Optimizing homomorphic evaluation circuits by program synthesis and term rewriting

We present a new and general method for optimizing homomorphic evaluation circuits. Although fully homomorphic encryption (FHE) holds the promise of enabling safe and secure third party computation, building FHE applications has been challenging due to their high computational costs. Domain-specific optimizations require a great deal of expertise on the underlying FHE schemes, and FHE compilers that aims to lower the hurdle, generate outcomes that are typically sub-optimal as they rely on manually-developed optimization rules. In this paper, based on the prior work of FHE compilers, we propose a method for automatically learning and using optimization rules for FHE circuits. Our method focuses on reducing the maximum multiplicative depth, the decisive performance bottleneck, of FHE circuits by combining program synthesis and term rewriting. It first uses program synthesis to learn equivalences of small circuits as rewrite rules from a set of training circuits. Then, we perform term rewriting on the input circuit to obtain a new circuit that has lower multiplicative depth. Our rewriting method maximally generalizes the learned rules based on the equational matching and its soundness and termination properties are formally proven. Experimental results show that our method generates circuits that can be homomorphically evaluated 1.18x – 3.71x faster (with the geometric mean of 2.05x) than the state-of-the-art method. Our method is also orthogonal to existing domain-specific optimizations.

[1]  Sebastian Buchwald Optgen: A Generator for Local Optimizations , 2015, CC.

[2]  Jung Hee Cheon,et al.  Homomorphic Encryption for Arithmetic of Approximate Numbers , 2017, ASIACRYPT.

[3]  Jung Hee Cheon,et al.  Static Analysis with Set-Closure in Secrecy , 2015, SAS.

[4]  Craig Gentry,et al.  Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.

[5]  Hao Chen,et al.  CHET: an optimizing compiler for fully-homomorphic neural-network inferencing , 2019, PLDI.

[6]  Chris Peikert,et al.  ALCHEMY: A Language and Compiler for Homomorphic Encryption Made easY , 2018, CCS.

[7]  Craig Gentry,et al.  Private Database Queries Using Somewhat Homomorphic Encryption , 2013, ACNS.

[8]  Meng Wu,et al.  Synthesis of Fault-Attack Countermeasures for Cryptographic Circuits , 2016, CAV.

[9]  Isil Dillig,et al.  Synthesizing data structure transformations from input-output examples , 2015, PLDI.

[10]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[11]  Arjun Radhakrishna,et al.  Scaling Enumerative Program Synthesis via Divide and Conquer , 2017, TACAS.

[12]  Nick Howgrave-Graham,et al.  Approximate Integer Common Divisors , 2001, CaLC.

[13]  Michael Naehrig,et al.  CryptoNets: applying neural networks to encrypted data with high throughput and accuracy , 2016, ICML 2016.

[14]  Hossein Shafagh,et al.  Marble: Making Fully Homomorphic Encryption Accessible to All , 2018, WAHC@CCS.

[15]  Renaud Sirdey,et al.  Armadillo: A Compilation Chain for Privacy Preserving Applications , 2015, IACR Cryptol. ePrint Arch..

[16]  Eelco Visser,et al.  Stratego/XT 0.17. A language and toolset for program transformation , 2008, Sci. Comput. Program..

[17]  Gianpiero Costantino,et al.  Practical Privacy-Preserving Medical Diagnosis Using Homomorphic Encryption , 2016, 2016 IEEE 9th International Conference on Cloud Computing (CLOUD).

[18]  Craig Gentry,et al.  (Leveled) fully homomorphic encryption without bootstrapping , 2012, ITCS '12.

[19]  Hans Petter Langtangen,et al.  Modern Software Tools for Scientific Computing , 1997, Birkhäuser Boston.

[20]  Jung Hee Cheon,et al.  Homomorphic Computation of Edit Distance , 2015, IACR Cryptol. ePrint Arch..

[21]  Isil Dillig,et al.  Component-based synthesis of table consolidation and transformation tasks from examples , 2016, PLDI.

[22]  Giovanni De Micheli,et al.  The EPFL Combinational Benchmark Suite , 2015 .

[23]  Vinod Vaikuntanathan,et al.  Can homomorphic encryption be practical? , 2011, CCSW '11.

[24]  Detlef Plump,et al.  Essentials of Term Graph Rewriting , 2002, GETGRATS Closing Workshop.

[25]  Paliath Narendran,et al.  Matching, unification and complexity , 1987, SIGS.

[26]  Pascal Aubry,et al.  A multi-start heuristic for multiplicative depth minimization of boolean circuits , 2017, IACR Cryptol. ePrint Arch..

[27]  Jun Sakuma,et al.  Using Fully Homomorphic Encryption for Statistical Analysis of Categorical, Ordinal and Numerical Data , 2016, NDSS.

[28]  Isil Dillig,et al.  Component-based synthesis for complex APIs , 2017, POPL.

[29]  Sumit Gulwani,et al.  Oracle-guided component-based program synthesis , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[30]  Alexander Aiken,et al.  Stratified synthesis: automatically learning the x86-64 instruction set , 2016, PLDI.

[31]  Sumit Gulwani,et al.  Automated feedback generation for introductory programming assignments , 2012, PLDI.

[32]  Chang Liu,et al.  Term rewriting and all that , 2000, SOEN.

[33]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[34]  Alexander Aiken,et al.  Stochastic superoptimization , 2012, ASPLOS '13.

[35]  Yuki Chiba,et al.  Program transformation by templates based on term rewriting , 2005, PPDP.

[36]  John Regehr,et al.  Souper: A Synthesizing Superoptimizer , 2017, ArXiv.

[37]  Rajeev Alur,et al.  Syntax-guided synthesis , 2013, 2013 Formal Methods in Computer-Aided Design.

[38]  Paul Klint,et al.  Compiling language definitions: the ASF+SDF compiler , 2000, TOPL.

[39]  Robert K. Brayton,et al.  ABC: An Academic Industrial-Strength Verification Tool , 2010, CAV.

[40]  NAVID YAGHMAZADEH,et al.  SQLizer: query synthesis from natural language , 2017, Proc. ACM Program. Lang..

[41]  Terence J. Harmer,et al.  The TAMPR Program Transformation System: Simplifying the Development of Numerical Software , 1997, SciTools.

[42]  Alexander Aiken,et al.  Automatic generation of peephole superoptimizers , 2006, ASPLOS XII.

[43]  Berk Sunar,et al.  Depth Optimized Efficient Homomorphic Sorting , 2015, LATINCRYPT.

[44]  Renaud Sirdey,et al.  Faster homomorphic encryption is not enough: improved heuristic for multiplicative depth minimization of Boolean circuits , 2019, IACR Cryptol. ePrint Arch..

[45]  Michael Stepp,et al.  Equality saturation: a new approach to optimization , 2009, POPL '09.

[46]  Eelco Visser,et al.  Building program optimizers with rewriting strategies , 1998, ICFP '98.

[47]  Alex J. Malozemoff,et al.  RAMPARTS: A Programmer-Friendly System for Building Homomorphic Encryption Applications , 2019, IACR Cryptol. ePrint Arch..

[48]  Alvin Cheung,et al.  Synthesizing highly expressive SQL queries from input-output examples , 2017, PLDI.