This is an introduction to the field of Homomorphic encryption featuring a paper on making a suitable HE scheme for Private ML classification

1. Homomorphic encryption
Featuring
X. Sun, P. Zhang, J. K. Liu, J. Yu and W. Xie, "Private machine learning
classification based on fully homomorphic encryption," in IEEE Transactions
on Emerging Topics in Computing.
THE MAGIC TRICK OF PROCESSING DATA WITHOUT HAVING ACCESS TO IT
By: Mohammed Ali Ashour
Supervised by: Dr. Ashraf Tammam

2. outline
 Introduction
 ENTERS, Homomorphic Encryption!
 Types of homomorphic encryption
 Problems and Areas of research
 The paper contribution
 Re-linearization and modulus switching
 Introduction to machine learning
 The proposed FHE scheme
 The Main Building Blocks
 Samples of Implementations of ML algorithms
 Results
 References

3. Introduction

4. What is encryption?
 Encryption is a method to convert data to a
secret form that hides all the information’s true
meaning in it
 The basic process is pretty simple
 You Encrypt the data you want to secure
 Send the encrypted data
 Receive and decrypt the data
 Read it

5. Types of encryption
 There are main two types of encryption
 Symmetric encryption
 Asymmetric encryption (public key encryption)

6. Pretty simple, right?
 Encryption as it’s basic function is simple and very useful for transferring the data
from end to end
 But, what if we need more!! Nowadays we have more needs concerning data, we
heavily rely on cloud services to apply some computations on our data, what if we
need to secure this data??

7. Assume this scenario
The user
The server
User private data that needs to apply
some functions on it without the service
Know about it
The server who needs to know about the data
To be able to apply the f(x) on it, it noway he can
Open source the f(x) to the users
The result of the function that the user needs

8. Example
In this
Situation,
normal
encryptions
techniques are
not helpful!!

9. ENTERS,
Homomorphic
Encryption!

10. Homomorphic encryption
Computing on Encrypted Data
 Homomorphic encryption is a form
of encryption that allows computation on cipher texts,
generating an encrypted result which, when decrypted,
matches the result of the operations as if they had been
performed on the plaintext.
 In the last example, now using the homomorphic
encryption
The client simply encrypts its input x and sends the
cipher text to the server, who can evaluate the function
f on the encrypted input". The server returns the
evaluated cipher text to the client, who decrypts it and
recovers the result.

11. Types of homomorphic encryption
 Partially/Somewhat Homomorphic
 Fully Homomorphic

12. Partially/Somewhat Homomorphic
 You are limited in the kind of operations you can do between to cipher texts
for example :
 Multipications
 Raw RSA
 ElGamal
 Additions
 Paillier
 Goldwasser-Micali

13. Example (RSA) (Multiplicative)
 Consider the RSA public-key encryption scheme which
produces cipher texts of the form
𝑪 = 𝒎 𝒆 𝒎𝒐𝒅 𝑵
where m is the message, e is the public key and N is the
product of two primes. Given two encryptions
𝑪 = 𝒎 𝒆
𝒎𝒐𝒅 𝑵 and 𝑪𝟐 = 𝒎𝟐 𝒆
𝒎𝒐𝒅 𝑵
it is easy to compute an encryption of m1×m2 by computing:
𝑪 ∗ 𝑪𝟐 = (𝒎 ∗ 𝒎𝟐) 𝒆 𝒎𝒐𝒅 𝑵
.
F(x)a
a*b
b
F(a)
F(a)*F(b)
F(b)

14. Another example (Paillier) (Additive)
 Consider the Paillier public-key encryption scheme which
produces cipher texts of the form
𝑪 = 𝒈 𝒎 𝒎𝒐𝒅 𝑵
where m is the message, g is the public key and N is the
product of two primes. Given two encryptions
𝑪 = 𝒈 𝒎
𝒎𝒐𝒅 𝑵 and 𝑪𝟐 = 𝒈 𝒎𝟐
𝒎𝒐𝒅 𝑵
it is easy to compute an encryption of m1×m2 by computing:
𝑪 ∗ 𝑪𝟐 = 𝒈 𝒎+𝒎𝟐 𝒎𝒐𝒅 𝑵
.
F(x)a
a*b
b
F(a)
F(a)*F(b)
F(b)

15. The fully homomorphic encryption
the holly grail of the cryptography world
 You can typically evaluate any kind of operations on cipher texts
E(x) + E(y) = E(x + y)
E(x) * E(y) = E(x * y)
it still under development due to how slow it’s right now!
For example : Craig Gentry’s Fully Homomorphic Encryption Scheme
& The paper’s proposed scheme

16. Fields of research in the FHE area
 Speed
 As the first issue was the HE facing when it’s first introduces in 2009 that it was a trillion
time slower than computing on the unencrypted data
 Storage
 The size of the data after and during the encryption
 The Depth of the operations that you can do on your data
 The more operations you apply on your data , the more noise you add
 The limitations of the kind of operations you can apply
 Integrating it into the eco-system you use in the servers

17. Real world applications
 Out sourcing storage and computations
 Enable private query on databases
 Used in genomics
 Healthcare services
 General two-party computations.

