Paper 2022/532

Hierarchical Galois Key Management Systems for Privacy Preserving AIaaS with Homomorphic Encryption

Joon-Woo Lee, Eunsang Lee, Young-Sik Kim, and Jong-Seon No

Abstract

In the artificial intelligence as a service (AIaaS) system in the client-server model, where the clients provide the data on the cloud and the server processes the data by using the deep neural network in the cloud, data privacy via homomorphic encryption is getting more important. Brakerski/Fan-Vercauteran (BFV) and Cheon-Kim-Kim-Song (CKKS) schemes are two representative homomorphic encryption schemes which support various arithmetic operations for encrypted data in the single-instruction multiple-data (SIMD) manner. As the homomorphic operations in these schemes are performed component-wisely for encrypted message vectors, the rotation operations for various cyclic shifts of the encrypted message vector are required for useful advanced operations such as bootstrapping, matrix multiplication, and convolution in convolutional neural networks. Since the rotation operation requires different Galois keys for different cyclic shifts, the servers using the conventional BFV and CKKS schemes should ask the clients having their secret keys to generate and send all of the required Galois keys. In particular, in the advanced services that require rotation operations for many cyclic shifts such as deep convolutional neural networks, the total Galois key size can be hundreds of gigabytes. It imposes substantial burdens on the clients in the computation and communication cost aspects. In this paper, we propose a new concept of \emph{hierarchical Galois key generation method} for homomorphic encryption to reduce the burdens of the clients and the server running BFV and CKKS schemes. The main concept in the proposed method is the hierarchical Galois keys, such that after the client generates and transmits a few Galois keys in the highest key level to the server, the server can generate any required Galois keys from the public key and the smaller set of Galois keys in the higher key level. This proposed method significantly reduces the number of the clients' operations for Galois key generation and the communication cost for the Galois key transmission. Since the server can generate the required Galois keys by using the received small set of Galois keys from the client, the server does not need to request additional Galois keys to the clients or to store all possible Galois keys for future use. For example, if we implement the standard ResNet-20 network for the CIFAR-10 dataset and the ResNet-18 network for the ImageNet dataset with pre-trained parameters of the CKKS scheme with the polynomial modulus degree $N=2^{16}$ and $N=2^{17}$, respectively, the server requires 265 and 617 Galois keys, which occupy 105.6GB and 197.6GB of memory, respectively. If we use the proposed three-level hierarchical Galois key system, the Galois key size generated and transmitted by the client can be reduced from 105.6GB to 3.4GB for ResNet-20 model for CIFAR-10, and reduced from 197.6GB to 3.9GB for ResNet-18 model for ImageNet.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. Minor revision.
Keywords
Hierarchical Galois keyHomomorphic encryptionPrivacy-preserving machine learningPublic key managementBrakerskiFan-Vercauteran (BFV) schemesCheon-Kim-Kim-Song (CKKS) schemes
Contact author(s)
joonwoo42 @ snu ac kr
eslee3209 @ ccl snu ac kr
iamyskim @ chosun ac kr
jsno @ snu ac kr
History
2022-05-10: received
Short URL
https://ia.cr/2022/532
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/532,
      author = {Joon-Woo Lee and Eunsang Lee and Young-Sik Kim and Jong-Seon No},
      title = {Hierarchical Galois Key Management Systems for Privacy Preserving AIaaS with Homomorphic Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2022/532},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/532}},
      url = {https://eprint.iacr.org/2022/532}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.