation of Quadratic Polynomials on Encrypted Data Chloé Hébant1,2, Duong Hieu Phan3, and David Pointcheval1,2 1 DIENS, École normale supérieure, CNRS, PSL University, Paris, France 2 INRIA, Paris, France 3 Université de Limoges, France Abstract Since the seminal paper on Fully Homomorphic Encryption (FHE) by Gentry in 2009, a lot of work and improvements have been proposed, with an amazing number of possible applications. It allows outsourcing any kind of computations on encrypted data, and thus without leaking any information to the provider who performs the computations. This is quite useful for many sensitive data (finance, medical, etc.). Unfortunately, FHE fails at providing some computation on private inputs to a third party, in cleartext: the user that can decrypt the result is able to decrypt the inputs. A classical approach to allow limited decryption power is distributed decryption. But none of the actual FHE schemes allows distributed decryption, at least with an efficient protocol. In this paper, we revisit the Boneh-Goh-Nissim (BGN) cryptosystem, and the Freeman’s variant, that allow evaluation of quadratic polynomials, or any 2-DNF formula. Whereas the BGN scheme relies on integer factoring for the trapdoor in the composite-order group, and thus possesses one public/secret key only, the Freeman’s scheme can handle multiple users with one general setup that just needs to define a pairing-based algebraic structure.
    [Show full text]
  • Homomorphic Encryption Library
    Ludwig-Maximilians-Universit¨at Munchen¨ Prof. Dr. D. Kranzlmuller,¨ Dr. N. gentschen Felde Data Science & Ethics { Microsoft SEAL { Exercise 1: Library for Matrix Operations Microsoft's Simple Encrypted Arithmetic Library (SEAL)1 is a publicly available homomorphic encryption library. It can be found and downloaded at http://sealcrypto.codeplex.com/. Implement a library 13b MS-SEAL.h supporting matrix operations using homomorphic encryption on basis of the MS SEAL. due date: 01.07.2018 (EOB) no. of students: 2 deliverables: 1. Implemenatation (including source code(s)) 2. Documentation (max. 10 pages) 3. Presentation (10 { max. 15 minutes) 13b MS-SEAL.h #i n c l u d e <f l o a t . h> #i n c l u d e <s t d b o o l . h> typedef struct f double ∗ e n t r i e s ; unsigned int width; unsigned int height; g matrix ; /∗ Initialize new matrix: − reserve memory only ∗/ matrix initMatrix(unsigned int width, unsigned int height); /∗ Initialize new matrix: − reserve memory − set any value to 0 ∗/ matrix initMatrixZero(unsigned int width, unsigned int height); /∗ Initialize new matrix: − reserve memory − set any value to random number ∗/ matrix initMatrixRand(unsigned int width, unsigned int height); 1https://www.microsoft.com/en-us/research/publication/simple-encrypted-arithmetic-library-seal-v2-0/# 1 /∗ copy a matrix and return its copy ∗/ matrix copyMatrix(matrix toCopy); /∗ destroy matrix − f r e e memory − set any remaining value to NULL ∗/ void freeMatrix(matrix toDestroy); /∗ return entry at position (xPos, yPos), DBL MAX in case of error
    [Show full text]
  • Arxiv:2102.00319V1 [Cs.CR] 30 Jan 2021
    Efficient CNN Building Blocks for Encrypted Data Nayna Jain1,4, Karthik Nandakumar2, Nalini Ratha3, Sharath Pankanti5, Uttam Kumar 1 1 Center for Data Sciences, International Institute of Information Technology, Bangalore 2 Mohamed Bin Zayed University of Artificial Intelligence 3 University at Buffalo, SUNY 4 IBM Systems 5 Microsoft [email protected], [email protected], [email protected]/[email protected], [email protected], [email protected] Abstract Model Owner Model Architecture 푴 Machine learning on encrypted data can address the concerns Homomorphically Encrypted Model Model Parameters 퐸(휽) related to privacy and legality of sharing sensitive data with Encryption untrustworthy service providers, while leveraging their re- Parameters 휽 sources to facilitate extraction of valuable insights from oth- End-User Public Key Homomorphically Encrypted Cloud erwise non-shareable data. Fully Homomorphic Encryption Test Data {퐸(퐱 )}푇 Test Data 푖 푖=1 FHE Computations Service 푇 Encryption (FHE) is a promising technique to enable machine learning {퐱푖}푖=1 퐸 y푖 = 푴(퐸 x푖 , 퐸(휽)) Provider and inferencing while providing strict guarantees against in- Inference 푇 Decryption formation leakage. Since deep convolutional neural networks {푦푖}푖=1 Homomorphically Encrypted Inference Results {퐸(y )}푇 (CNNs) have become the machine learning tool of choice Private Key 푖 푖=1 in several applications, several attempts have been made to harness CNNs to extract insights from encrypted data. How- ever, existing works focus only on ensuring data security Figure 1: In a conventional Machine Learning as a Ser- and ignore security of model parameters. They also report vice (MLaaS) scenario, both the data and model parameters high level implementations without providing rigorous anal- are unencrypted.
