College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
Homomorphic encryption and Private Machine Learning Classification
1. Homomorphic encryption
Featuring
X. Sun, P. Zhang, J. K. Liu, J. Yu and W. Xie, "Private machine learning
classification based on fully homomorphic encryption," in IEEE Transactions
on Emerging Topics in Computing.
THE MAGIC TRICK OF PROCESSING DATA WITHOUT HAVING ACCESS TO IT
By: Mohammed Ali Ashour
Supervised by: Dr. Ashraf Tammam
2. outline
Introduction
ENTERS, Homomorphic Encryption!
Types of homomorphic encryption
Problems and Areas of research
The paper contribution
Re-linearization and modulus switching
Introduction to machine learning
The proposed FHE scheme
The Main Building Blocks
Samples of Implementations of ML algorithms
Results
References
4. What is encryption?
Encryption is a method to convert data to a
secret form that hides all the information’s true
meaning in it
The basic process is pretty simple
You Encrypt the data you want to secure
Send the encrypted data
Receive and decrypt the data
Read it
5. Types of encryption
There are main two types of encryption
Symmetric encryption
Asymmetric encryption (public key encryption)
6. Pretty simple, right?
Encryption as it’s basic function is simple and very useful for transferring the data
from end to end
But, what if we need more!! Nowadays we have more needs concerning data, we
heavily rely on cloud services to apply some computations on our data, what if we
need to secure this data??
7. Assume this scenario
The user
The server
User private data that needs to apply
some functions on it without the service
Know about it
The server who needs to know about the data
To be able to apply the f(x) on it, it noway he can
Open source the f(x) to the users
The result of the function that the user needs
10. Homomorphic encryption
Computing on Encrypted Data
Homomorphic encryption is a form
of encryption that allows computation on cipher texts,
generating an encrypted result which, when decrypted,
matches the result of the operations as if they had been
performed on the plaintext.
In the last example, now using the homomorphic
encryption
The client simply encrypts its input x and sends the
cipher text to the server, who can evaluate the function
f on the encrypted input". The server returns the
evaluated cipher text to the client, who decrypts it and
recovers the result.
12. Partially/Somewhat Homomorphic
You are limited in the kind of operations you can do between to cipher texts
for example :
Multipications
Raw RSA
ElGamal
Additions
Paillier
Goldwasser-Micali
13. Example (RSA) (Multiplicative)
Consider the RSA public-key encryption scheme which
produces cipher texts of the form
𝑪 = 𝒎 𝒆 𝒎𝒐𝒅 𝑵
where m is the message, e is the public key and N is the
product of two primes. Given two encryptions
𝑪 = 𝒎 𝒆
𝒎𝒐𝒅 𝑵 and 𝑪𝟐 = 𝒎𝟐 𝒆
𝒎𝒐𝒅 𝑵
it is easy to compute an encryption of m1×m2 by computing:
𝑪 ∗ 𝑪𝟐 = (𝒎 ∗ 𝒎𝟐) 𝒆 𝒎𝒐𝒅 𝑵
.
F(x)a
a*b
b
F(a)
F(a)*F(b)
F(b)
14. Another example (Paillier) (Additive)
Consider the Paillier public-key encryption scheme which
produces cipher texts of the form
𝑪 = 𝒈 𝒎 𝒎𝒐𝒅 𝑵
where m is the message, g is the public key and N is the
product of two primes. Given two encryptions
𝑪 = 𝒈 𝒎
𝒎𝒐𝒅 𝑵 and 𝑪𝟐 = 𝒈 𝒎𝟐
𝒎𝒐𝒅 𝑵
it is easy to compute an encryption of m1×m2 by computing:
𝑪 ∗ 𝑪𝟐 = 𝒈 𝒎+𝒎𝟐 𝒎𝒐𝒅 𝑵
.
F(x)a
a*b
b
F(a)
F(a)*F(b)
F(b)
15. The fully homomorphic encryption
the holly grail of the cryptography world
You can typically evaluate any kind of operations on cipher texts
E(x) + E(y) = E(x + y)
E(x) * E(y) = E(x * y)
it still under development due to how slow it’s right now!
For example : Craig Gentry’s Fully Homomorphic Encryption Scheme
& The paper’s proposed scheme
16. Fields of research in the FHE area
Speed
As the first issue was the HE facing when it’s first introduces in 2009 that it was a trillion
time slower than computing on the unencrypted data
Storage
The size of the data after and during the encryption
The Depth of the operations that you can do on your data
The more operations you apply on your data , the more noise you add
The limitations of the kind of operations you can apply
Integrating it into the eco-system you use in the servers
17. Real world applications
Out sourcing storage and computations
Enable private query on databases
Used in genomics
Healthcare services
General two-party computations.