18. Tools & Libraries
 Helib is a library that implements fully homomorphic encryption and some useful
functions
 It acts more like a platform than a library as it gives you some insights on the cost
of the operations you do on your data
 It includes the implementation of ring-lwe variant algorithm (FHE algorithm)
 It also includes some higher level functions like
 Simple Linear functions
 Polynomial evaluation
 ….etc

19. Homomorphic encryption libraries and
frameworks
This tables gives you an idea
of the different libraries and
frameworks that are currently
available
*Table from A Review of Homomorphic Encryption Libraries for Secure Computation
link : arXiv:1812.02428v2

20. The paper section
X. Sun, P. Zhang, J. K. Liu, J. Yu
and W. Xie, "Private machine
learning classification based on
fully homomorphic encryption,"
in IEEE Transactions on
Emerging Topics in Computing.

21. Contribution
 This paper proposes
 a new technique and a new scheme of the Fully Homomorphic encryption that
designed to be suitable for the Private Machine learning classification task which is
proved to be more efficient than the current ones in
 Speed of the process
 The size/storage needed
 Private Naïve Bayes algorithm implemented using the new scheme
 Implementation of private decision tree classification using the new scheme

22. Key Changes

23. Re-linearization and modulus switching in
a nutshell
 Re-linearization : One of the biggest problems of
the HE, especially in the multiplication process is
that it grows rapidally in size as we apply a
function after another, In order to solve this issue,
Brakerski and Vaikuntanathan [BV11a] propose a
dimension reduction technique, which can be
seen as an example of key switching; in the
literature, this procedure is also referred to as
relinearization
Dimension
reduction
Michele Minelli. Fully homomorphic encryption for machine learning. Cryptography and
Security
[cs.CR]. PSL Research University, 2018. English. ffNNT : 2018PSLEE056ff. fftel-
01918263v2ff

24. Re-linearization and modulus switching in
a nutshell
 Modulus Switching : the second generation FHE
ciphertexts are vectors in Zq, where q is some
modulus. These ciphertexts contain a certain
amount of noise for security purposes, and
remain decryptable as long as the magnitude of
this noise is below q/4. and as we know,
multiplication will make the modulus go nuts as it
will increase by q ≈ 𝑩 𝟐 𝑳
, so we use modulus
switching to scale the modulus by factor k
after each operation.
Scaling
down the
modulus
Michele Minelli. Fully homomorphic encryption for machine learning. Cryptography and
Security
[cs.CR]. PSL Research University, 2018. English. ffNNT : 2018PSLEE056ff. fftel-
01918263v2ff

25. Combining both techniques
Scaling down the
modulus
(Modulus switching)
Dimension
reduction
(Re-linearization)

26. Cost of the Re-linearization and modulus
switching
 Computation and Time intensive
 applying Re-linearization and modulus switching after every operation is a huge
headache and time consuming
 Needs powerful computers to calculate
 A lot of research (like ours) are trying to minimize this time consumption as possible

27. Key changes
 This scheme has key changes comparing with the HELIB
 In Helib, the re-linearization technique is taken after the modulus switching in each
multiplicative homomorphic
 In our scheme, we first use the re-linearization technique to reduce the size of the
multiplicative ciphertext, then the modulus switching technique is used to reduce the
multiplicative ciphertext’s modulus and decryption noise.
Also
 we need no techniques of relinearization and modulus switching if there is additive
homomorphic or no homomorphic operation in the multiplicative ciphertext’s next
homomorphic operation, while techniques of relinearization and modulus switching are
used in HElib’s every multiplicative homomorphic.

28. Machine learning

29. Machine learning
 Machine learning is an application of artificial
intelligence (AI) that provides systems the ability to
automatically learn and improve from
experience/data without being explicitly
programmed.

30. Machine learning problems
 Classification
 Regression
 Recommendation
 Clustering
 Generative

31. The improved FHE
scheme

32. The improved FHE scheme
setup
Computes
some
required
parameters
for the key
generation
step
KeyGen
Generates the
encryption
key (public
and secret
key) Encrypt
Convert the
message to a
cipher text
Add
Computes the
addition of
the
homomorphic
items
Multiply
Computes the
multiplication
of the
homomorphic
items
Decrypt
Converts the
Cipher text to
the original
message

33. warning
 You will face a lot of computations here, try to deal with it right now as black
boxes and focus to grasp the main concept mainly, you can always go back to
the main equations later!

