Skip to main content
SpringerLink
Log in

An Efficient CKKS-FHEW/TFHE Hybrid Encrypted Inference Framework

  • Conference paper
  • First Online:
Computer Security. ESORICS 2023 International Workshops (ESORICS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14399))

Included in the following conference series:

  • 186 Accesses

Abstract

Machine Learning as a Service (MLaaS) is a robust platform that offers various emerging applications. Despite great convenience, user privacy has become a paramount concern, as user data may be shared or stored in outsourced environments. To address this, fully homomorphic encryption (FHE) presents a viable solution, yet the practical realization of this theoretical approach has remained a significant challenge, requiring specific optimization techniques tailored to different applications. We aim to investigate the opportunity to apply the CKKS-FHEW/TFHE hybrid approach to NNs, which inherit the advantages of both approaches. This idea has been implemented in several conventional ML approaches (PEGASUS system presented in IEEE S &P 2021), such as decision tree evaluation and K-means clustering, and demonstrated notable efficiency in specific applications. However, its effectiveness for NNs remains unknown. In this paper, we show that directly applying the PEGASUS system on encrypted NN inference would result in a significant accuracy drop, approximately 10% compared to plaintext inference. After a careful analysis, we propose a novel LUT-aware fine-tuning method to slightly adjust the NN weights and the functional bootstrapping for the ReLU function to mitigate the error accumulation throughout the NN computation. We show that by appropriately fine-tuning the model, we can largely reduce the accuracy drop, from 7.5% to 15% compared to the baseline implementation without fine-tuning, while maintaining comparable efficiency with extensive experiments.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abadi, M., et al.: Deep learning with differential privacy. In: ACM SIGSAC conference on Computer and Communications Security, pp. 308–318 (2016)

    Google Scholar 

  2. Bourse, F., Minelli, M., Minihold, M., Paillier, P.: Fast homomorphic evaluation of deep discretized neural networks. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part III. LNCS, vol. 10993, pp. 483–512. Springer, Heidelberg (2018). https://doi.org/10.1007/978-3-319-96878-0_17

  3. Brakerski, Z., Vaikuntanathan, V.: Lattice-based FHE as secure as PKE. In: Naor, M. (ed.) ITCS 2014, pp. 1–12. ACM (2014). https://doi.org/10.1145/2554797.2554799

  4. Cheon, J.H., Han, K., Kim, A., Kim, M., Song, Y.: Bootstrapping for approximate homomorphic encryption. In: Nielsen, J., Rijmen, V. (eds.) Advances in Cryptology-EUROCRYPT 2018: 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tel Aviv, Israel, 29 April–3 May 2018, Proceedings, Part I, vol. 37. pp. 360–384. Springer, Heidelberg (2018). https://doi.org/10.1007/978-3-319-78381-9_14

  5. Cheon, J.H., Kim, A., Kim, M., Song, Y.S.: Homomorphic encryption for arithmetic of approximate numbers. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, Part I. LNCS, vol. 10624, pp. 409–437. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-319-70694-8_15

  6. Chillotti, I., Gama, N., Georgieva, M., Izabachène, M.: TFHE: fast fully homomorphic encryption over the torus. Cryptology ePrint Archive, Report 2018/421 (2018). https://eprint.iacr.org/2018/421

  7. Chillotti, I., Gama, N., Georgieva, M., Izabachène, M.: TFHE: fast fully homomorphic encryption over the torus. J. Cryptol. 33(1), 34–91 (2020)

    Article  MathSciNet  Google Scholar 

  8. Ducas, L., Micciancio, D.: FHEW: bootstrapping homomorphic encryption in less than a second. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part I. LNCS, vol. 9056, pp. 617–640. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46800-5_24

  9. Dwork, C.: Differential privacy: a survey of results. In: Agrawal, M., Du, D., Duan, Z., Li, A. (eds.) Theory and Applications of Models of Computation (TAMC), vol. 4978, pp. 1–19. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-79228-4_1

