PEGASUS: Bridging Polynomial and Non-polynomial Evaluations in Homomorphic Encryption

Homomorphic encryption (HE) is considered as one of the most important primitives for privacy-preserving applications. However, an efficient approach to evaluate both polynomial and non-polynomial functions on encrypted data is still absent, which hinders the deployment of HE to real-life applications. To address this issue, we propose a practical framework PEGASUS. PEGASUS can efficiently switch back and forth between a packed CKKS ciphertext and FHEW ciphertexts without decryption, allowing us to evaluate arithmetic functions efficiently on the CKKS side, and to evaluate look-up tables on FHEW ciphertexts. Our FHEW → CKKS conversion algorithm is more practical than the existing methods. We improve the computational complexity from linear to sublinear. Moreover, the size of our conversion key is significantly smaller, e.g., reduced from 80 gigabytes to 12 megabytes. We present extensive benchmarks of PEGASUS, including sigmoid/ReLU/min/max/division, sorting and max-pooling. To further demonstrate the capability of PEGASUS, we developed two more applications. The first one is a private decision tree evaluation whose communication cost is about two orders of magnitude smaller than the previous HE-based approaches. The second one is a secure K-means clustering that is able to run on thousands of encrypted samples in minutes that outperforms the best existing system by 14 × – 20×. To the best of our knowledge, this is the first work that supports practical K-means clustering using HE in a single server setting.

[1]  Xiaoqian Jiang,et al.  Secure Logistic Regression based on Homomorphic Encryption , 2018, IACR Cryptol. ePrint Arch..

[2]  Frederik Vercauteren,et al.  Fully homomorphic SIMD operations , 2012, Designs, Codes and Cryptography.

[3]  Martin R. Albrecht,et al.  On the concrete hardness of Learning with Errors , 2015, J. Math. Cryptol..

[4]  Anantha Chandrakasan,et al.  Gazelle: A Low Latency Framework for Secure Neural Network Inference , 2018, IACR Cryptol. ePrint Arch..

[5]  Frederik Vercauteren,et al.  Somewhat Practical Fully Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[6]  Wei Dai,et al.  Efficient Homomorphic Conversion Between (Ring) LWE Ciphertexts , 2020, IACR Cryptol. ePrint Arch..

[7]  Dongxi Liu,et al.  Privacy-Preserving and Outsourced Multi-user K-Means Clustering , 2014, 2015 IEEE Conference on Collaboration and Internet Computing (CIC).

[8]  Jung Hee Cheon,et al.  Improved Homomorphic Discrete Fourier Transforms and FHE Bootstrapping , 2019, IEEE Access.

[9]  Jung Hee Cheon,et al.  Bootstrapping for Approximate Homomorphic Encryption , 2018, IACR Cryptol. ePrint Arch..

[10]  Jun Sakuma,et al.  Non-interactive and Output Expressive Private Comparison from Homomorphic Encryption , 2018, AsiaCCS.

[11]  Marc-Olivier Killijian,et al.  XPIR : Private Information Retrieval for Everyone , 2016, Proc. Priv. Enhancing Technol..

[12]  Yongsoo Song,et al.  Efficient Multi-Key Homomorphic Encryption with Packed Ciphertexts with Application to Oblivious Neural Network Inference , 2019, IACR Cryptol. ePrint Arch..

[13]  Craig Gentry,et al.  Homomorphic Evaluation of the AES Circuit , 2012, IACR Cryptol. ePrint Arch..

[14]  Frederik Armknecht,et al.  Unsupervised Machine Learning on Encrypted Data , 2018, IACR Cryptol. ePrint Arch..

[15]  Jung Hee Cheon,et al.  Efficient Homomorphic Comparison Methods with Optimal Complexity , 2019, IACR Cryptol. ePrint Arch..

[16]  Michael Naehrig,et al.  Private Predictive Analysis on Encrypted Medical Data , 2014, IACR Cryptol. ePrint Arch..

[17]  Frederik Vercauteren,et al.  Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes , 2010, Public Key Cryptography.

[18]  Nicolas Gama,et al.  Simulating Homomorphic Evaluation of Deep Learning Predictions , 2019, IACR Cryptol. ePrint Arch..

[19]  Nicolas Gama,et al.  TFHE: Fast Fully Homomorphic Encryption Over the Torus , 2019, Journal of Cryptology.

