Cryptology ePrint Archive: Report 2019/1066

HEAX: High-Performance Architecture for Computation on Homomorphically Encrypted Data in the Cloud

M. Sadegh Riazi and Kim Laine and Blake Pelton and Wei Dai

Abstract: With the rapid increase in cloud computing, concerns surrounding data privacy, security, and confidentiality also have been increased significantly. Not only cloud providers are susceptible to internal and external hacks, but also in some scenarios, data owners cannot outsource the computation due to privacy laws such as GDPR, HIPAA, or CCPA. Fully Homomorphic Encryption (FHE) is a groundbreaking invention in cryptography that, unlike traditional cryptosystems, enables computation on encrypted data without ever decrypting it. However, the most critical obstacle in deploying FHE at large-scale is the enormous computation overhead.

In this paper, we present HEAX, a novel hardware architecture for FHE that achieves unprecedented performance improvement. HEAX leverages multiple levels of parallelism, ranging from ciphertext-level to fine-grained modular arithmetic level. Our first contribution is a new highly-parallelizable architecture for number-theoretic transform (NTT) which can be of independent interest as NTT is frequently used in many lattice-based cryptography systems. Building on top of NTT engine, we design a novel architecture for computation on homomorphically encrypted data. We also introduce several techniques to enable an end-to-end, fully pipelined design as well as reducing on-chip memory consumption. Our implementation on reconfigurable hardware demonstrates 164-268 performance improvement for a wide range of FHE parameters.

Category / Keywords: implementation / Fully Homomorphic Encryption, Privacy-Preserving Machine Learning, Computing on Encrypted Data, Security, Cloud, High-Performance Architecture

Date: received 19 Sep 2019, last revised 22 Sep 2019

Contact author: sadeghriazi at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20190923:071257 (All versions of this report)

Short URL: ia.cr/2019/1066


[ Cryptology ePrint archive ]