modular hardware architecture for somewhat homomorphic
play

Modular Hardware Architecture for Somewhat Homomorphic Function - PowerPoint PPT Presentation

Jan 16, 2023 •306 likes •849 views

1 Modular Hardware Architecture for Somewhat Homomorphic Function Evaluation CHES 2015 Sujoy Sinha Roy 1 , Kimmo Jrvinen 1 , Frederik Vercauteren 1 , Vassil Dimitrov 2 , and Ingrid Verbauwhede 1 1 ESAT/COSIC and iMinds, KU Leuven 2 The

  1. 1 Modular Hardware Architecture for Somewhat Homomorphic Function Evaluation CHES 2015 Sujoy Sinha Roy 1 , Kimmo Järvinen 1 , Frederik Vercauteren 1 , Vassil Dimitrov 2 , and Ingrid Verbauwhede 1 1 ESAT/COSIC and iMinds, KU Leuven 2 The University of Calgary, Canada and Computer Modelling Group

  2. Outsourcing Computation 2

  3. Outsourcing Computation 3

  4. Outsourcing Computation 4

  5. Outsourcing Computation 5

  6. Outsourcing Computation 6

  7. Outsourcing Computation 7

  8. Outsourcing Computation 8

  9. Some Facts about Homomorphic Encryption 9 • Any fun ( ) can be represented as a sequence of {+, ×} over GF(2) • + is xor gate • × is and gate • { xor, and } gates together give us universal gate Homomorphic encryption scheme allows us to homomorphically compute GF(2) addition and multiplication on encrypted data.

  10. Some Facts about Homomorphic Encryption 10 • Multiplicative depth of fun is number of and gate in critical path • Fully Homomorphic Encryption (FHE) ≡ unlimited depth  Thus any fun • Somewhat Homomorphic Encryption (SHE) ≡ limited depth  Less complicated fun

  11. 11 Performances of FHE and SHE

  12. Performance of FHE 12 Batch Fully Homomorphic Encryption over Integers, by Coron, Lepoint, and Tibouchi. Eurocrypt 2013 • Encryption 61 seconds, Decryption 9.8 seconds • Multiplication 0.72 seconds • Recrypt 172 seconds • AES evaluation takes 113 hours on Intel Core i7-2600 at 3.4 GHz • 5120 Multiplications and 2448 Recrypt FHE is Very Slow

  13. Performance of SHE 13 A Comparison of the Homomorphic Encryption Schemes FV and YASHE, by Lepoint, Naehrig. Africacrypt 2014 • Evaluate SIMON -64/128 using YASHE in 70 minutes • No recrypt • Using 4-cores of Intel Core i7-2600 at 3.4 GHz SHE is > faster than FHE Motivation: Can we accelerate using FPGAs?

  14. Why do we need to Evaluate SIMON in Cloud? 14 • User encrypts message bits using Enc HE ( ) • Ciphertext size is huge (can be in GBs) • Heavy load on the communication network

  15. Why do we need to Evaluate SIMON in Cloud? 15 • Ciphertext size is message size • SIMON has small multiplicative depth

  16. 16 The YASHE Scheme

  17. The YASHE Scheme 17 • Defined over a ring  We use 1228 bit q  f ( ) is 65535-th cyclotomic polynomial, degree n = 2 15 • YASHE.KeyGen( )  ( pk , sk , evk ), pk , sk , evk

  18. The YASHE Scheme 18 • YASHE.Enc ( m, pk )  c  Gaussian sampling from narrow distribution  One polynomial multiplication and two additions • YASHE.Dec( c, sk )  m  One polynomial multiplication and a decoding

  19. The YASHE Scheme 19 • YASHE.Add ( c 1 , c 2 )  c = c 1 + c 2 • YASHE.Mult ( c 1 , c 2 )  Compute polynomial multiplication c 1 · c 2 in  Q ~ n · q 2 [In our case | Q | = 2,517 bits]  Division and rounding  Return  performs 22 poly mult and 21 poly add

  20. 20 Implementation

  21. Operations in the Cloud 21 • Discrete Gaussian sampling (from narrow distribution) • Polynomial addition • Polynomial multiplication Costly Computation • Division and rounding

  22. Polynomial Multiplication 22 • FFT based multiplication has low complexity ( n log n) • Number Theoretic Transform ( NTT ) is a generalization of FFT  n -th primitive root of 1 in (an integer)  Only integer arithmetic modulo q

  23. Polynomial Multiplication using NTT 23 • Expand input polynomials from n coefficients to • Compute N -point NTTs • Multiply them coefficient wise • Compute INTT • Finally reduce the result modulo f ( x ) [ deg( f ) = n ] Our f ( x ) is 65535-th cyclotomic polynomial [ it supports SIMD ] •  Not a sparse polynomial  We use polynomial Barrett reduction

  24. Handling of Long Integer Arithmetic 24 • Coefficients are modulo q where | q | = 1,228 bits [ and sometimes modulo Q where | Q | = 2,517 bits ] • Difficult to implement • We use CRT and take Small and Parallel computations use DSP multipliers of the FPGA

  25. 25 Architecture

  26. Overview of the HE Architecture 26 Ciphertext Polynomials codesign

  27. Polynomial Arithmetic Unit Core 27 The core is based on our CHES2014 paper “Compact ring -LWE Cryptoprocessor ”

  28. Polynomial Arithmetic Unit Core 28 t + u · ω Computing … butterfly during an NTT t - u · ω

  29. Multi-Core Polynomial Arithmetic Unit 29 • NTT is parallelizable • Speedup using many cores Our architecture has 16 cores cores Processor • Routing friendly NTT  Local data access [ details in the paper ]

  30. Division and Rounding Unit (DRU) 30 • Divides by and then rounds to nearest integer ( is fixed ) • Precomputed reciprocal • Multiplies input by

  31. 31 Implementation of CRT Small-CRT Large-CRT

  32. CRT Computation 32 • Small CRT is required to map coefficients c from to • Computation involves  Sum of long and short products  Division in parallel

  33. Sum of Product during CRT 33

  34. 34 coming back to the overall architecture ….

