An Efficient CKKS-FHEW/TFHE Hybrid Encrypted Inference Framework

Tzu Li Liu; Yu Te Ku; Ming Chien Ho; Feng Hao Liu; Ming Ching Chang; Chih Fan Hsu; Wei Chao Chen; Shih Hao Hung

doi:10.1007/978-3-031-54129-2_32

An Efficient CKKS-FHEW/TFHE Hybrid Encrypted Inference Framework

Tzu Li Liu
, Yu Te Ku
, Ming Chien Ho
, Feng Hao Liu
, Ming Ching Chang
, Chih Fan Hsu
, Wei Chao Chen
, Shih Hao Hung

Computer Science

University at Albany

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

Machine Learning as a Service (MLaaS) is a robust platform that offers various emerging applications. Despite great convenience, user privacy has become a paramount concern, as user data may be shared or stored in outsourced environments. To address this, fully homomorphic encryption (FHE) presents a viable solution, yet the practical realization of this theoretical approach has remained a significant challenge, requiring specific optimization techniques tailored to different applications. We aim to investigate the opportunity to apply the CKKS-FHEW/TFHE hybrid approach to NNs, which inherit the advantages of both approaches. This idea has been implemented in several conventional ML approaches (PEGASUS system presented in IEEE S &P 2021), such as decision tree evaluation and K-means clustering, and demonstrated notable efficiency in specific applications. However, its effectiveness for NNs remains unknown. In this paper, we show that directly applying the PEGASUS system on encrypted NN inference would result in a significant accuracy drop, approximately 10% compared to plaintext inference. After a careful analysis, we propose a novel LUT-aware fine-tuning method to slightly adjust the NN weights and the functional bootstrapping for the ReLU function to mitigate the error accumulation throughout the NN computation. We show that by appropriately fine-tuning the model, we can largely reduce the accuracy drop, from 7.5% to 15% compared to the baseline implementation without fine-tuning, while maintaining comparable efficiency with extensive experiments.

Original language	English
Title of host publication	Computer Security. ESORICS 2023 International Workshops - CPS4CIP, ADIoT, SecAssure, WASP, TAURIN, PriST-AI, and SECAI, 2023, Revised Selected Papers
Editors	Sokratis Katsikas, Habtamu Abie, Silvio Ranise, Luca Verderame, Enrico Cambiaso, Rita Ugarelli, Isabel Praça, Wenjuan Li, Weizhi Meng, Steven Furnell, Basel Katt, Sandeep Pirbhulal, Ankur Shukla, Michele Ianni, Mila Dalla Preda, Kim-Kwang Raymond Choo, Miguel Pupo Correia, Abhishta Abhishta, Giovanni Sileno, Mina Alishahi, Harsha Kalutarage, Naoto Yanai
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	535-551
Number of pages	17
ISBN (Print)	9783031541285
DOIs	https://doi.org/10.1007/978-3-031-54129-2_32
State	Published - 2024
Event	International Workshops which were held in conjunction with 28th European Symposium on Research in Computer Security, ESORICS 2023 - The Hague, Netherlands Duration: Sep 25 2023 → Sep 29 2023

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	14399 LNCS

Conference

Conference	International Workshops which were held in conjunction with 28th European Symposium on Research in Computer Security, ESORICS 2023
Country/Territory	Netherlands
City	The Hague
Period	09/25/23 → 09/29/23

Keywords

Homomorphic encryption
functional bootstrapping
neural network
privacy-preserving machine learning

Access to Document

10.1007/978-3-031-54129-2_32

Cite this

Liu, T. L., Ku, Y. T., Ho, M. C., Liu, F. H., Chang, M. C., Hsu, C. F., Chen, W. C., & Hung, S. H. (2024). An Efficient CKKS-FHEW/TFHE Hybrid Encrypted Inference Framework. In S. Katsikas, H. Abie, S. Ranise, L. Verderame, E. Cambiaso, R. Ugarelli, I. Praça, W. Li, W. Meng, S. Furnell, B. Katt, S. Pirbhulal, A. Shukla, M. Ianni, M. Dalla Preda, K.-K. R. Choo, M. Pupo Correia, A. Abhishta, G. Sileno, M. Alishahi, H. Kalutarage, ... N. Yanai (Eds.), Computer Security. ESORICS 2023 International Workshops - CPS4CIP, ADIoT, SecAssure, WASP, TAURIN, PriST-AI, and SECAI, 2023, Revised Selected Papers (pp. 535-551). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14399 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-54129-2_32