    [Show full text]
  • Fundamentals of Fully Homomorphic Encryption – a Survey
    Electronic Colloquium on Computational Complexity, Report No. 125 (2018) Fundamentals of Fully Homomorphic Encryption { A Survey Zvika Brakerski∗ Abstract A homomorphic encryption scheme is one that allows computing on encrypted data without decrypting it first. In fully homomorphic encryption it is possible to apply any efficiently com- putable function to encrypted data. We provide a survey on the origins, definitions, properties, constructions and uses of fully homomorphic encryption. 1 Homomorphic Encryption: Good, Bad or Ugly? In the seminal RSA cryptosystem [RSA78], the public key consists of a product of two primes ∗ N = p · q as well as an integer e, and the message space is the set of elements in ZN . Encrypting a message m involved simply raising it to the power e and taking the result modulo N, i.e. c = me (mod N). For the purpose of the current discussion we ignore the decryption process. It is not hard to see that the product of two ciphertexts c1 and c2 encrypting messages m1 and m2 allows e to compute the value c1 · c2 (mod N) = (m1m2) (mod N), i.e. to compute an encryption of m1 · m2 without knowledge of the secret private key. Rabin's cryptosystem [Rab79] exhibited similar behavior, where a product of ciphertexts corresponded to an encryption of their respective plaintexts. This behavior can be expressed in formal terms by saying that the ciphertext space and the plaintext space are homomorphic (multiplicative) groups. The decryption process defines the homomorphism by mapping a ciphertext to its image plaintext. Rivest, Adleman and Dertouzos [RAD78] realized the potential advantage of this property.
    [Show full text]
  • Homomorphic Encryption Applied to the Cloud Computing Security
    Proceedings of the World Congress on Engineering 2012 Vol I WCE 2012, July 4 - 6, 2012, London, U.K. Homomorphic Encryption Applied to the Cloud Computing Security Maha TEBAA, Saïd EL HAJJI, Abdellatif EL GHAZI Abstract—Cloud computing security challenges and it’s also In Section II, we are introducing the concept of Cloud an issue to many researchers; first priority was to focus on Computing and the necessity to adopt Homomorphic security which is the biggest concern of organizations that are Encryption to secure the calculation of data hosted by the considering a move to the cloud. The advantages of cloud Cloud provider. In section III, we’ll define Homomorphic computing include reduced costs, easy maintenance and re- provisioning of resources, and thereby increased profits. But Encryption and we’ll illustrate some examples of existing the adoption and the passage to the Cloud Computing applies Homomorphic cryptosystems. In section IV, we’ll present only if the security is ensured. How to guaranty a better data our scheme and our implementation. The conclusion and security and also how can we keep the client private perspectives will be mentioned in section V. information confidential? There are two major questions that present a challenge to Cloud Computing providers. When the data transferred to the Cloud we use standard encryption methods to secure the operations and the storage of II. Cloud computing the data. But to process data located on a remote server, the Definition [1]: By cloud computing we mean: The Cloud providers need to access the raw data. In this paper we Information Technology (IT) model for computing, which is are proposing an application of a method to execute operations composed of all the IT components (hardware, software, on encrypted data without decrypting them which will provide networking, and services) that are necessary to enable us with the same results after calculations as if we have worked development and delivery of cloud services via the Internet directly on the raw data.
