Why is Fully Homomorphic Encryption (FHE) considered the next Holy Grail of artificial intelligence?

Original author: Advait (Leo) Jayant

Compilation: LlamaC

"Recommended message: Fully Homomorphic Encryption (FHE) is often hailed as the holy grail of cryptography. This article explores the prospects of FHE in the field of artificial intelligence, pointing out the current limitations. It also lists some projects dedicated to using fully homomorphic encryption (FHE) in the field of encryption for AI applications. For Crypto enthusiasts, this article provides an in-depth understanding of Fully Homomorphic Encryption. Enjoy!"

Main text👇

A wants highly personalized recommendations on Netflix and Amazon. B doesn't want Netflix or Amazon to know their preferences.

In today's digital age, we enjoy the convenience of personalized recommendations brought by services such as Amazon and Netflix, which accurately cater to our interests. However, the increasing encryption of these platforms into our private lives is causing more and more unease. We long for customized services without sacrificing privacy. In the past, this seemed like a paradox: how to achieve personalization without sharing a large amount of personal data with cloud-based AI systems. Fully Homomorphic Encryption (FHE) provides a solution that allows us to have the best of both worlds.

Artificial Intelligence as a Service (AIaaS)

Artificial intelligence (AI) now plays a key role in tackling complex challenges in a long list of fields, including computer vision, natural language processing (NLP), and recommendation systems. However, the development of these AI models has brought significant challenges to ordinary users:

1. Data Volume: Building accurate models often requires massive datasets, sometimes even reaching the scale of tens of trillions of bytes.

2. Computing Power: Complex models like the converter require powerful Computing Power of dozens of GPUs, typically running continuously for several weeks.

3. Domain expertise: The fine-tuning of these models requires deep professional knowledge.

These obstacles make it difficult for most users to independently develop powerful machine learning models.

AI as a service pipeline in practical applications

Entering the era of AI as a Service (AIaaS), this model overcomes the above obstacles by providing cloud services managed by technology giants (including FAANG members), allowing users to access the most advanced neural network models. Users only need to upload the original data to these platforms, and the data will be processed on the platform to generate insightful inference results. AIaaS effectively popularizes the right to use high-quality machine learning models, opening advanced AI tools to a wider audience. However, unfortunately, today's AIaaS sacrifices our privacy while bringing these conveniences.

Data Privacy in Artificial Intelligence as a Service

Currently, data is only encrypted during transmission from the client to the server. The server is able to access the input data and predictions made based on that data.

In the AI as a Service process, the server is able to access input and output data. This situation makes it complicated for ordinary users to share sensitive information (such as medical and financial data). Regulations like GDPR and CCPA exacerbate these concerns, as they require users to explicitly consent before data is shared, and ensure that users have the right to understand how their data is being used. GDPR further stipulates the encryption and protection of data during transmission. These regulations establish strict standards to ensure the privacy and rights of users, advocating for clear transparency and control over personal information. In light of these requirements, we must develop strong privacy mechanisms in the AI as a Service (AIaaS) process to maintain trust and compliance.

FHE solves the problem

By encrypting a and b, we can ensure the confidentiality of the input data.

Fully Homomorphic Encryption (FHE) provides a solution to the privacy issues associated with data in cloud computing. The FHE scheme supports operations such as addition and multiplication on ciphertexts. The concept is simple: the sum of two encryption values equals the encryption result of the sum, and the same applies to multiplication.

In actual operation, the working principle is as follows: the user performs addition operation on the local Plaintext values 𝑎 and 𝑏. Then, the user encrypts 𝑎 and 𝑏, and sends the Ciphertext to the cloud server. The server is able to perform addition operation on the encrypted values (homomorphically) and return the result. The result decrypted from the server will be consistent with the local Plaintext addition result of 𝑎 and 𝑏. This process ensures data privacy while allowing computation in the cloud.

Depth Neural Network (DNN) based on fully homomorphic encryption

In addition to basic addition and multiplication operations, significant progress has been made in the use of Fully Homomorphic Encryption (FHE) for neural network processing in AI as a service workflows. In this context, users can encrypt the original input data into Ciphertext, and only transmit these encrypted data to the cloud server. The server then performs homomorphic calculations on these Ciphertext, generates encrypted outputs, and returns them to the user. The key is that only the user holds the Private Key, enabling them to decrypt and access the results. This establishes an end-to-end FHE encryption data flow, ensuring the privacy and security of user data throughout the process.

Neural networks based on fully homomorphic encryption provide significant flexibility to users in AI-as-a-service. Once the Ciphertext is sent to the server, users can go offline as there is no need for frequent communication between the client and server. This feature is particularly advantageous for internet of things devices, which often operate under constraints where frequent communication is impractical.

