Collaborative Research: SHF: Small: Efficient and Scalable Privacy-Preserving Neural Network Inference based on Ciphertext-Ciphertext Fully Homomorphic Encryption

合作研究：SHF：小型：基于密文-密文全同态加密的高效、可扩展的隐私保护神经网络推理

• 批准号: 2243052
• 负责人: Yingjie Lao
• 金额: $ 27.5万
• 依托单位: Clemson University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-04-01 至 2024-03-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2243052&HistoricalAwards=false
• 关键词: Collaborative; Research; SHF; Small; Efficient

Along with the evolution of artificial intelligence, privacy-preserving machine learning has emerged as an important and promising technique for protecting user-data privacy in cloud applications. Among the existing approaches, fully homomorphic encryption (FHE) based methods allow machine learning algorithms to be computed on encrypted data, while no original data information is leaked. This project addresses ciphertext-ciphertext FHE that preserves the privacy of both the user and model providers. This project aims to improve the hardware efficiency of ciphertext-ciphertext FHE-based neural network inference by orders of magnitude through algorithm-hardware co-optimization. This project yields a novel framework for ensuring the root of trust in cloud computing and cryptosystems to meet the future needs of both commercial products and national defense.This project develops efficient and scalable hardware architectures for privacy-preserving neural network inference based on ciphertext-ciphertext FHE. This project leverages scheme switching - using arithmetic-based schemes for linear functions and Boolean logic-based schemes for non-linear functions - to accelerate the neural network computations. Research thrusts include: a) Designing efficient fundamental hardware building blocks with high scalability over word-length of modulus and degree of polynomial for privacy-preserving neural network, i.e., polynomial multipliers, by employing novel reconfigurable and pipelining framework and exploiting special primes to perform fast modular reduction; b) Further improving the efficiency of polynomial multiplier designs by utilizing a divide and conquer strategy based on a novel parallel filter technique; c) Developing a reconfigurable and neural network friendly FHE architecture using scheme switching; and d) Designing an efficient accelerator of privacy-preserving neural network inference with ciphertext-ciphertext operations via scheme switching that protects the privacy of both the user and model.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

随着人工智能的发展，隐私保护机器学习已成为保护云应用程序中用户数据隐私的重要且有前景的技术。在现有的方法中，基于全同态加密（FHE）的方法允许机器学习算法在加密数据上进行计算，同时不会泄露原始数据信息。该项目致力于保护用户和模型提供者的隐私的密文-密文 FHE。该项目旨在通过算法-硬件协同优化，将基于密文-密文FHE的神经网络推理的硬件效率提高几个数量级。该项目产生了一个新颖的框架，用于确保云计算和密码系统的信任根源，以满足商业产品和国防的未来需求。该项目为基于密文-密文的隐私保护神经网络推理开发高效且可扩展的硬件架构FHE。该项目利用方案切换（针对线性函数使用基于算术的方案，针对非线性函数使用基于布尔逻辑的方案）来加速神经网络计算。研究重点包括： a) 通过采用新颖的可重构和流水线框架并利用特殊素数来执行，设计高效的基础硬件构建块，该构建块在模数字长和多项式次数上具有高可扩展性，用于隐私保护神经网络，即多项式乘法器快速模块化缩减； b) 通过利用基于新型并行滤波器技术的分而治之策略，进一步提高多项式乘法器设计的效率； c) 使用方案切换开发可重构且神经网络友好的 FHE 架构； d) 设计一种通过方案切换进行密文-密文运算的隐私保护神经网络推理的高效加速器，保护用户和模型的隐私。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准。