Fully Homomorphic Encryption
Machine-learning models are often trained at scale in the cloud, which isn’t always secure. To safeguard data, we can train AI models with encrypted data sets without making the secret key available. Fully Homomorphic Encryption (FHE) addresses the security gap when processing data, providing security and privacy, at rest, in transit and during processing.
Overview
The first plausible fully homomorphic scheme was introduced by Craig Gentry from IBM Research in 2009. Until then it wasn’t possible to perform an arbitrary amount of multiplication and addition operations on encrypted data due to the inherent growth of “noise” in the ciphertext after each compute operation, effectively reaching a point in which the ciphertext can no longer be decrypted. This limitation meant that FHE was predominantly applicable to toy examples. FHE is built on sound mathematical constructs, specifically lattice and learning with errors (LWE) problems. These problems are universally considered difficult to solve without any known efficient algorithms to do so. They likely would even prove too taxing for a quantum computer to solve, which is why FHE is considered quantum-safe. Although FHE has a symmetric-key function, it is mostly used as a public key cryptography scheme, where a secret private key is used to generate and share public and evaluation keys. The introduction of the “bootstrapping” mechanism by Gentry, which cleans and reduces the amount of “noise” in the ciphertext, opened the door for the potential ubiquitous use of FHE in industry. Novel and more efficient schemes have been developed since its introduction, such as the fourth-generation Cheon-Kim-Kim-Song (CKKS) scheme, which is efficient for floating point calculations, like those used in machine learning algorithms. Traditional encryption schemes such as AES and RSA provide strong cryptographical guarantees on the security of data at rest and in transit, but don’t address the critical protection of data while in processing. With FHE, data always remains encrypted at rest, in transit, and during processing. AI models can be trained using data it cannot “see” to produce a model that only the data owner could decrypt and manipulate, as the holder of the private secret key. FHE provides end-to-end data security and privacy with strong cryptographic guarantees.
Our work
Federated Learning meets Homomorphic Encryption
Technical noteNathalie Baracaldo and Hayim ShaulThe ultimate tool for data privacy: Fully homomorphic encryption
Technical noteOmri Soceanu and Ronen Levy
Publications
Advanced HE packing methods with applications to ML
- Ehud Aharoni
- Nir Drucker
- et al.
- 2022
- CCS 2022
Privacy-preserving gaussian process regression - a modular approach to the application of homomorphic encryption
- Peter Fenner
- Edward O. Pyzer-Knapp
- 2020
- AAAI 2020
CraterLake: A Hardware Accelerator for Efficient Unbounded Computation on Encrypted Data
- Nikola Samardzic
- Axel Feldmann
- et al.
- 2022
- ISCA 2022
Doing real work with FHE: The case of logistic regression
- Jack Crawford
- Craig Gentry
- et al.
- 2018
- CCS/WAHC 2018
Mezzo TLS 1.3 Protocol, Suitable for Transmitting Already-Encrypted Data
- Nir Drucker
- Shai Gueron
- 2024
- CSCML 2024
Tokenised Multi-client Provisioning for Dynamic Searchable Encryption with Forward and Backward Privacy
- Arnab Bag
- Sikhar Patranabis
- et al.
- 2024
- ASIACCS 2024