18. Tools & Libraries
Helib is a library that implements fully homomorphic encryption and some useful
functions
It acts more like a platform than a library as it gives you some insights on the cost
of the operations you do on your data
It includes the implementation of ring-lwe variant algorithm (FHE algorithm)
It also includes some higher level functions like
Simple Linear functions
Polynomial evaluation
….etc
19. Homomorphic encryption libraries and
frameworks
This tables gives you an idea
of the different libraries and
frameworks that are currently
available
*Table from A Review of Homomorphic Encryption Libraries for Secure Computation
link : arXiv:1812.02428v2
20. The paper section
X. Sun, P. Zhang, J. K. Liu, J. Yu
and W. Xie, "Private machine
learning classification based on
fully homomorphic encryption,"
in IEEE Transactions on
Emerging Topics in Computing.
21. Contribution
This paper proposes
a new technique and a new scheme of the Fully Homomorphic encryption that
designed to be suitable for the Private Machine learning classification task which is
proved to be more efficient than the current ones in
Speed of the process
The size/storage needed
Private Naïve Bayes algorithm implemented using the new scheme
Implementation of private decision tree classification using the new scheme
23. Re-linearization and modulus switching in
a nutshell
Re-linearization : One of the biggest problems of
the HE, especially in the multiplication process is
that it grows rapidally in size as we apply a
function after another, In order to solve this issue,
Brakerski and Vaikuntanathan [BV11a] propose a
dimension reduction technique, which can be
seen as an example of key switching; in the
literature, this procedure is also referred to as
relinearization
Dimension
reduction
Michele Minelli. Fully homomorphic encryption for machine learning. Cryptography and
Security
[cs.CR]. PSL Research University, 2018. English. ffNNT : 2018PSLEE056ff. fftel-
01918263v2ff
24. Re-linearization and modulus switching in
a nutshell
Modulus Switching : the second generation FHE
ciphertexts are vectors in Zq, where q is some
modulus. These ciphertexts contain a certain
amount of noise for security purposes, and
remain decryptable as long as the magnitude of
this noise is below q/4. and as we know,
multiplication will make the modulus go nuts as it
will increase by q ≈ 𝑩 𝟐 𝑳
, so we use modulus
switching to scale the modulus by factor k
after each operation.
Scaling
down the
modulus
Michele Minelli. Fully homomorphic encryption for machine learning. Cryptography and
Security
[cs.CR]. PSL Research University, 2018. English. ffNNT : 2018PSLEE056ff. fftel-
01918263v2ff
26. Cost of the Re-linearization and modulus
switching
Computation and Time intensive
applying Re-linearization and modulus switching after every operation is a huge
headache and time consuming
Needs powerful computers to calculate
A lot of research (like ours) are trying to minimize this time consumption as possible
27. Key changes
This scheme has key changes comparing with the HELIB
In Helib, the re-linearization technique is taken after the modulus switching in each
multiplicative homomorphic
In our scheme, we first use the re-linearization technique to reduce the size of the
multiplicative ciphertext, then the modulus switching technique is used to reduce the
multiplicative ciphertext’s modulus and decryption noise.
Also
we need no techniques of relinearization and modulus switching if there is additive
homomorphic or no homomorphic operation in the multiplicative ciphertext’s next
homomorphic operation, while techniques of relinearization and modulus switching are
used in HElib’s every multiplicative homomorphic.
29. Machine learning
Machine learning is an application of artificial
intelligence (AI) that provides systems the ability to
automatically learn and improve from
experience/data without being explicitly
programmed.
32. The improved FHE scheme
setup
Computes
some
required
parameters
for the key
generation
step
KeyGen
Generates the
encryption
key (public
and secret
key) Encrypt
Convert the
message to a
cipher text
Add
Computes the
addition of
the
homomorphic
items
Multiply
Computes the
multiplication
of the
homomorphic
items
Decrypt
Converts the
Cipher text to
the original
message
33. warning
You will face a lot of computations here, try to deal with it right now as black
boxes and focus to grasp the main concept mainly, you can always go back to
the main equations later!
34. The improved FHE scheme
setup
• We start with 2 main inputs
- security parameter λ
- level L.
