Formidable Challenges in Hardware Implementations of Fully Homomorphic Encryption Functions for Applications in Machine Learning

Abstract

The concept of homomorphic encryption was introduced almost exactly same time as the first public-key cryptographic algorithm RSA, which was multiplicatively homomorphic. Encryption functions with additive and multiplicative homomorphisms allow us (at least in principle) to compute any function homomorphically, and thus are highly desired. Such encryption functions have applications in healthcare, machine learning and national security. Since the work of Craig Gentry [1], there have been several fully homomorphic encryption proposals, however, their time and space requirements do not give way to acceptably efficient implementations in real-world scenarios. The challenge comes from the fact that, while the encryption, decryption and homomorphic operations are simple arithmetic operations (such as polynomial addition and multiplication), the sizes of operands are beyond the usual operand sizes we have been used to in the standard public-key cryptography. For example, the polynomial operands (representing ciphertexts) used in the BGV algorithm [2] are supposed to have up to 16k terms, with each term up to 1k bits. About 1024-bit message is encrypted into one ciphertext that requires several million bits. In this talk, I will present some of formidable algorithmic and architectural challenges facing FHE implementors.