34. The improved FHE scheme
setup
• We start with 2 main inputs
- security parameter λ
- level L.
KeyGen
• b = [−(a·s+t·e)]qj
e = error term,
t = plain text modulus
• wj = (bj, aj), where bj = [−aj · s+ t · ej − p · s2]p·qj
• pk = (b, a,(wj)j=0,1,··· ,L−1)
• Sk = s which we chose randomly at first
Encrypt
• C = ([m + b · u + t · e1]qj , [a · u + t · e2]qj)
Add (elementwise)
• Suppose two ciphertexts c′ = (c′ 0, c′ 1, · · · , c′ r) and c′′ = (c′′ 0, c′′
1, · · · , c′′ k) are under the same secret key, r ≤ k, where r, k ∈ {1,2}.
Output the additive ciphertext
• cfresh = ([c′ 0 + c′′ 0]qj ,[c′ 1 + c′′ 1]qj , · · · ,[c′ r + c′′ r]qj , c′′ j+1, · ·
· , c′′ k), where j ∈ [0, L − 1]
Multiply
• c0 = [c′ 0 · c′′ 0]qj ,
• c1 = [c′ 0 · c′′ 1 + c′ 1 · c′′ 0]qj ,
• c2 = [c′ 1 · c′′ 1]qj .
• Then you apply the re-linearization to reduce the resulted cipher
text to the smaller size, we compute the c* as follows
•c∗0 = [p · c0 + c2 · wj,0]p·qj ,
•c∗1 = [p · c1 + c2 · wj,1]p·qj .
Decrypt
• m = [[cfresh,0 + cfresh,1 · s + · · · + cfresh,k · sk]qj]t

35. Building Blocks

36. Building blocks
 SIMD (Single instruction multiple data) :
 Converting long plaintexts into multiple small plaintext and then apply the SIMD to
convert them into cypher texts
 Using SIMD we avoid the long time that will be taken to encode, encrypt, and decrypt
long complex plaintexts

37. Building blocks
 Encoding rational numbers:
 In real ML classification projects, we deal with rational
numbers, but in the existing FHE schemes, they only
support operating on integers, so, we needed to make a
bridge between rational numbers and the integers, and
the simplest way for that is to multiply them by a fixed
power of B where (B>=2), for ex: 𝑩 𝟐
, not affecting the
rational number precession
 To make it more efficient, a technique of fractional
encoder is used to avoid the need to scaling down each
time we make an operation
Rational
number
to Integer

38. Building blocks
 Homomorphic Comparison protocol:
 Comparing 2 values with each others is something we want to be able
to do on our cipher texts before decrypting them in our private
classification task
 If we assume that Given c0, c1 and ct, which are ciphertexts of
plaintext m0 ,m1 and t encrypted by our FHE scheme, respectively,
where t is the plaintext modulus. Then, c0 and c1 are stored on the
cloud server. Only the user has the secret key.
 To make it more efficient, a technique of fractional encoder is used to
avoid the need to scaling down each time we make an operation

39. Building blocks
 Homomorphic Maximum protocol:
 In machine learning classification we will need to find the
maximum of a group of output so we know which class is the
mostly the one.
 Using the Homomorphic comparison and SIMD you can get the
maximum element of a group of class predictions

40. Building the private
machine learning
classification

41. The Implementation of Private machine
learning classification
 Private hyperplane decision based classification
 Private naïve Bayes classification

42. Private hyperplane decision based
classification (linear classification)
 User have the data 𝑋 and the weights 𝑊𝑖
 Both 𝑋 and 𝑊𝑖 are encrypted by the user
 The user is the only one who owns the private key to
decrypt the data
 The encrypted data of 𝑋 and 𝑊𝑖 is stored on the cloud
server
 The server applies the ML algorithm on the data and
then apply the maximum protocol on the output to
return the most predicted class

43. Private Naïve Bayes classification
 First how naïve Bayes works?
 Assume that y is the class that we need to know the
probability of it happening given that x happened
 The user needs to provide the probability of x happening
for each class in encrypted form
 Then the server computes it, get the max probability and
send it back

44. Let’s talk results

45. Results and efficiency analysis

46. Results and efficiency analysis

47. So, let’s wrap things up
 What we have learned so far?
 Homomorphic encryption and it’s types
 Problems of HE and area of research
 Libraries and frameworks for the FHE
 The new scheme proposed by the paper
 The re-linearization and modulus switching operations
 How you can apply the FHE concept on the ML algorithms

48. Resources
 X. Sun, P. Zhang, J. K. Liu, J. Yu and W. Xie, "Private machine learning classification
based on fully homomorphic encryption," in IEEE Transactions on Emerging
Topics in Computing.
 A Review of Homomorphic Encryption Libraries for Secure Computation
link : arXiv:1812.02428v2
 Michele Minelli. Fully homomorphic encryption for machine learning.
Cryptography and Security [cs.CR]. PSL Research University, 2018. English. ffNNT :
2018PSLEE056ff. fftel-01918263v2ff
 Homomorphic Encryption by Shai Halevi (IBM Research) April 2017

49. Thank you!