[20]  Jian Liu,et al.  SoK: Modular and Efficient Private Decision Tree Evaluation , 2019, IACR Cryptol. ePrint Arch..

[21]  Léo Ducas,et al.  FHEW: Bootstrapping Homomorphic Encryption in Less Than a Second , 2015, EUROCRYPT.

[22]  Yihong Gong,et al.  Linear spatial pyramid matching using sparse coding for image classification , 2009, 2009 IEEE Conference on Computer Vision and Pattern Recognition.

[23]  Florian Kerschbaum,et al.  Non-Interactive Private Decision Tree Evaluation , 2019, DBSec.

[24]  Nicolas Gama,et al.  CHIMERA: Combining Ring-LWE-based Fully Homomorphic Encryption Schemes , 2020, J. Math. Cryptol..

[25]  Jung Hee Cheon,et al.  Remark on the Security of CKKS Scheme in Practice , 2020, IACR Cryptol. ePrint Arch..

[26]  Michael Naehrig,et al.  CryptoNets: applying neural networks to encrypted data with high throughput and accuracy , 2016, ICML 2016.

[27]  Hao Chen,et al.  CHET: an optimizing compiler for fully-homomorphic neural-network inferencing , 2019, PLDI.

[28]  Wei Dai,et al.  EVA: an encrypted vector arithmetic language and compiler for efficient homomorphic computation , 2019, PLDI.

[29]  Kenneth E. Batcher,et al.  Sorting networks and their applications , 1968, AFIPS Spring Joint Computing Conference.

[30]  Jun Sakuma,et al.  Using Fully Homomorphic Encryption for Statistical Analysis of Categorical, Ordinal and Numerical Data , 2016, NDSS.

[31]  Sherman S. M. Chow,et al.  Privacy-Preserving Decision Trees Evaluation via Linear Functions , 2017, ESORICS.

[32]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[33]  Brent Waters,et al.  Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based , 2013, CRYPTO.

[34]  Jean-Pierre Hubaux,et al.  Efficient Bootstrapping for Approximate Homomorphic Encryption with Non-Sparse Keys , 2020, IACR Cryptol. ePrint Arch..

[35]  Hao Chen,et al.  Improved Bootstrapping for Approximate Homomorphic Encryption , 2019, IACR Cryptol. ePrint Arch..

[36]  Shai Halevi,et al.  Faster Homomorphic Linear Transformations in HElib , 2018, IACR Cryptol. ePrint Arch..

[37]  Michael Scott,et al.  A Note on the Implementation of the Number Theoretic Transform , 2017, IMACC.

[38]  Kyoohyung Han,et al.  Better Bootstrapping for Approximate Homomorphic Encryption , 2020, IACR Cryptol. ePrint Arch..

[39]  Daniele Micciancio,et al.  On the Security of Homomorphic Encryption on Approximate Numbers , 2020, IACR Cryptol. ePrint Arch..

[40]  Nigel P. Smart,et al.  Which Ring Based Somewhat Homomorphic Encryption Scheme is Best? , 2015, CT-RSA.

[41]  Craig Gentry,et al.  (Leveled) fully homomorphic encryption without bootstrapping , 2012, ITCS '12.

[42]  Shai Halevi,et al.  Algorithms in HElib , 2014, CRYPTO.

[43]  Shafi Goldwasser,et al.  Machine Learning Classification over Encrypted Data , 2015, NDSS.

[44]  Jung Hee Cheon,et al.  Numerical Methods for Comparison on Homomorphically Encrypted Numbers , 2019, IACR Cryptol. ePrint Arch..

[45]  Jung Hee Cheon,et al.  Homomorphic Encryption for Arithmetic of Approximate Numbers , 2017, ASIACRYPT.

[46]  Daniele Micciancio,et al.  Bootstrapping in FHEW-like Cryptosystems , 2021, IACR Cryptol. ePrint Arch..

[47]  Praveen Gauravaram,et al.  Updates on Sorting of Fully Homomorphic Encrypted Data , 2015, 2015 International Conference on Cloud Computing Research and Innovation (ICCCRI).

[48]  Jung Hee Cheon,et al.  Towards a Practical Clustering Analysis over Encrypted Data , 2019, IACR Cryptol. ePrint Arch..