Paper reading list

Used in HElib.

Used in SEAL.

Used in HEAAN.

Use sine function to approximate mod operation. Swap slots with coefficients in ciphertext during bootstrapping.

Use Chebyshev polynomials to approximate mod operation.

A good library for Arithmetic sharing, Boolean sharing, and Yao’s garbled circuits.

• Conditions: P₀ holds private integer x, P₁ holds private integer y.
• Sharing: P₀ generates a random integer r_x, keeps x₀=x-r_x as his share of x, and sends x₁=r_x to P₁ as P₁'s share of x. Similarly, P₁ generates a random integer r_y, keeps y₁=y-r_y as his share of y, and sends y₀=r_y to P₀ as P₀'s share of y.
• Addition: P_i computes z_i=x_i+y_i. The sum can be recovered by z=z₀+z₁=x+y.
• Multiplication: First use HE or OT to generate c₀, c₁, a₀, a₁, b₀ and b₁, such that c=c₀+c₁=(a₀×b₀)+(a₁×b₁). P₀ holds c₀, a₀ and b₀, P₁ holds c₁, a₁ and b₁. P_i computes e_i=x_i-a_i and f_i=y_i-b_i. P_i recovers e and f. Finally, P_i computes z_i=i×e×f+f×a_i+e×b_i+c_i. The product can be recovered by z=z₀+z₁=x×y.

• Conditions: P₀ holds private bit x, P₁ holds private bit y.
• Sharing: P₀ generates a random bit r_x, keeps x₀=x⊕r_x as his share of x, and sends x₁=r_x to P₁ as P₁'s share of x. Similarly, P₁ generates a random bit r_y, keeps y₁=y⊕r_y as his share of y, and sends y₀=r_y to P₀ as P₀'s share of y.
• XOR: P_i computes z_i=x_i⊕y_i. The XOR can be recovered by z=z₀+z₁=x⊕y.
• AND: First use HE or OT to generate c₀, c₁, a₀, a₁, b₀ and b₁, such that c=c₀⊕c₁=(a₀∧b₀)⊕(a₁∧b₁). P₀ holds c₀, a₀ and b₀, P₁ holds c₁, a₁ and b₁. P_i computes e_i=x_i⊕a_i and f_i=y_i⊕b_i. P_i recovers e and f. Finally, P_i computes z_i=i∧e∧f⊕f∧a_i⊕e∧b_i⊕c_i. The product can be recovered by z=z₀⊕z₁=x∧y.

Detailed introduction on basic Yao's garbled circuits and optimizations.

Brief introduction on basic Yao's garbled circuits and optimizations.

Slides on basic Yao's garbled circuits.

First work to use HE for NN inference. Modifications to NNs: (1) square activation; (2) sum pooling.

Based on Cryptonets, add batchnormalization layers, use higher degree polynomials to approximate ReLU.

(1) Use TFHE as HE library to encrypt input bit by bit. (2) Quantize weights to power of 2. (3) Use HE gates to build ReLU and maxpooling functions.

Data pre-precessing. Model pruning. Client can use a proxy server for garbling the circuits. Leverage the industrial synthesis tool. Use sequential circuits as opposed to combinational circuits

Use ABY library for 2PC. Use SEAL for HE. Use HE to generate shares. Use Arithmetic Sharing for matrix vector multiplication. Use GC for ReLU and sigmoid. Use Arithmetic Sharing for mean pooling. Use GC for max pooling. Use Arithmetic Sharing for square activations. Use GC for rescaling values within range.

Use HE to compute convolutional and fully connected layers, use GC to compute activation and pooling layers.

• For convolutional and fully connected layers, server and client each has their own share of the input to the layer (server has X_s, client has X_c, and X_s+X_c=X, X is the real input to this layer). Client send Enc(X_c) to server, and server computes Enc(Y) = F(Enc(X_s)+Enc(X_c)) = F(Env(X)). Y is the result of this layer. Before sending result back to client, server generates a random r, and send Enc(Y-r) to client, and client decrypt it to get Y_c = Y-r as client's share of the result. Server keeps Y_s = r as server's share of the result.
• For activation and pooling layers, server and client each has their own share of the input to the layer (server has Y_s, client has Y_c, and Y_s+Y_c=Y, Y is the real input to this layer). Then use Garbled Circuit to compute the result of this layer, and server gets his share of the result Z_s, client has his share of the result Z_c.

Reorder slots in ciphertexts.

Use hardware information as fingerprints to protect NN models.

Same idea with AEP. Use eDRAM startup values as PUFs.

Quantize to integers of power of 2. Add random noise to protext weights.