However, it is worth noting the limitations of fully Homomorphic Encryption (FHE). Its computation overhead is huge; FHE schemes are inherently time-consuming, complex, and resource-intensive. In addition, FHE currently struggles to effectively support non-linear operations, posing a challenge for the implementation of neural networks. This limitation may impact the accuracy of neural networks built on FHE, as non-linear operations are crucial for the performance of such models.

The paper "Privacy-Enhanced Neural Network Based on Efficient Fully Homomorphic Encryption for AI as a Service" by K.-Y. Lam, X. Lu, L. Zhang, X. Wang, H. Wang, and S. Q. Goh was published at Nanyang Technological University (Singapore) and Chinese Academy of Sciences (China).

(Lam et al., 2024) described a privacy-enhanced neural network protocol for AI as a service. The protocol first defines the parameters of the input layer using Learning With Errors (LWE). LWE is an encryption primitive used to protect data through encryption, allowing for computation on encrypted data without the need for decryption. For the hidden output layer, the parameters are defined using Ring Learning With Errors (RLWE) and Ring GSW (RGSW), two advanced encryption techniques that extend LWE to achieve more efficient encryption operations.

The public parameters include the decomposition basis 𝐵 and 𝐵𝐾𝑆. Given an input vector 𝑥 of length 𝑁, a set of 𝑁 LWE Ciphertexts (𝑎𝑖,𝑏𝑖) is generated for each element 𝑥[𝑖] using LWE Private Key 𝑠. The evaluation Secret Key about 𝑠 is used to generate 𝑥[𝑖]>0 and 𝑥[𝑖]<0 for indexing. In addition, a set of LWE Switching Secret Keys is set up for 𝐵. These Secret Keys support efficient switching between different encryption schemes.

The input layer is designated as the 0th layer, and the output layer is the 𝐿th layer. For each layer 𝑙 from 1 to 𝐿, the number of neurons is 𝐻𝑙, which is determined in the 0th layer. The weight matrix 𝑊𝑙 and the bias vector 𝛽𝑙 are defined starting from the 0th layer and are accumulated on the 0th layer. For each neuron ℎ from 0 to 𝐻𝑙−1, the LWE Ciphertext from the 𝑙−1 layer is evaluated under Homomorphic Encryption. This means that the computation is performed on encrypted data to compute the linear function in ℎ. The 𝑙-th neuron in the layer combines the weight matrix and the bias vector. Subsequently, a lookup table (LUT) is evaluated in ℎ. After the operation is performed for the -th neuron, and the switch from 𝑛′ to a smaller 𝑛 is executed, the result is rounded and rescaled. The result is included in the LWE Ciphertext set of the 𝑙th layer.

Finally, the protocol returns the LWE Ciphertext to the user. The user can then decrypt all the Ciphertext using Private Key 𝑠 to find the inference result.

This protocol efficiently achieves privacy-preserving neural network inference by utilizing Fully Homomorphic Encryption (FHE) technology. FHE allows for computation on encrypted data without revealing the data itself to processing servers, ensuring data privacy while providing the advantages of AI as a service.

Application of Fully Homomorphic Encryption in AI

FHE (Fully Homomorphic Encryption) makes it possible to perform secure computations on encrypted data, opening up numerous new application scenarios while ensuring data privacy and security.

Consumer Privacy in Advertising: (Armknecht et al., 2013) proposed an innovative recommendation system that utilizes fully Homomorphic Encryption (FHE). This system can provide personalized recommendations to users while ensuring complete confidentiality of the recommended content to the system itself. This ensures the privacy of user preference information and effectively solves the major privacy issue in targeted advertising.

Medical applications: (Naehrig et al., 2011) proposed a remarkable scheme for the healthcare industry. They suggested continuously uploading patients' medical data to service providers in the form of fully Homomorphic Encryption (FHE) to ensure the confidentiality of sensitive medical information throughout its entire lifecycle, thereby enhancing patient privacy protection and enabling seamless data processing and analysis by medical institutions.

Data Mining: Mining large datasets can yield significant insights, but often at the cost of user privacy. (Yang, Zhong, and Wright, 2006) This problem is addressed by applying function encryption in the context of fully Homomorphic Encryption (FHE). This approach enables the extraction of valuable information from massive datasets without compromising the security of individual privacy of the mined data.

Financial Privacy: Imagine a scenario where a company has sensitive data and proprietary algorithms that must be kept confidential. (Naehrig et al., 2011) It is recommended to use Homomorphic Encryption to address this issue. By applying Fully Homomorphic Encryption (FHE), the company can perform necessary calculations on encrypted data without exposing the data or algorithms, thus ensuring the protection of financial privacy and intellectual property.

Forensic Image Recognition: (Bosch et al., 2014) describes a method for outsourcing forensic image recognition using fully Homomorphic Encryption (FHE). This technology is particularly beneficial to law enforcement agencies. By applying FHE, the police and other agencies can detect illegal images on hard drives without exposing the image content, thus protecting the integrity and confidentiality of data in investigations.