  10. Dwork, C., Roth, A., et al.: The algorithmic foundations of differential privacy. Found. Trends Theor. Comput. Sci. 9(3–4), 211–407 (2014)

    MathSciNet  Google Scholar 

  11. Gentry, C.: A fully homomorphic encryption scheme. Stanford university (2009)

    Google Scholar 

  12. Gentry, C.: Computing arbitrary functions of encrypted data. Commun. ACM 53(3), 97–105 (2010)

    Article  Google Scholar 

  13. Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game, or a completeness theorem for protocols with honest majority. In: Providing Sound Foundations for Cryptography: On the Work of Shafi Goldwasser and Silvio Micali, pp. 307–328 (2019)

    Google Scholar 

  14. Goodfellow, I.J., et al.: Generative adversarial nets. In: Neural Information Processing Systems, pp. 2672–2680 (2014)

    Google Scholar 

  15. Jacob, B., et al.: Quantization and training of neural networks for efficient integer-arithmetic-only inference. In: IEEE CVPR (2018)

    Google Scholar 

  16. Juvekar, C., Vaikuntanathan, V., Chandrakasan, A.: GAZELLE: a low latency framework for secure neural network inference. In: USENIX Security Symposium, pp. 1651–1669 (2018)

    Google Scholar 

  17. Kluczniak, K., Schild, L.: FDFB: full domain functional bootstrapping towards practical fully homomorphic encryption. Cryptology ePrint Archive, Report 2021/1135 (2021). https://eprint.iacr.org/2021/1135

  18. Krizhevsky, A., Sutskever, I., Hinton, G.E.: ImageNet classification with deep convolutional neural networks. In: Bartlett, P.L., Pereira, F.C.N., Burges, C.J.C., Bottou, L., Weinberger, K.Q. (eds.) Neural Information Processing Systems, pp. 1106–1114 (2012). https://proceedings.neurips.cc/paper/2012/hash/c399862d3b9d6b76c8436e924a68c45b-Abstract.html

  19. Lee, J.W., et al.: Privacy-preserving machine learning with fully homomorphic encryption for deep neural network. IEEE Access 10, 30039–30054 (2022)

    Article  Google Scholar 

  20. Liu, X., et al.: Privacy and security issues in deep learning: a survey. IEEE Access 9, 4566–4593 (2021). https://doi.org/10.1109/ACCESS.2020.3045078

    Article  Google Scholar 

  21. Liu, Z., Micciancio, D., Polyakov, Y.: Large-precision homomorphic sign evaluation using FHEW/TFHE bootstrapping. In: Agrawal, S., Lin, D. (eds.) ASIACRYPT 2022, Part II. LNCS, vol. 13792, pp. 130–160. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-22966-4_5

  22. Lou, Q., Jiang, L.: SHE: A fast and accurate deep neural network for encrypted data. In: Neural Information Processing Systems, pp. 10035–10043 (2019)

    Google Scholar 

  23. Jie Lu, W., Huang, Z., Hong, C., Ma, Y., Qu, H.: PEGASUS: bridging polynomial and non-polynomial evaluations in homomorphic encryption. In: 2021 IEEE Symposium on Security and Privacy, pp. 1057–1073. IEEE Computer Society Press (2021). https://doi.org/10.1109/SP40001.2021.00043

  24. Marcolla, C., Sucasas, V., Manzano, M., Bassoli, R., Fitzek, F.H.P., Aaraj, N.: Survey on fully homomorphic encryption, theory, and applications. Proc. IEEE 110(10), 1572–1609 (2022)

    Article  Google Scholar 

  25. Micciancio, D., Polyakov, Y.: Bootstrapping in FHEW-like cryptosystems. In: WAHC, pp. 17–28 (2021)

    Google Scholar 

  26. Papernot, N., Song, S., Mironov, I., Raghunathan, A., Talwar, K., Erlingsson, Ú.: Scalable private learning with pate. arXiv preprint arXiv:1802.08908 (2018)

  27. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM (JACM) 56(6), 1–40 (2009)

