WTF is FHEML

A bit on FHE first

Fully Homomorphic Encryption (FHE) represents a class of encryption techniques designed to allow meaningful computations to be performed on encrypted data. This means that when the results of such computations are decrypted, they are consistent with the outcomes that would have been obtained if those computations has been performed on the on plaintext, data.

In short

fenc is some homomorphic encryption function

Where

Homomorphic property preserves computation in encrypted space

Within the broader FHE category, We generally see the categorization of FHE schemes into two of three types of FHE schemes which are

• Somewhat Homomorphic Encryption (SHE): Supports a limited number of addition and multiplication operations on ciphertext.
• Fully Homomorphic Encryption (FHE): Supports any number of multiplication and/or addition operations on ciphertext without compromising it’s integrity while decryption.
• Partial Homomorphic Encryption (Partial HE): Supports either addition or multiplication operation on ciphertext, but not both.

Earlier attempts in ML with FHE

The exploration of machine learning (ML) with fully homomorphic encryption (FHE) directly contributes towards privacy preserving computation enablings computations to be performed on encrypted data.

This area has seen several notable contributions, such as that of Lauter’s (2021) exposition on the integration of homomorphic encryption with AI for private training and predictions, highlighting the marriage of cryptography and machine learning to safeguard data privacy while leveraging AI’s power.

Further, the work on privacy-preserving deep neural networks using FHE, as detailed in a study focusing on a hybrid model of FHE and Multi-Party Computation (MPC) for evaluating non-arithmetic functions in ML models, pushes the boundary on maintaining data and model confidentiality during computations.

Graepel, Lauter, and Naehrig’s (2012) seminal paper on ML Confidential introduces the application of somewhat homomorphic encryption to delegate ML computations to compute services securely, enabling confidential ML algorithms that ensure data secrecy. Additionally, research into logistic regression and unsupervised learning algorithms on encrypted data exemplifies the practical application and adaptation of traditional ML methods to operate under encryption constraints, demonstrating the feasibility and efficiency of such approaches in preserving data privacy. These works collectively underscore the critical intersection of machine learning and cryptography, offering a blueprint for future research on secure, privacy-preserving ML algorithms.

Introduction to FHEML

Fully Homomorphic Encryption based Machine Learning (FHEML) is a way where we implement machine learning algorithms that utilize fully homomorphic encryption schemes. It enables computations to be carried out on encrypted data, ensuring the confidentiality of the data which is being processed.

FHEML can be seen as complementary to Zero-Knowledge Machine Learning (ZKML), where the latter focuses on proving the correct execution of machine learning algorithms, while FHEML emphasizes performing computations on encrypted data to maintain data privacy.

The essence of FHEML lies in its ability to enable computations on encrypted data in such a way that, once the computation results are decrypted, they match the results that would have been obtained if the computations had been performed on the original, plaintext data. This capability opens up significant scope for machine learning applications because it allows algorithms to operate on encrypted data without compromising the privacy or security of the data.

It can be visualized as:

computation on encrypted data

FHEML consists of machine learning algorithms that are adapted to work with fully homomorphic encryption schemes. By leveraging these schemes, FHEML opens the door to a wide range of privacy-centric machine learning use cases. At a high level, this includes confidential computing, encrypted training, and private inferences, among others. Such advancements not only enhance data security but also expand the potential applications of machine learning in sensitive and privacy-demanding contexts.

Existing libraries in the direction of FHEML

Few libraries and frameworks towards FHEML, For now there is not set standard for writing FHEML programs but few of the most popular frameworks and libraries for building FHEML programs are:

Concrete-ml is library created by Zama, built on top of their low-level TFHE compiler, Concrete which allows for the compilation of arbitrary python code into FHE circuits, enabling developers to write functions in python which can perform computations over encrypted data.

Concrete-ml enables developers to work with familiar machine learning API (linear models, tree based models, neural network) available in scikit learn or other frameworks, allows for the conversion of PyTorch models into there FHE-compatible versions, stochastic gradient descent based classifiers which can be trained on encrypted data etc . Concrete-ml significantly lowers the barrier to entry for implementing ml operations on encrypted data.

Tenseal, developed by the OpenMined community, Focuses on enabling homomorphic operations on tensors (fundamental units in neural networks and can represent or manipulate data in a variety of forms). Built on top of Microsoft SEAL (Simple Encrypted Arithematic Library), Tenseal provides an efficient, Python-accessible API with underlying operations written in C++ for enhanced performance for enabling HE function on encrypted tensors.

PySyft, is another contribution from OpenMined aimed at secure and private deep learning in Python. It’s built with homomorphic encryption capabilities of Tenseal to enhance its privacy-preserving functionalities. PySyft introduces the CKKS tensor, based on the CKKS homomorphic encryption scheme, enabling operations on real numbers and providing approximate results. This extends beyond homomorphic encryption, It also incorporating secure multiparty computation and differential privacy to offer a comprehensive suite for privacy-preserving machine learning.

TF Encrypted, is a framework designed for encrypted machine learning within the TensorFlow ecosystem. Mimicking the TensorFlow experience, particularly through the Keras API, TF Encrypted facilitates training and prediction on encrypted data. It leverages secure multi-party computation and homomorphic encryption to provide privacy-preserving machine learning capabilities. TF Encrypted aims to democratize encrypted machine learning by making it accessible to those without a deep background in cryptography, distributed systems, or high-performance computing.

Few generic usecase of FHEML

Outsourcing computation

Since, computation occurs over encrypted data now the party which wants the computations to happen can safely share the encrypted form of the data to third party to process.

Encrypted Inferences

It facilitates encrypted inferencing, Where the inference requested by user is not revealed to the models and remain encrypted by default and only the user can decrypt it with their keys.

Encrypted Training Insights

Empower businesses to leverage encrypted forms of sensitive data to train machine learning models and derive insights. This enables organizations to utilize their data for enhancing operations, developing new strategies, and improving decision-making processes, all while ensuring the utmost privacy and security of the data involved.

Disclaimer：

1. This article is reprinted from [Foresightnews]. Forward the Original Title‘速览 Gitcoin 推出的 Allo Protocol：社区赠款计划的协议层基础设施’.All copyrights belong to the original author [Frank, Foresight News]. If there are objections to this reprint, please contact the Gate Learn team, and they will handle it promptly.

2. Liability Disclaimer: The views and opinions expressed in this article are solely those of the author and do not constitute any investment advice.

3. Translations of the article into other languages are done by the Gate Learn team. Unless mentioned, copying, distributing, or plagiarizing the translated articles is prohibited.