Liu, Tzu Li ; Ku, Yu Te ; Ho, Ming Chien et al. / An Efficient CKKS-FHEW/TFHE Hybrid Encrypted Inference Framework. Computer Security. ESORICS 2023 International Workshops - CPS4CIP, ADIoT, SecAssure, WASP, TAURIN, PriST-AI, and SECAI, 2023, Revised Selected Papers. editor / Sokratis Katsikas ; Habtamu Abie ; Silvio Ranise ; Luca Verderame ; Enrico Cambiaso ; Rita Ugarelli ; Isabel Praça ; Wenjuan Li ; Weizhi Meng ; Steven Furnell ; Basel Katt ; Sandeep Pirbhulal ; Ankur Shukla ; Michele Ianni ; Mila Dalla Preda ; Kim-Kwang Raymond Choo ; Miguel Pupo Correia ; Abhishta Abhishta ; Giovanni Sileno ; Mina Alishahi ; Harsha Kalutarage ; Naoto Yanai. Springer Science and Business Media Deutschland GmbH, 2024. pp. 535-551 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{f5a01756f83d4a77af050536ca38f0d6,

title = "An Efficient CKKS-FHEW/TFHE Hybrid Encrypted Inference Framework",

abstract = "Machine Learning as a Service (MLaaS) is a robust platform that offers various emerging applications. Despite great convenience, user privacy has become a paramount concern, as user data may be shared or stored in outsourced environments. To address this, fully homomorphic encryption (FHE) presents a viable solution, yet the practical realization of this theoretical approach has remained a significant challenge, requiring specific optimization techniques tailored to different applications. We aim to investigate the opportunity to apply the CKKS-FHEW/TFHE hybrid approach to NNs, which inherit the advantages of both approaches. This idea has been implemented in several conventional ML approaches (PEGASUS system presented in IEEE S \&P 2021), such as decision tree evaluation and K-means clustering, and demonstrated notable efficiency in specific applications. However, its effectiveness for NNs remains unknown. In this paper, we show that directly applying the PEGASUS system on encrypted NN inference would result in a significant accuracy drop, approximately 10\% compared to plaintext inference. After a careful analysis, we propose a novel LUT-aware fine-tuning method to slightly adjust the NN weights and the functional bootstrapping for the ReLU function to mitigate the error accumulation throughout the NN computation. We show that by appropriately fine-tuning the model, we can largely reduce the accuracy drop, from 7.5\% to 15\% compared to the baseline implementation without fine-tuning, while maintaining comparable efficiency with extensive experiments.",

keywords = "Homomorphic encryption, functional bootstrapping, neural network, privacy-preserving machine learning",

author = "Liu, \{Tzu Li\} and Ku, \{Yu Te\} and Ho, \{Ming Chien\} and Liu, \{Feng Hao\} and Chang, \{Ming Ching\} and Hsu, \{Chih Fan\} and Chen, \{Wei Chao\} and Hung, \{Shih Hao\}",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.; International Workshops which were held in conjunction with 28th European Symposium on Research in Computer Security, ESORICS 2023 ; Conference date: 25-09-2023 Through 29-09-2023",

year = "2024",

doi = "10.1007/978-3-031-54129-2\_32",

language = "English",

isbn = "9783031541285",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "535--551",

editor = "Sokratis Katsikas and Habtamu Abie and Silvio Ranise and Luca Verderame and Enrico Cambiaso and Rita Ugarelli and Isabel Pra{\c c}a and Wenjuan Li and Weizhi Meng and Steven Furnell and Basel Katt and Sandeep Pirbhulal and Ankur Shukla and Michele Ianni and \{Dalla Preda\}, Mila and Choo, \{Kim-Kwang Raymond\} and \{Pupo Correia\}, Miguel and Abhishta Abhishta and Giovanni Sileno and Mina Alishahi and Harsha Kalutarage and Naoto Yanai",

booktitle = "Computer Security. ESORICS 2023 International Workshops - CPS4CIP, ADIoT, SecAssure, WASP, TAURIN, PriST-AI, and SECAI, 2023, Revised Selected Papers",