    [Show full text]
  • Multicast Routing Over Computer Networks: Secure Performance Designs
    Digital Forensics in the Cloud: Encrypted Data Evidence Tracking ZHUANG TIAN, BSc (Hons) a thesis submitted to the graduate faculty of design and creative technologies Auckland University of Technology in partial fulfilment of the requirements for the degree of Master of Forensic Information Technology School of Computer and Mathematical Sciences Auckland, New Zealand 2014 ii Declaration I hereby declare that this submission is my own work and that, to the best of my knowledge and belief, it contains no material previously published or written by another person nor material which to a substantial extent has been accepted for the qualification of any other degree or diploma of a University or other institution of higher learning, except where due acknowledgement is made in the acknowledgements. ........................... Zhuang Tian iii Acknowledgements This thesis was completed at the Faculty of Design and Creative Technologies in the school of Computing and Mathematical Sciences at Auckland University of Technology, New Zealand. While conducting the research project I received support from many people in one way or another, without whose support, this thesis would not have been completed in its present form. It is my pleasure to take this opportunity to thank all of you, without the intention or possibility to be complete. I would like to apologize to those who I did not mention by name here; however, I highly value your kind support. Firstly, I would like to deeply thank my thesis supervisor Prof. Brian Cusack for the exceptional support given during the thesis project. He provided me with the freedom to explore research directions and to choose the routes that I wanted to investigate.
    [Show full text]
  • MP2ML: a Mixed-Protocol Machine Learning Framework for Private Inference∗ (Full Version)
    MP2ML: A Mixed-Protocol Machine Learning Framework for Private Inference∗ (Full Version) Fabian Boemer Rosario Cammarota Daniel Demmler [email protected] [email protected] [email protected] Intel AI Intel Labs hamburg.de San Diego, California, USA San Diego, California, USA University of Hamburg Hamburg, Germany Thomas Schneider Hossein Yalame [email protected] [email protected] darmstadt.de TU Darmstadt TU Darmstadt Darmstadt, Germany Darmstadt, Germany ABSTRACT 1 INTRODUCTION Privacy-preserving machine learning (PPML) has many applica- Several practical services have emerged that use machine learn- tions, from medical image evaluation and anomaly detection to ing (ML) algorithms to categorize and classify large amounts of financial analysis. nGraph-HE (Boemer et al., Computing Fron- sensitive data ranging from medical diagnosis to financial eval- tiers’19) enables data scientists to perform private inference of deep uation [14, 66]. However, to benefit from these services, current learning (DL) models trained using popular frameworks such as solutions require disclosing private data, such as biometric, financial TensorFlow. nGraph-HE computes linear layers using the CKKS ho- or location information. momorphic encryption (HE) scheme (Cheon et al., ASIACRYPT’17), As a result, there is an inherent contradiction between utility and relies on a client-aided model to compute non-polynomial acti- and privacy: ML requires data to operate, while privacy necessitates vation functions, such as MaxPool and ReLU, where intermediate keeping sensitive information private [70]. Therefore, one of the feature maps are sent to the data owner to compute activation func- most important challenges in using ML services is helping data tions in the clear.
    [Show full text]
  • A Fully Homomorphic Encryption Scheme
    A FULLY HOMOMORPHIC ENCRYPTION SCHEME A DISSERTATION SUBMITTED TO THE DEPARTMENT OF COMPUTER SCIENCE AND THE COMMITTEE ON GRADUATE STUDIES OF STANFORD UNIVERSITY IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY Craig Gentry September 2009 °c Copyright by Craig Gentry 2009 All Rights Reserved ii I certify that I have read this dissertation and that, in my opinion, it is fully adequate in scope and quality as a dissertation for the degree of Doctor of Philosophy. (Dan Boneh) Principal Adviser I certify that I have read this dissertation and that, in my opinion, it is fully adequate in scope and quality as a dissertation for the degree of Doctor of Philosophy. (John Mitchell) I certify that I have read this dissertation and that, in my opinion, it is fully adequate in scope and quality as a dissertation for the degree of Doctor of Philosophy. (Serge Plotkin) Approved for the University Committee on Graduate Studies. iii Abstract We propose the ¯rst fully homomorphic encryption scheme, solving a central open problem in cryptography. Such a scheme allows one to compute arbitrary functions over encrypted data without the decryption key { i.e., given encryptions E(m1);:::;E(mt) of m1; : : : ; mt, one can e±ciently compute a compact ciphertext that encrypts f(m1; : : : ; mt) for any e±- ciently computable function f. This problem was posed by Rivest et al. in 1978. Fully homomorphic encryption has numerous applications. For example, it enables private queries to a search engine { the user submits an encrypted query and the search engine computes a succinct encrypted answer without ever looking at the query in the clear.
    [Show full text]