KeyGen
• b = [−(a·s+t·e)]qj
e = error term,
t = plain text modulus
• wj = (bj, aj), where bj = [−aj · s+ t · ej − p · s2]p·qj
• pk = (b, a,(wj)j=0,1,··· ,L−1)
• Sk = s which we chose randomly at first
Encrypt
• C = ([m + b · u + t · e1]qj , [a · u + t · e2]qj)
Add (elementwise)
• Suppose two ciphertexts c′ = (c′ 0, c′ 1, · · · , c′ r) and c′′ = (c′′ 0, c′′
1, · · · , c′′ k) are under the same secret key, r ≤ k, where r, k ∈ {1,2}.
Output the additive ciphertext
• cfresh = ([c′ 0 + c′′ 0]qj ,[c′ 1 + c′′ 1]qj , · · · ,[c′ r + c′′ r]qj , c′′ j+1, · ·
· , c′′ k), where j ∈ [0, L − 1]
Multiply
• c0 = [c′ 0 · c′′ 0]qj ,
• c1 = [c′ 0 · c′′ 1 + c′ 1 · c′′ 0]qj ,
• c2 = [c′ 1 · c′′ 1]qj .
• Then you apply the re-linearization to reduce the resulted cipher
text to the smaller size, we compute the c* as follows
•c∗0 = [p · c0 + c2 · wj,0]p·qj ,
•c∗1 = [p · c1 + c2 · wj,1]p·qj .
Decrypt
• m = [[cfresh,0 + cfresh,1 · s + · · · + cfresh,k · sk]qj]t
36. Building blocks
SIMD (Single instruction multiple data) :
Converting long plaintexts into multiple small plaintext and then apply the SIMD to
convert them into cypher texts
Using SIMD we avoid the long time that will be taken to encode, encrypt, and decrypt
long complex plaintexts
37. Building blocks
Encoding rational numbers:
In real ML classification projects, we deal with rational
numbers, but in the existing FHE schemes, they only
support operating on integers, so, we needed to make a
bridge between rational numbers and the integers, and
the simplest way for that is to multiply them by a fixed
power of B where (B>=2), for ex: 𝑩 𝟐
, not affecting the
rational number precession
To make it more efficient, a technique of fractional
encoder is used to avoid the need to scaling down each
time we make an operation
Rational
number
to Integer
38. Building blocks
Homomorphic Comparison protocol:
Comparing 2 values with each others is something we want to be able
to do on our cipher texts before decrypting them in our private
classification task
If we assume that Given c0, c1 and ct, which are ciphertexts of
plaintext m0 ,m1 and t encrypted by our FHE scheme, respectively,
where t is the plaintext modulus. Then, c0 and c1 are stored on the
cloud server. Only the user has the secret key.
To make it more efficient, a technique of fractional encoder is used to
avoid the need to scaling down each time we make an operation
39. Building blocks
Homomorphic Maximum protocol:
In machine learning classification we will need to find the
maximum of a group of output so we know which class is the
mostly the one.
Using the Homomorphic comparison and SIMD you can get the
maximum element of a group of class predictions
41. The Implementation of Private machine
learning classification
Private hyperplane decision based classification
Private naïve Bayes classification
42. Private hyperplane decision based
classification (linear classification)
User have the data 𝑋 and the weights 𝑊𝑖
Both 𝑋 and 𝑊𝑖 are encrypted by the user
The user is the only one who owns the private key to
decrypt the data
The encrypted data of 𝑋 and 𝑊𝑖 is stored on the cloud
server
The server applies the ML algorithm on the data and
then apply the maximum protocol on the output to
return the most predicted class
43. Private Naïve Bayes classification
First how naïve Bayes works?
Assume that y is the class that we need to know the
probability of it happening given that x happened
The user needs to provide the probability of x happening
for each class in encrypted form
Then the server computes it, get the max probability and
send it back
47. So, let’s wrap things up
What we have learned so far?
Homomorphic encryption and it’s types
Problems of HE and area of research
Libraries and frameworks for the FHE
The new scheme proposed by the paper
The re-linearization and modulus switching operations
How you can apply the FHE concept on the ML algorithms
48. Resources
X. Sun, P. Zhang, J. K. Liu, J. Yu and W. Xie, "Private machine learning classification
based on fully homomorphic encryption," in IEEE Transactions on Emerging
Topics in Computing.
A Review of Homomorphic Encryption Libraries for Secure Computation
link : arXiv:1812.02428v2
Michele Minelli. Fully homomorphic encryption for machine learning.
Cryptography and Security [cs.CR]. PSL Research University, 2018. English. ffNNT :
2018PSLEE056ff. fftel-01918263v2ff
Homomorphic Encryption by Shai Halevi (IBM Research) April 2017