}

Liu, TL, Ku, YT, Ho, MC, Liu, FH, Chang, MC, Hsu, CF, Chen, WC & Hung, SH 2024, An Efficient CKKS-FHEW/TFHE Hybrid Encrypted Inference Framework. in S Katsikas, H Abie, S Ranise, L Verderame, E Cambiaso, R Ugarelli, I Praça, W Li, W Meng, S Furnell, B Katt, S Pirbhulal, A Shukla, M Ianni, M Dalla Preda, K-KR Choo, M Pupo Correia, A Abhishta, G Sileno, M Alishahi, H Kalutarage & N Yanai (eds), Computer Security. ESORICS 2023 International Workshops - CPS4CIP, ADIoT, SecAssure, WASP, TAURIN, PriST-AI, and SECAI, 2023, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 14399 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 535-551, International Workshops which were held in conjunction with 28th European Symposium on Research in Computer Security, ESORICS 2023, The Hague, Netherlands, 09/25/23. https://doi.org/10.1007/978-3-031-54129-2_32

An Efficient CKKS-FHEW/TFHE Hybrid Encrypted Inference Framework. / Liu, Tzu Li; Ku, Yu Te; Ho, Ming Chien et al.
Computer Security. ESORICS 2023 International Workshops - CPS4CIP, ADIoT, SecAssure, WASP, TAURIN, PriST-AI, and SECAI, 2023, Revised Selected Papers. ed. / Sokratis Katsikas; Habtamu Abie; Silvio Ranise; Luca Verderame; Enrico Cambiaso; Rita Ugarelli; Isabel Praça; Wenjuan Li; Weizhi Meng; Steven Furnell; Basel Katt; Sandeep Pirbhulal; Ankur Shukla; Michele Ianni; Mila Dalla Preda; Kim-Kwang Raymond Choo; Miguel Pupo Correia; Abhishta Abhishta; Giovanni Sileno; Mina Alishahi; Harsha Kalutarage; Naoto Yanai. Springer Science and Business Media Deutschland GmbH, 2024. p. 535-551 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14399 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - An Efficient CKKS-FHEW/TFHE Hybrid Encrypted Inference Framework

AU - Liu, Tzu Li

AU - Ku, Yu Te

AU - Ho, Ming Chien

AU - Liu, Feng Hao

AU - Chang, Ming Ching

AU - Hsu, Chih Fan

AU - Chen, Wei Chao

AU - Hung, Shih Hao

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.

PY - 2024

Y1 - 2024

N2 - Machine Learning as a Service (MLaaS) is a robust platform that offers various emerging applications. Despite great convenience, user privacy has become a paramount concern, as user data may be shared or stored in outsourced environments. To address this, fully homomorphic encryption (FHE) presents a viable solution, yet the practical realization of this theoretical approach has remained a significant challenge, requiring specific optimization techniques tailored to different applications. We aim to investigate the opportunity to apply the CKKS-FHEW/TFHE hybrid approach to NNs, which inherit the advantages of both approaches. This idea has been implemented in several conventional ML approaches (PEGASUS system presented in IEEE S &P 2021), such as decision tree evaluation and K-means clustering, and demonstrated notable efficiency in specific applications. However, its effectiveness for NNs remains unknown. In this paper, we show that directly applying the PEGASUS system on encrypted NN inference would result in a significant accuracy drop, approximately 10% compared to plaintext inference. After a careful analysis, we propose a novel LUT-aware fine-tuning method to slightly adjust the NN weights and the functional bootstrapping for the ReLU function to mitigate the error accumulation throughout the NN computation. We show that by appropriately fine-tuning the model, we can largely reduce the accuracy drop, from 7.5% to 15% compared to the baseline implementation without fine-tuning, while maintaining comparable efficiency with extensive experiments.

