2024年8月,国科大密码学院郑昉昱副教授作为通信作者指导学生,在31st ACM Conference on Computer and Communications Security (ACM CCS)会议上发表了题为“DPad-HE: Towards Hardware-friendly Homomorphic Evaluation using 4-Directional Manipulation”的研究论文。论文中提出了一种利用MLWE构造硬件友好全同态加密(FHE)的方案,性能大幅领先于已有的研究工作,在隐私计算等方面具有很强的应用前景。该研究工作得到CCF-蚂蚁科研基金(No. CCF-AFSG RF20230206)的支持。
本届ACM CCS将于2024年10月14日至18日在美国盐湖城召开。ACM CCS于1993年首次举办,已有三十多年历史,是国际公认的信息安全领域旗舰会议,与IEEE S&P、USENIX Security、NDSS并称为信息安全领域国际四大顶级学术会议,也是中国计算机学会(CCF)推荐的A类会议。
Abstract:Module Learning with Errors (MLWE) based approaches for Fully Homomorphic Encryption (FHE) have garnered attention due to their potential to enhance hardware-friendliness and implementation efficiency. However, despite these advantages, their overall performance still trails behind traditional schemes based on Ring Learning with Errors (RLWE). This indicates that while MLWE-based constructions hold promise, there remain significant challenges to overcome in bridging the performance gap with RLWE-based FHE schemes.
By uncovering the reasons for the unsatisfactory performance of prior schemes and pinpointing the fundamental differences in the design of MLWE-based FHE compared to traditional approaches, the paper introduces DPad-HE with a novel design incorporating manipulation in the module rank dimension. The newly introduced operations, rank-up, and rank-down, effectively regulate the scale of gadget decomposition, reducing the computational workload of key-switching by several times. Taking CKKS as a case study, the evaluation showcases the comprehensive advantages of DPad-HE over the state-of-the-art MLWE-based scheme, resulting in a performance boost of 1.26x to 5.71$x, a reduction in key size from $1/3$ to $3/4$, with enhanced noise control. To test the hardware-friendliness of the solution, DPad-HE is also implemented on GPU. Notably, DPad-HE demonstrates that, for the first time, the execution latency of MLWE-based schemes can achieve comparable performance with traditional RLWE ones, especially on the GPU platform where a speedup up to 1.41 is witnessed. Additionally, this paper provides a lightweight conversion method between RLWE and MLWE ciphertexts, allowing for flexible selection of RLWE and MLWE settings during a single complete evaluation process. This opens up new possibilities for both RLWE-based and MLWE-based FHEs.
论文信息:Wenxu Tang, Fangyu Zheng , Guang Fan, Tian Zhou, Jingqiang Lin, Jiwu Jing, “DPad-HE: Towards Hardware-friendly Homomorphic Evaluation using 4-Directional Manipulation”, 31st ACM Conference on Computer and Communications Security (CCS), 2024(CCF-A,四大安全顶会)
(原文链接:https://doi.org/10.1145/3658644.3690280)
