On the Feasibility and Impact of Standardising Sparse-secret LWE Parameter Sets for Homomorphic Encryption

Curtis, Benjamin R.; Player, Rachel

doi:10.1145/3338469.3358940

Cited by 26 publications

(32 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This can be particularly important when using homomorphic encryption in low-latency applications, where communication complexity quickly becomes a bottleneck. 2 25 2 14 130 520 2 3 2 26 2 14 135 540 2 4 2 27 2 14 140 560 2 5 2 28 2 14 145 580 2 6 2 29 2 14 150 600 2 7 2 30 2 14 155 620 2 8 2 31 2 14 160 640 2 9 2 32 2 14 165 660 2 10 2 33 2 14 170 680…”

Section: Discussionmentioning

confidence: 99%

“…For all the implemented schemes we found minimal encryption parameters that support both correct computation of the above functions and a security level of at least 128 bits. To achieve this security level we set the parameters of the original HEAAN scheme according to the recent recommendations for sparsesecret RLWE [8]. Namely, we set the sparsity parameter h = 128.…”

Section: Practical Comparison With Heaanmentioning

confidence: 99%

See 1 more Smart Citation

When HEAAN Meets FV: A New Somewhat Homomorphic Encryption with Reduced Memory Overhead

Chen

Iliashenko

Laine

2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

We demonstrate how to reduce the memory overhead of somewhat homomorphic encryption (SHE) while computing on numerical data. We design a hybrid SHE scheme that exploits the packing algorithm of the HEAAN scheme and the variant of the FV scheme by Bootland et al. The ciphertext size of the resulting scheme is 3-18 times smaller than in HEAAN to compute polynomial functions of depth 4 while packing a small number of data values. Furthermore, our scheme has smaller ciphertexts even with larger packing capacities (256-2048 values).

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Practical Comparison With Heaanmentioning

confidence: 99%

When HEAAN Meets FV: A New Somewhat Homomorphic Encryption with Reduced Memory Overhead

Chen

Iliashenko

Laine

2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Despite such limitations, generalized key-switching is used to acquire more multiplicative levels. The security level of HE is roughly decided by N and (α+L+1), which increases as N gets larger or (α + L + 1) gets smaller [25]. Recent HE studies [13], [54], [56] and libraries [29], [65] typically target a security level of 128 bits.…”

Section: Primitive He Ops In Ckksmentioning

confidence: 99%

ARK: Fully Homomorphic Encryption Accelerator with Runtime Data Generation and Inter-Operation Key Reuse

Kim¹,

Lee²,

Kim³

et al. 2022

Preprint

View full text Add to dashboard Cite

Homomorphic Encryption (HE) is one of the most promising post-quantum cryptographic schemes which enable privacy-preserving computation on servers. However, noise accumulates as we perform operations on HE-encrypted data, restricting the number of possible operations. Fully HE (FHE) removes this restriction by introducing the bootstrapping operation, which refreshes the data; however, FHE schemes are highly memory-bound. Bootstrapping, in particular, requires loading GBs of evaluation keys and plaintexts from off-chip memory, which makes FHE acceleration fundamentally bottlenecked by the off-chip memory bandwidth.We propose ARK, an Accelerator for FHE with Runtime data generation and inter-operation Key reuse. ARK enables practical FHE workloads with a novel algorithm-hardware codesign to accelerate bootstrapping. We first eliminate the off-chip memory bandwidth bottleneck through runtime data generation and inter-operation key reuse. This approach enables ARK to fully exploit on-chip memory by a substantial reduction in the working set size. On top of such algorithmic innovations, we build ARK microarchitecture that minimizes on-chip data movement through an efficient, alternating data distribution policy based on the data access patterns and a streamlined dataflow organization of the tailored functional units -including base conversion, number-theoretic transform, and automorphism units. Overall, our co-design effectively handles the heavy computation and data movement overheads of FHE, drastically reducing the cost of HE operations including bootstrapping.

show abstract

“…A prior study, F1 [66], provided a substandard [4] level of security under 80 bits for CKKS bootstrapping and used smaller cts which simplifies the microarchitecture. λ is a strictly increasing function of N /log P Q [29].…”

Section: E Modern Algorithmic Optimizations In Ckks and T Multa/slotmentioning

confidence: 99%

“…2 reports the results. The x-axis shows λ based on N /log P Q [29], calculated using an estimation tool [68]. The y-axis shows T mult,a/slot for different N 's, L's, and dnums.…”

Section: Desirable Target Parameter Sets For He Acceleratorsmentioning

confidence: 99%

BTS: An Accelerator for Bootstrappable Fully Homomorphic Encryption

Kim,

Kim

et al. 2021

Preprint

View full text Add to dashboard Cite

Homomorphic encryption (HE) enables secure offloading of computation to the cloud by providing computation on encrypted data (ciphertexts). HE is based on noisy encryption schemes such that noise accumulates as we apply more computation to the data. The limited number of operations applicable to the data prevents practical applications from exploiting HE. Bootstrapping enables an unlimited number of operations or fully HE (FHE) by refreshing the ciphertext. Unfortunately, bootstrapping requires a significant amount of additional computation and memory bandwidth. Prior works have proposed hardware accelerators for computation primitives of FHE. However, to the best of our knowledge, this is the first to propose a hardware FHE accelerator tailored to support bootstrapping efficiently.In particular, we propose BTS -Bootstrappable, Technologydriven, Secure accelerator architecture for FHE. We identify the challenges of supporting bootstrapping in the accelerator and analyze the off-chip memory bandwidth and computation required. In particular, given the limitations of modern memory technology, we identify the HE parameter sets that are efficient for FHE acceleration. Based on the insights from our analysis, we propose BTS that effectively exploits parallelism innate in HE operations by arranging a massive number of processing elements in a grid. We present the design and microarchitecture of BTS, including the network-on-chip that exploits the deterministic communication pattern. BTS shows 5,556× and 1,306× improved execution time on ResNet-20 and logistic regression over CPU, using 373.6mm 2 chip area and up to 133.8W of power.

show abstract

On the Feasibility and Impact of Standardising Sparse-secret LWE Parameter Sets for Homomorphic Encryption

Cited by 26 publications

References 13 publications

When HEAAN Meets FV: A New Somewhat Homomorphic Encryption with Reduced Memory Overhead

When HEAAN Meets FV: A New Somewhat Homomorphic Encryption with Reduced Memory Overhead

ARK: Fully Homomorphic Encryption Accelerator with Runtime Data Generation and Inter-Operation Key Reuse

BTS: An Accelerator for Bootstrappable Fully Homomorphic Encryption

Contact Info

Product

Resources

About