AB - Machine Learning as a Service (MLaaS) is a robust platform that offers various emerging applications. Despite great convenience, user privacy has become a paramount concern, as user data may be shared or stored in outsourced environments. To address this, fully homomorphic encryption (FHE) presents a viable solution, yet the practical realization of this theoretical approach has remained a significant challenge, requiring specific optimization techniques tailored to different applications. We aim to investigate the opportunity to apply the CKKS-FHEW/TFHE hybrid approach to NNs, which inherit the advantages of both approaches. This idea has been implemented in several conventional ML approaches (PEGASUS system presented in IEEE S &P 2021), such as decision tree evaluation and K-means clustering, and demonstrated notable efficiency in specific applications. However, its effectiveness for NNs remains unknown. In this paper, we show that directly applying the PEGASUS system on encrypted NN inference would result in a significant accuracy drop, approximately 10% compared to plaintext inference. After a careful analysis, we propose a novel LUT-aware fine-tuning method to slightly adjust the NN weights and the functional bootstrapping for the ReLU function to mitigate the error accumulation throughout the NN computation. We show that by appropriately fine-tuning the model, we can largely reduce the accuracy drop, from 7.5% to 15% compared to the baseline implementation without fine-tuning, while maintaining comparable efficiency with extensive experiments.

KW - Homomorphic encryption

KW - functional bootstrapping

KW - neural network

KW - privacy-preserving machine learning

UR - https://www.scopus.com/pages/publications/85188708581

U2 - 10.1007/978-3-031-54129-2_32

DO - 10.1007/978-3-031-54129-2_32

M3 - Conference contribution

SN - 9783031541285

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 535

EP - 551

BT - Computer Security. ESORICS 2023 International Workshops - CPS4CIP, ADIoT, SecAssure, WASP, TAURIN, PriST-AI, and SECAI, 2023, Revised Selected Papers

A2 - Katsikas, Sokratis

A2 - Abie, Habtamu

A2 - Ranise, Silvio

A2 - Verderame, Luca

A2 - Cambiaso, Enrico

A2 - Ugarelli, Rita

A2 - Praça, Isabel

A2 - Li, Wenjuan

A2 - Meng, Weizhi

A2 - Furnell, Steven

A2 - Katt, Basel

A2 - Pirbhulal, Sandeep

A2 - Shukla, Ankur

A2 - Ianni, Michele

A2 - Dalla Preda, Mila

A2 - Choo, Kim-Kwang Raymond

A2 - Pupo Correia, Miguel

A2 - Abhishta, Abhishta

A2 - Sileno, Giovanni

A2 - Alishahi, Mina

A2 - Kalutarage, Harsha

A2 - Yanai, Naoto

PB - Springer Science and Business Media Deutschland GmbH

T2 - International Workshops which were held in conjunction with 28th European Symposium on Research in Computer Security, ESORICS 2023

Y2 - 25 September 2023 through 29 September 2023

ER -

Liu TL, Ku YT, Ho MC, Liu FH, Chang MC, Hsu CF et al. An Efficient CKKS-FHEW/TFHE Hybrid Encrypted Inference Framework. In Katsikas S, Abie H, Ranise S, Verderame L, Cambiaso E, Ugarelli R, Praça I, Li W, Meng W, Furnell S, Katt B, Pirbhulal S, Shukla A, Ianni M, Dalla Preda M, Choo KKR, Pupo Correia M, Abhishta A, Sileno G, Alishahi M, Kalutarage H, Yanai N, editors, Computer Security. ESORICS 2023 International Workshops - CPS4CIP, ADIoT, SecAssure, WASP, TAURIN, PriST-AI, and SECAI, 2023, Revised Selected Papers. Springer Science and Business Media Deutschland GmbH. 2024. p. 535-551. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-54129-2_32

An Efficient CKKS-FHEW/TFHE Hybrid Encrypted Inference Framework

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this