Tutorial and Practices on Homomorphic Data Analysis with HEaaN is an affiliated event (tutorial) in Eurocrypt 2023.
Homomorphic Encryption (HE) is a cryptographic scheme allowing arbitrary computations over encrypted data. It has been known to provide a perfect protection for data in use as well as data at rest and data in transit, because with HE, encrypted data can be analyzed without decryption. HE is selected among 5 Impactful Technologies from the Gartner Emerging Technologies and Trends Impact Radar for 2022, saying "HE will be a core technology for many future SaaS offerings to ensure the protection and privacy of data between third-party data processing and analytics providers". It is well known that HE has some performance issues, but as HE technologies have evolved rapidly, we can say that HE is practical now.
Gartner’s description on homomorphic encryption (https://www.gartner.com/en/articles/5-impactful-technologies-from-the-gartner-emerging-technologies-and-trends-impact-radar-for-2022)
In the CKKS homomorphic encryption scheme, one can encrypt real or complex number data, unlike other HE schemes. Dealing with real/complex numbers, CKKS scheme is renowned for being the most suitable FHE scheme to do real world data analyses. CryptoLab provides the fastest and the most reliable implementation, HEaaN, for the CKKS scheme.
HEaaN is a C++ library facilitating homomorphic encryption, decryption and key generation, along with fundamental homomorphic evaluations such as addition, multiplication and rotation. Beginning with a reference implementation of the CKKS scheme, HEaaN has been evolving, to improve its performance and to incorporate most up-to-date research results into the library.
When doing homomorphic computations, one of important things is to set up encryption parameters; they decide the security level of the ciphertext and the secret key and they make a huge impact on performance. The bootstrapping, a homomorphic circuit that enables an indefinite number of homomorphic multiplications, needs a lot of fine-tuning on the parameters. Users of HEaaN can enjoy predefined parameter presets for each situation of homomorphic computation, already fine-tuned and optimized for the users.
Performance-wise, HEaaN supports an exquisite CPU-implementation, making use of many technological advances of the CPUs such as Intel(R) AVX2/AVX512. HEaaN also provides a GPU-accelerated version of the library.
Benchmark results comparing HEaaN with two open source libraries ‘P’ and ‘S’. Measured using HEBench platform. Environment: Intel(R) Xeon(R) Gold 6242 CPU (2.8GHz) with 512GiB Memory.
Benchmark results comparing the GPU-accelerated HEaaN with CPU-only HEaaN. Some operations in the GPU side are too fast to be properly displayed in the chart. Environment: Intel(R) Xeon(R) Gold 6242 CPU (2.8 GHz) with Nvidia(R) Quadro RTX 6000 Graphic.
The bootstrapping operation is one of the key operations in CKKS HE scheme, as it is required to run after certain number of multiplication operations, to make the entire scheme “full” in the sense of “fully homomorphic encryption”. The following is a comparison for the bootstrapping operation in Lattigo and HEaaN. As you can see, the baseline single-threaded CPU implementation of HEaaN is already quite faster than Lattigo’s. Also HEaaN provides multi-threaded version, and blazingly fast GPU implementation. The running time is measured in one of our development machines, having Intel(R) Xeon(R) Gold 6242 CPU (2.8 GHz) x 64, 512GiB RAM with NVidia(R) Quadro RTX 6000 Graphic card.
| Bootstrapping | logN | Security level | Running time (ms) |
|---|---|---|---|
| Lattigo (CPU, single thread) | 16 | 128 | 29540 |
| HEaaN (CPU, single thread) | 16 | 128 | 19300 |
| HEaaN (CPU, 8 threads) | 16 | 128 | 3920 |
| HEaaN (GPU) | 16 | 128 | 207 |
Here’s a demo video for the bootstrapping operation.