    Article  MathSciNet  Google Scholar 

  28. Ribeiro, M., Grolinger, K., Capretz, M.A.: MLAAS: machine learning as a service. In: IEEE ICMLA, pp. 896–902 (2015)

    Google Scholar 

  29. Sutskever, I., Vinyals, O., Le, Q.V.: Sequence to sequence learning with neural networks. In: Neural Information Processing Systems, pp. 3104–3112 (2014)

    Google Scholar 

  30. Yao, A.C.: Protocols for secure computations. In: SFCS, pp. 160–164. IEEE (1982)

    Google Scholar 

Download references

Acknowledgements

This work is supported in part by the National Science and Technology Council, Taiwan, under the grants NSTC 112-2221-E-002 -159 -MY3, and an NSF Award CNS 1942400, United States.

Author information

Authors and Affiliations

  1. Inventec Corporation, Taipei City, 111059, Taiwan

    Tzu-Li Liu, Yu-Te Ku, Ming-Chien Ho, Ming-Ching Chang, Chih-Fan Hsu & Wei-Chao Chen

  2. National Taiwan University, Taipei City, 10617, Taiwan

    Tzu-Li Liu, Yu-Te Ku, Ming-Chien Ho & Shih-Hao Hung

  3. Washington State University, Pullman, WA, 99164, USA

    Feng-Hao Liu

  4. State University of New York, University at Albany, Albany, NY, 12222, USA

    Ming-Ching Chang

  5. Mohamed bin Zayed University of Artificial Intelligence, Abu Dhabi, United Arab Emirates

    Shih-Hao Hung

Authors
  1. Tzu-Li Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yu-Te Ku
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ming-Chien Ho
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Feng-Hao Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ming-Ching Chang
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Chih-Fan Hsu
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Wei-Chao Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Shih-Hao Hung
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tzu-Li Liu .

Editor information

Editors and Affiliations

  1. Norwegian University of Science and Technology, Gjøvik, Norway

    Sokratis Katsikas

  2. Norwegian Computing Center, Oslo, Norway

    Habtamu Abie

  3. University of Trento, Trento, Italy

    Silvio Ranise

  4. University of Genoa, Genoa, Italy

    Luca Verderame

  5. Consiglio Nazionale delle Ricerche (CNR), Genoa, Italy

    Enrico Cambiaso

  6. SINTEF A.S., Oslo, Norway

    Rita Ugarelli

  7. Instituto Superior de Engenharia do Porto, Porto, Portugal

    Isabel Praça

  8. Hong Kong Polytechnic University, Hong Kong, China

    Wenjuan Li

  9. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  10. University of Nottingham, Nottingham, UK

    Steven Furnell

  11. Norwegian University of Science and Technology, Gjøvik, Norway

    Basel Katt

  12. Norwegian Computing Center, Oslo, Norway

    Sandeep Pirbhulal

  13. Institute for Energy Technology (IFE), Halden, Norway

    Ankur Shukla

  14. University of Calabria, Rende, Italy

    Michele Ianni

  15. University of Verona, Verona, Italy

    Mila Dalla Preda

  16. The University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  17. University of Lisbon, Lisbon, Portugal

    Miguel Pupo Correia

  18. University of Twente, Enschede, The Netherlands

    Abhishta Abhishta

  19. University of Amsterdam, Amsterdam, The Netherlands

    Giovanni Sileno

  20. Open University in the Netherlands, Heerlen, The Netherlands

    Mina Alishahi

  21. Robert Gordon University, Aberdeen, UK

    Harsha Kalutarage

  22. Osaka University, Osaka, Japan

    Naoto Yanai

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Liu, TL. et al. (2024). An Efficient CKKS-FHEW/TFHE Hybrid Encrypted Inference Framework. In: Katsikas, S., et al. Computer Security. ESORICS 2023 International Workshops. ESORICS 2023. Lecture Notes in Computer Science, vol 14399. Springer, Cham. https://doi.org/10.1007/978-3-031-54129-2_32

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-54129-2_32

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-54128-5

  • Online ISBN: 978-3-031-54129-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation