HEAX: An Architecture for Computing on Encrypted Data

Authors:
M. Sadegh Riazi

University of California, San Diego, La Jolla, CA, USA

University of California, San Diego, La Jolla, CA, USA
View Profile

,
Kim Laine

Microsoft Research, Redmond, WA, USA

Microsoft Research, Redmond, WA, USA
View Profile

,
Blake Pelton

Microsoft, Redmond, WA, USA

Microsoft, Redmond, WA, USA
View Profile

,
Wei Dai

Microsoft Research, Redmond, WA, USA

Microsoft Research, Redmond, WA, USA
View Profile

ASPLOS '20: Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating SystemsMarch 2020Pages 1295–1309https://doi.org/10.1145/3373376.3378523

Published:13 March 2020Publication History

ASPLOS '20: Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems

Pages 1295–1309

ABSTRACT

With the rapid increase in cloud computing, concerns surrounding data privacy, security, and confidentiality also have been increased significantly. Not only cloud providers are susceptible to internal and external hacks, but also in some scenarios, data owners cannot outsource the computation due to privacy laws such as GDPR, HIPAA, or CCPA. Fully Homomorphic Encryption (FHE) is a groundbreaking invention in cryptography that, unlike traditional cryptosystems, enables computation on encrypted data without ever decrypting it. However, the most critical obstacle in deploying FHE at large-scale is the enormous computation overhead. In this paper, we present HEAX, a novel hardware architecture for FHE that achieves unprecedented performance improvements. HEAX leverages multiple levels of parallelism, ranging from ciphertext-level to fine-grained modular arithmetic level. Our first contribution is a new highly-parallelizable architecture for number-theoretic transform (NTT) which can be of independent interest as NTT is frequently used in many lattice-based cryptography systems. Building on top of NTT engine, we design a novel architecture for computation on homomorphically encrypted data. Our implementation on reconfigurable hardware demonstrates 164-268× performance improvement for a wide range of FHE parameters.

References

Ahmad Al Badawi, Bharadwaj Veeravalli, Chan Fook Mun, and Khin Mi Mi Aung. 2018. High-performance FV somewhat homomorphic encryption on GPUs: An implementation using CUDA. IACR Transactions on Cryptographic Hardware and Embedded Systems (2018), 70--95.Google Scholar
Martin Albrecht, Melissa Chase, Hao Chen, Jintai Ding, Shafi Goldwasser, Sergey Gorbunov, Shai Halevi, Jeffrey Hoffstein, Kim Laine, Kristin Lauter, Satya Lokam, Daniele Micciancio, Dustin Moody, Travis Morrison, Amit Sahai, and Vinod Vaikuntanathan. 2018. Homomorphic Encryption Security Standard. Technical Report. HomomorphicEncryption. org, Toronto, Canada.Google Scholar
Martin R. Albrecht, Shi Bai, and Léo Ducas. 2016. A Subfield Lattice Attack on Overstretched NTRU Assumptions - Cryptanalysis of Some FHE and Graded Encoding Schemes. In Advances in Cryptology -- CRYPTO 2016, Part I (Lecture Notes in Computer Science), Matthew Robshaw and Jonathan Katz (Eds.), Vol. 9814. Springer, Heidelberg, Germany, Santa Barbara, CA, USA, 153--178. https://doi.org/10.1007/978- 3--662--53018--4_6Google Scholar
Bevan M Baas. 1999. An approach to low-power, high-performance, fast Fourier transform processor design. Ph.D. Dissertation. Citeseer.Google Scholar
Bevan M Baas. 2005. A generalized cached-FFT algorithm. In Proceedings.( ICASSP'05). IEEE International Conference on Acoustics, Speech, and Signal Processing, 2005., Vol. 5. IEEE, v--89.Google ScholarCross Ref
Ahmad Al Badawi, Yuriy Polyakov, Khin Mi Mi Aung, Bharadwaj Veeravalli, and Kurt Rohloff. 2019. Implementation and Performance Evaluation of RNS Variants of the BFV Homomorphic Encryption Scheme. IEEE Transactions on Emerging Topics in Computing (2019), 1--1. https://doi.org/10.1109/TETC.2019.2902799Google Scholar
Ahmad Al Badawi, Bharadwaj Veeravalli, Chan Fook Mun, and Khin Mi Mi Aung. 2018. High-Performance FV Somewhat Homomorphic Encryption on GPUs: An Implementation using CUDA. IACR Transactions on Cryptographic Hardware and Embedded Systems 2018, 2 (2018), 70--95. https://doi.org/10.13154/tches.v2018.i2.70--95 https: //tches.iacr.org/index.php/TCHES/article/view/875.Google ScholarCross Ref
Jean-Claude Bajard, Julien Eynard, M. Anwar Hasan, and Vincent Zucca. 2016. A Full RNS Variant of FV Like Somewhat Homomorphic Encryption Schemes. In SAC 2016: 23rd Annual International Workshop on Selected Areas in Cryptography (Lecture Notes in Computer Science), Roberto Avanzi and Howard M. Heys (Eds.), Vol. 10532. Springer, Heidelberg, Germany, St. John's, NL, Canada, 423--442. https://doi. org/10.1007/978--3--319--69453--5_23Google Scholar
Paul Barrett. 1987. Implementing the Rivest Shamir and Adleman Public Key Encryption Algorithm on a Standard Digital Signal Processor. In Advances in Cryptology -- CRYPTO'86 (Lecture Notes in Computer Science), Andrew M. Odlyzko (Ed.), Vol. 263. Springer, Heidelberg, Germany, Santa Barbara, CA, USA, 311--323. https://doi.org/10.1007/3- 540--47721--7_24Google Scholar
Joppe W. Bos, Kristin Lauter, Jake Loftus, and Michael Naehrig. 2013. Improved Security for a Ring-Based Fully Homomorphic Encryption Scheme. In 14th IMA International Conference on Cryptography and Coding (Lecture Notes in Computer Science), Martijn Stam (Ed.), Vol. 8308. Springer, Heidelberg, Germany, Oxford, UK, 45--64. https://doi.org/10.1007/978--3--642--45239-0_4Google ScholarDigital Library
Zvika Brakerski, Craig Gentry, and Vinod Vaikuntanathan. 2012. (Leveled) fully homomorphic encryption without bootstrapping. In ITCS 2012: 3rd Innovations in Theoretical Computer Science, Shafi Goldwasser (Ed.). Association for Computing Machinery, Cambridge, MA, USA, 309--325. https://doi.org/10.1145/2090236.2090262Google ScholarDigital Library
Zvika Brakerski and Vinod Vaikuntanathan. 2011. Efficient Fully Homomorphic Encryption from (Standard) LWE. In 52nd Annual Symposium on Foundations of Computer Science, Rafail Ostrovsky (Ed.). IEEE Computer Society Press, Palm Springs, CA, USA, 97--106. https://doi.org/10.1109/FOCS.2011.12Google ScholarDigital Library
Xiaolin Cao, Ciara Moore, Máire O'Neill, Elizabeth O'Sullivan, and Neil Hanley. 2013. Accelerating Fully Homomorphic Encryption over the Integers with Super-size Hardware Multiplier and Modular Reduction. IACR Cryptology ePrint Archive 2013 (2013), 616.Google Scholar
Xiaolin Cao, Ciara Moore, Máire O'Neill, Neil Hanley, and Elizabeth O'Sullivan. 2014. High-speed fully homomorphic encryption over the integers. In International Conference on Financial Cryptography and Data Security. Springer, 169--180.Google ScholarCross Ref
Hao Chen, Wei Dai, Miran Kim, and Yongsoo Song. 2019. Efficient Multi-Key Homomorphic Encryption with Packed Ciphertexts with Application to Oblivious Neural Network Inference. Cryptology ePrint Archive, Report 2019/524. https://eprint.iacr.org/2019/524.Google Scholar
Jung Hee Cheon, Kyoohyung Han, Andrey Kim, Miran Kim, and Yongsoo Song. 2019. A Full RNS Variant of Approximate Homomorphic Encryption. In SAC 2018: 25th Annual International Workshop on Selected Areas in Cryptography (Lecture Notes in Computer Science), Carlos Cid and Michael J. Jacobson Jr: (Eds.), Vol. 11349. Springer, Heidelberg, Germany, Calgary, AB, Canada, 347--368. https://doi.org/10.1007/978- 3-030--10970--7_16Google ScholarCross Ref
Jung Hee Cheon, Andrey Kim, Miran Kim, and Yong Soo Song. 2017. Homomorphic Encryption for Arithmetic of Approximate Numbers. In Advances in Cryptology -- ASIACRYPT 2017, Part I (Lecture Notes in Computer Science), Tsuyoshi Takagi and Thomas Peyrin (Eds.), Vol. 10624. Springer, Heidelberg, Germany, Hong Kong, China, 409-- 437. https://doi.org/10.1007/978--3--319--70694--8_15Google ScholarCross Ref
Ilaria Chillotti, Nicolas Gama, Mariya Georgieva, and Malika Izabachène. 2016. Faster Fully Homomorphic Encryption: Bootstrapping in Less Than 0.1 Seconds. In Advances in Cryptology -- ASIACRYPT 2016, Part I (Lecture Notes in Computer Science), Jung Hee Cheon and Tsuyoshi Takagi (Eds.), Vol. 10031. Springer, Heidelberg, Germany, Hanoi, Vietnam, 3--33. https://doi.org/10.1007/978--3--662--53887--6_1Google ScholarCross Ref
David Bruce Cousins, John Golusky, Kurt Rohloff, and Daniel Sumorok. 2014. An FPGA co-processor implementation of homomorphic encryption. In 2014 IEEE High Performance Extreme Computing Conference (HPEC). IEEE, 1--6.Google ScholarCross Ref
David Bruce Cousins, Kurt Rohloff, and Daniel Sumorok. 2016. Designing an FPGA-accelerated homomorphic encryption co-processor. IEEE Transactions on Emerging Topics in Computing 5, 2 (2016), 193--206.Google ScholarCross Ref
cuFHE [n.d.]. cuFHE. https://github.com/vernamlab/cuFHE. Vernam Group.Google Scholar
Joan Daemen and Vincent Rijmen. 2013. The design of Rijndael: AES-the advanced encryption standard. Springer Science & Business Media.Google ScholarDigital Library
Wei Dai, Yarkn Doröz, and Berk Sunar. 2014. Accelerating NTRU based homomorphic encryption using GPUs. In 2014 IEEE High Performance Extreme Computing Conference (HPEC). IEEE, 1--6.Google ScholarCross Ref
Wei Dai and Berk Sunar. 2016. cuHE: A Homomorphic Encryption Accelerator Library. In Cryptography and Information Security in the Balkans, Enes Pasalic and Lars R. Knudsen (Eds.). Springer International Publishing, Cham, 169--186.Google Scholar
Roshan Dathathri, Olli Saarikivi, Hao Chen, Kim Laine, Kristin Lauter, Saeed Maleki, Madanlal Musuvathi, and Todd Mytkowicz. 2018. Chet: Compiler and runtime for homomorphic evaluation of tensor programs. arXiv preprint arXiv:1810.00845 (2018).Google Scholar
Tharam Dillon, Chen Wu, and Elizabeth Chang. 2010. Cloud computing: issues and challenges. In 2010 24th IEEE international conference on advanced information networking and applications. Ieee, 27--33.Google ScholarDigital Library
Yarkn Doröz, Erdinç Öztürk, Erkay Sava?, and Berk Sunar. 2015. Accelerating LTV based homomorphic encryption in reconfigurable hardware. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 185--204.Google ScholarCross Ref
Yarkin Doröz, Erdinç Öztürk, and Berk Sunar. 2013. Evaluating the hardware performance of a million-bit multiplier. In 2013 Euromicro Conference on Digital System Design. IEEE, 955--962.Google ScholarDigital Library
Yarkn Doröz, Erdinç Öztürk, and Berk Sunar. 2014. Accelerating fully homomorphic encryption in hardware. IEEE Trans. Comput. 64, 6 (2014), 1509--1521.Google Scholar
Yark?n Doröz, Erdinç Öztürk, and Berk Sunar. 2014. A million-bit multiplier architecture for fully homomorphic encryption. Microprocessors and Microsystems 38, 8 (2014), 766--775.Google ScholarDigital Library
Junfeng Fan and Frederik Vercauteren. 2012. Somewhat Practical Fully Homomorphic Encryption. Cryptology ePrint Archive, Report 2012/144. http://eprint.iacr.org/2012/144.Google Scholar
FV-NFLlib [n.d.]. FV-NFLlib. https://github.com/CryptoExperts/FVNFLlib. CryptoExperts.Google Scholar
Craig Gentry. 2009. Fully homomorphic encryption using ideal lattices. In 41st Annual ACM Symposium on Theory of Computing, Michael Mitzenmacher (Ed.). ACM Press, Bethesda, MD, USA, 169--178. https: //doi.org/10.1145/1536414.1536440Google ScholarDigital Library
Craig Gentry and Shai Halevi. 2011. Implementing gentry's fullyhomomorphic encryption scheme. In Annual international conference on the theory and applications of cryptographic techniques. Springer, 129--148.Google Scholar
Ran Gilad-Bachrach, Nathan Dowlin, Kim Laine, Kristin Lauter, Michael Naehrig, and John Wernsing. 2016. CryptoNets: Applying neural networks to encrypted data with high throughput and accuracy. In International Conference on Machine Learning. 201--210.Google ScholarDigital Library
Shai Halevi, Yuriy Polyakov, and Victor Shoup. 2019. An Improved RNS Variant of the BFV Homomorphic Encryption Scheme. In Topics in Cryptology -- CT-RSA 2019 (Lecture Notes in Computer Science), Mitsuru Matsui (Ed.), Vol. 11405. Springer, Heidelberg, Germany, San Francisco, CA, USA, 83--105. https://doi.org/10.1007/978--3-030--12612--4_5Google Scholar
Shakirah Hashim and Mohammed Benaissa. 2018. Accelerating Integer Based Fully Homomorphic Encryption Using Frequency Domain Multiplication. In International Conference on Information and Communications Security. Springer, 161--176.Google Scholar
Jay Heiser and Mark Nicolett. 2008. Assessing the security risks of cloud computing. Gartner report 27 (2008), 29--52.Google Scholar
Cedric Jayet-Griffon, M-A Cornelie, Paolo Maistri, PH Elbaz-Vincent, and Régis Leveugle. 2015. Polynomial multipliers for fully homomorphic encryption on FPGA. In 2015 International Conference on ReConFigurable Computing and FPGAs (ReConFig). IEEE, 1--6.Google ScholarCross Ref
Xiaoqian Jiang, Miran Kim, Kristin E. Lauter, and Yongsoo Song. 2018. Secure Outsourced Matrix Computation and Application to Neural Networks. In ACM CCS 2018: 25th Conference on Computer and Communications Security, David Lie, Mohammad Mannan, Michael Backes, and XiaoFeng Wang (Eds.). ACM Press, Toronto, ON, Canada, 1209-- 1222. https://doi.org/10.1145/3243734.3243837Google ScholarDigital Library
Alhassan KHEDR and Glenn Gulak. 2019. Homomorphic processing unit (HPU) for accelerating secure computations under homomorphic encryption. US Patent App. 10/298,385.Google Scholar
Alhassan Khedr, Glenn Gulak, and Vinod Vaikuntanathan. 2016. SHIELD: Scalable Homomorphic Implementation of Encrypted Data- Classifiers. IEEE Trans. Comput. 65, 9 (Sep. 2016), 2848--2858. https: //doi.org/10.1109/TC.2015.2500576Google ScholarDigital Library
Andrey Kim, Yongsoo Song, Miran Kim, Keewoo Lee, and Jung Hee Cheon. 2018. Logistic regression model training based on the approximate homomorphic encryption. BMC Medical Genomics 11, 4 (11 Oct 2018), 83. https://doi.org/10.1186/s12920-018-0401--7Google Scholar
Patrick Longa and Michael Naehrig. 2016. Speeding up the Number Theoretic Transform for Faster Ideal Lattice-Based Cryptography. In CANS 16: 15th International Conference on Cryptology and Network Security (Lecture Notes in Computer Science), Sara Foresti and Giuseppe Persiano (Eds.), Vol. 10052. Springer, Heidelberg, Germany, Milan, Italy, 124--139. https://doi.org/10.1007/978--3--319--48965-0_8Google ScholarDigital Library
Adriana López-Alt, Eran Tromer, and Vinod Vaikuntanathan. 2012. On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption. In 44th Annual ACM Symposium on Theory of Computing, Howard J. Karloff and Toniann Pitassi (Eds.). ACM Press, New York, NY, USA, 1219--1234. https://doi.org/10.1145/2213977. 2214086Google ScholarDigital Library
Vincent Migliore, Cédric Seguin, Maria Méndez Real, Vianney Lapotre, Arnaud Tisserand, Caroline Fontaine, Guy Gogniat, and Russell Tessier. 2017. A high-speed accelerator for homomorphic encryption using the karatsuba algorithm. ACM Transactions on Embedded Computing Systems (TECS) 16, 5s (2017), 138.Google ScholarDigital Library
Ciara Moore, Máire O'Neill, Neil Hanley, and Elizabeth O'Sullivan. 2014. Accelerating integer-based fully homomorphic encryption using Comba multiplication. In 2014 IEEE Workshop on Signal Processing Systems (SiPS). IEEE, 1--6.Google ScholarCross Ref
nuFHE NuCypher. nuFHE. https://github.com/nucypher/nufhe.Google Scholar
Erdinç Öztürk, Yark?n Doröz, Erkay Sava?, and Berk Sunar. 2016. A custom accelerator for homomorphic encryption applications. IEEE Trans. Comput. 66, 1 (2016), 3--16.Google ScholarDigital Library
Erdinç Öztürk, Yarkin Doröz, Berk Sunar, and Erkay Savas. 2015. Accelerating Somewhat Homomorphic Evaluation using FPGAs. IACR Cryptology ePrint Archive 2015 (2015), 294.Google Scholar
Thomas Pöppelmann, Michael Naehrig, Andrew Putnam, and Adrian Macias. 2015. Accelerating homomorphic evaluation on reconfigurable hardware. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 143--163.Google ScholarCross Ref
Sujoy Sinha Roy, Kimmo Järvinen, Frederik Vercauteren, Vassil Dimitrov, and Ingrid Verbauwhede. 2015. Modular hardware architecture for somewhat homomorphic function evaluation. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 164--184.Google Scholar
Sujoy Sinha Roy, Kimmo Järvinen, Jo Vliegen, Frederik Vercauteren, and Ingrid Verbauwhede. 2018. HEPCloud: An FPGA-based multicore processor for FV somewhat homomorphic function evaluation. IEEE Trans. Comput. 67, 11 (2018), 1637--1650.Google Scholar
Sujoy Sinha Roy, Furkan Turan, Kimmo Jarvinen, Frederik Vercauteren, and Ingrid Verbauwhede. 2019. FPGA-Based High-Performance Parallel Architecture for Homomorphic Computing on Encrypted Data. In 2019 IEEE International Symposium on High Performance Computer Architecture (HPCA). IEEE, 387--398.Google Scholar
SEAL [n.d.]. Microsoft SEAL (release 2.3). https://github.com/ Microsoft/SEAL. Microsoft Research, Redmond, WA.Google Scholar
SEAL 2019. Microsoft SEAL (release 3.3). https://github.com/Microsoft/ SEAL. Microsoft Research, Redmond, WA.Google Scholar
Subashini Subashini and Veeraruna Kavitha. 2011. A survey on security issues in service delivery models of cloud computing. Journal of network and computer applications 34, 1 (2011), 1--11.Google ScholarDigital Library
WeiWang, Zhilu Chen, and Xinming Huang. 2014. Accelerating leveled fully homomorphic encryption using GPU. In 2014 IEEE International Symposium on Circuits and Systems (ISCAS). IEEE, 2800--2803.Google Scholar
Wei Wang, Yin Hu, Lianmu Chen, Xinming Huang, and Berk Sunar. 2012. Accelerating fully homomorphic encryption using GPU. In 2012 IEEE conference on high performance extreme computing. IEEE, 1--5.Google ScholarCross Ref
Wei Wang, Yin Hu, Lianmu Chen, Xinming Huang, and Berk Sunar. 2013. Exploring the feasibility of fully homomorphic encryption. IEEE Trans. Comput. 64, 3 (2013), 698--706.Google ScholarCross Ref
Wei Wang and Xinming Huang. 2013. FPGA implementation of a large-number multiplier for fully homomorphic encryption. In 2013 IEEE International Symposium on Circuits and Systems (ISCAS2013). IEEE, 2589--2592.Google ScholarCross Ref
Wei Wang, Xinming Huang, Niall Emmart, and Charles Weems. 2013. VLSI design of a large-number multiplier for fully homomorphic encryption. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 22, 9 (2013), 1879--1887.Google ScholarCross Ref

Index Terms

HEAX: An Architecture for Computing on Encrypted Data
1. Hardware
2. Security and privacy

Recommendations

A Survey on Homomorphic Encryption Schemes: Theory and Implementation

Legacy encryption systems depend on sharing a key (public or private) among the peers involved in exchanging an encrypted message. However, this approach poses privacy concerns. The users or service providers with the key have exclusive rights on the ...
Read More
Efficient fully homomorphic encryption with circularly secure key switching process

Fully homomorphic encryption (FHE) has important applications in cloud computing. However, almost all fully homomorphic encryption schemes share two common flaws that they all use large-scale secret keys and some operations are inefficient. In this paper,...
Read More
Improved Integer-wise Homomorphic Comparison and Division based on Polynomial Evaluation
ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security

Fully homomorphic encryption (FHE) is a promising tool for privacy-preserving applications, and it enables us to perform homomorphic addition and multiplication on FHE ciphertexts without decrypting them. FHE has two types: one supporting the exact ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ASPLOS '20: Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems
March 2020
1412 pages
ISBN:9781450371025
DOI:10.1145/3373376
General Chair:
James Larus
EPFL
,
Program Chairs:
Luis Ceze
University of Washington
,
Karin Strauss
Microsoft
Copyright © 2020 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 13 March 2020
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
fhe
fpgas
fully homomorphic encryption
hardware architecture
privacy
security
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate535of2,713submissions,20%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 125
  Total Citations
  View Citations
- 4,315
  Total Downloads
- Downloads (Last 12 months)1,165
- Downloads (Last 6 weeks)174
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HEAX: An Architecture for Computing on Encrypted Data

ASPLOS '20: Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems

ABSTRACT

References

Cited By

Index Terms

Recommendations

A Survey on Homomorphic Encryption Schemes: Theory and Implementation

Efficient fully homomorphic encryption with circularly secure key switching process

Improved Integer-wise Homomorphic Comparison and Division based on Polynomial Evaluation