Paper 2021/1603

CHEX-MIX: Combining Homomorphic Encryption with Trusted Execution Environments for Two-party Oblivious Inference in the Cloud

Deepika Natarajan, University of Michigan–Ann Arbor
Andrew Loveless, University of Michigan–Ann Arbor
Wei Dai, Microsoft (United States)
Ronald Dreslinski, University of Michigan–Ann Arbor

Data, when coupled with state-of-the-art machine learning models, can enable remarkable applications. But, there exists an underlying tension: users wish to keep their data private, and model providers wish to protect their intellectual property. Homomorphic encryption (HE) and multi-party computation (MPC) techniques have been proposed as solutions to this problem; however, both techniques require model providers to fully trust the server performing the machine learning computation. This limits the scale of inference applications, since it prevents model providers from leveraging shared public cloud infrastructures. In this work, we present CHEX-MIX, a solution to the problem of privacy-preserving machine learning between two mutually distrustful parties in an untrusted cloud setting. CHEX-MIX relies on a combination of HE and trusted execution environments (TEEs), using HE to provide clients with confidentiality guarantees, and TEEs to provide model providers with confidentiality guarantees and protect the integrity of computation from malicious cloud adversaries. Unlike prior solutions to this problem, such as multi-key HE, single-key HE, MPC, or TEE-only techniques, our solution assumes that both the client and the cloud can be malicious, makes no collusion assumptions, and frees model providers from needing to maintain private online infrastructures. Our results show that CHEX-MIX can execute at high efficiency, with low communication cost, while providing security guarantees unaddressed by prior work. Compared to a recent multi-key HE work that allows partial cloud offload, for example, CHEX-MIX achieves a 3× lower communication cost and a 3× faster computation time.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. 8th IEEE European Symposium on Security and Privacy, July 2023
oblivious inferencehomomorphic encryptiontrusted execution environmentprivacy-preserving machine learning
Contact author(s)
dnataraj @ umich edu
wei dai @ microsoft com
2023-07-03: last of 3 revisions
2021-12-09: received
See all versions
Short URL
Creative Commons Attribution


      author = {Deepika Natarajan and Andrew Loveless and Wei Dai and Ronald Dreslinski},
      title = {{CHEX}-{MIX}: Combining Homomorphic Encryption with Trusted Execution Environments for Two-party Oblivious Inference in the Cloud},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1603},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.