From advertising and healthcare to data mining, financial security, and law enforcement, fully Homomorphic Encryption is expected to completely change the way we handle sensitive information in various fields. As we continue to develop and refine these technologies, the importance of protecting privacy and security in an increasingly data-driven world cannot be overstated.

Limitations of Fully Homomorphic Encryption (FHE)

Despite the potential, we still need to address some key limitations.

• long User Support: Fully Homomorphic Encryption (FHE) allows for computation on encrypted data, but the complexity increases exponentially when dealing with long users. Typically, each user's data is encrypted using a unique Public Key. Managing these different datasets, especially considering the computational demands of FHE in large-scale environments, becomes impractical. To address this, researchers such as Lopez-Alt et al. proposed the long Secret Key FHE framework in 2013, which enables simultaneous operations on datasets encrypted with different Secret Keys. While this approach shows promise, it introduces additional complexity layers and requires careful coordination in Secret Key management and system architecture to ensure privacy and efficiency.
• Large-scale computation costs: The core of fully homomorphic encryption (FHE) is its ability to perform computations on encrypted data. However, this capability comes with a huge cost. Compared to traditional unencrypted computation, the computational overhead of FHE operations significantly increases. This overhead usually manifests in long polynomial form, but involving high-degree long polynomials exacerbates the running time, making it unsuitable for real-time applications. Hardware acceleration for FHE represents a huge market opportunity, aiming to reduce computational complexity and improve execution speed.
• Finite Operations: Recent advances have indeed expanded the application scope of fully homomorphic encryption, enabling it to support a wider range of operations. However, it is primarily still applicable to linear and long polynomial computations, which is a major limitation for artificial intelligence applications involving complex non-linear models such as Depth neural networks. Efficient execution of the operations required by these AI models remains a significant challenge within the current framework of fully homomorphic encryption. Despite the progress we are making, bridging the gap between the operational capabilities of fully homomorphic encryption and the advanced AI algorithm requirements remains a key barrier that needs to be overcome.

Homomorphic Encryption in the context of encryption and artificial intelligence

Here are some companies dedicated to using Fully Homomorphic Encryption (FHE) for AI applications in the encryption field:

• Zama provides Concrete ML, a trapOpen Source tool designed to simplify the use of fully Homomorphic Encryption (FHE) for data scientists. Concrete ML can transform machine learning models into their homomorphic equivalent forms, enabling confidential computation on encrypted data. Zama's approach allows data scientists to leverage FHE without deep knowledge of cryptography, which is particularly useful in fields such as healthcare and finance where data privacy is critical. Zama's tool facilitates secure data analysis and machine learning while preserving the confidentiality of sensitive information encryption.
• Privasee focuses on building a secure AI computing network. Their platform leverages fully Homomorphic Encryption (FHE) technology, allowing longer to collaborate without leaking sensitive information. By using FHE, Privasee ensures that user data remains in an encryption state throughout the entire AI computing process, thereby protecting privacy and complying with strict data protection regulations such as GDPR. Their system supports various AI models, providing a versatile solution for secure data processing.
• Octra combines cryptocurrency with artificial intelligence to enhance the security of digital transactions and the efficiency of data management. By integrating fully homomorphic encryption (FHE) with machine learning technology, Octra is committed to enhancing the security and privacy protection of decentralized cloud storage. Its platform utilizes blockchain, cryptography, and artificial intelligence technology to ensure that user data is always in an encrypted and secure state. This strategy builds a solid framework for the security of digital transactions and data privacy in the decentralized economy.
• Mind Network combines fully Homomorphic Encryption (FHE) with artificial intelligence to achieve secure encryption computation in the process of artificial intelligence processing, without the need for decryption. This promotes a privacy-protected, Decentralization artificial intelligence environment that seamlessly integrates encryption security with artificial intelligence functionality. This method not only protects the confidentiality of data but also realizes a trustless, Decentralization environment where artificial intelligence operations can be performed without relying on central authorities or exposing sensitive information, effectively combining the encryption strength of FHE with the operational requirements of artificial intelligence systems.

The number of companies operating at the forefront of fully Homomorphic Encryption (FHE), Artificial Intelligence (AI), and the Cryptocurrency field is still limited. This is mainly because effective implementation of FHE requires huge computational expenses, demanding powerful processing capabilities to efficiently perform encryption calculations.

Conclusion

Fully Homomorphic Encryption (FHE) provides a promising approach to enhance privacy in AI by allowing computations on encrypted data without decryption. This capability is particularly valuable in sensitive fields such as healthcare and finance where data privacy is crucial. However, FHE faces significant challenges including high computational overhead and limitations in handling non-linear operations required for deep learning. Despite these obstacles, advancements in FHE algorithms and hardware acceleration are paving the way for more practical applications in AI. The ongoing development in this field holds great potential to enhance secure and privacy-preserving AI services, balancing computational efficiency with robust data protection.