  35. HE Architecture 35

  36. HE Architecture 36

  37. HE Architecture 37

  38. HE Architecture 38

  39. HE Architecture 39 Independent parallel processors

  40. 40 Results

  41. Area Results 41 • We use the largest Virtex 7 FPGA XCV1140TFLG1930 • Resource consumption  FFs 22.6%  LUTs 53%  BRAMs 37.8%  DSPs 53% • With more processors routing problem

  42. Timing Results 42 • Does not include external memory--FPGA communication cost • Operating frequency is 143 MHz after P&R • YASHE.Mult requires 121.678 milliseconds • SIMON-64/128 performs 32×44 YASHE.Mult operations  171.3 seconds • Relative time is per slot (2048 slots using SIMD)  83.65 milliseconds

  43. Future Works 43 • Implement interface between FPGA and external RAM  Serial data transfer is slow  Parallel 64-bit comm. between FPGA and external DDR3 RAM Source: Xilinx Virtex-7 FPGA VC709 Connectivity Kit, www.xilinx.com

  44. Future Works 44 • Architectural low-level optimization  Reduce pipeline bubbles [reduce cycles]  Increase frequency of sub blocks  Area optimization [more processors in FPGA] • Higher level parallel processing  We have independent processors working in parallel  Hence more processors in several FPGAs

  45. 45 Thank You

  46. 46

  47. 47 Backup Slides

  48. Homomorphic Encryption 48 • Enc(·,·) is homomorphic for an operation □ on message space M iff Enc( m 1 □ m 2 , k E ) = Enc( m 1 , k E ) ○ Enc( m 2 , k E ) with ○ operation on ciphertext space C • Enc(·,·) is additively homomorphic is □ = + • eg. Caesar cipher • Enc(·,·) is multiplicatively homomorphic is □ = × • eg. Unpadded RSA

  49. 49 The YASHE Scheme

  50. The YASHE Scheme 50 • Defined over a ring • YASHE.KeyGen( ) • where pk and sk and evk • YASHE.Enc ( m, pk ) • • • • YASHE.Dec( c, sk ) •

  51. The YASHE Scheme 51 • YASHE.Add ( c 1 , c 2 )  Return  Requires one polynomial addition • YASHE.Mult ( c 1 , c 2 )  Compute normal polynomial multiplication c 1 · c 2  Coefficients could be larger than q 2  Division and rounding  Return  Requires is u +1 poly mult and u poly add

  52. Small-CRT Computation 52 • Required to map polynomial coefficients c from to  Remember and • Compute [ c ] q j for l -1 < j < L • First compute c = ( [ c ] q 0 · b 0 +…+ [ c ] q l -1 · b l -1 ) [ sum of long products ] • Next k = floor ( c/q ) [ division by q ] • Next [ c’ ] q j = ([ c ] q 0 ·[ b 0 ] q j +…+ [ c ] q l- 1 ·[ b l -1 ] q j ) [sum of short products ] • Finally [ c ] q j = [ c’ ] q j – [ k ] q i · [ q ] q j

  53. Area Results 53 • We use the largest Virtex 7 FPGA XCV1140TFLG1930 • With more processors routing problem

Recommend

Accelerating LTV Based Homomorphic Encryption in Reconfigurable Hardware Yark n Dorz, Erdin

Accelerating LTV Based Homomorphic Encryption in Reconfigurable Hardware Yark n Dorz, Erdin

Accelerating LTV Based Homomorphic Encryption in Reconfigurable Hardware Yark n Dorz, Erdin ztrk, Erkay Sava , Berk Sunar Worcester Polytechnic Institute 100 Institute Road, Worcester, MA, USA, 01609 1 Homomorphic Encryption

534 views • 24 slides
5. Simulate the n-bit modular adder/subtracter architecture The modular adder/subtracter performs

5. Simulate the n-bit modular adder/subtracter architecture The modular adder/subtracter performs

Summer School on Real-world Crypto and Privacy Hardware tutorial June 14, 2018, ibenik, Croatia Nele Mentens (KU Leuven) Pedro Maat Costa Massolino (Radboud University) TUTORIAL INSTRUCTIONS In this tutorial, we will design and simulate a

74 views • 4 slides
homomorphic encryption with optimised hardware designs Dr Ciara Rafferty 15 January 2018 CSIT

homomorphic encryption with optimised hardware designs Dr Ciara Rafferty 15 January 2018 CSIT

Accelerating lattice-based and homomorphic encryption with optimised hardware designs Dr Ciara Rafferty 15 January 2018 CSIT is a Research Centre of the ECIT Institute @CSIT_QUB Overview 1. Introduction 2. SAFEcrypto project overview 3.

1.18k views • 54 slides
Homomorphic Encryption Lecture 18 And some applications Homomorphic Encryption Homomorphic

Homomorphic Encryption Lecture 18 And some applications Homomorphic Encryption Homomorphic

Homomorphic Encryption Lecture 18 And some applications Homomorphic Encryption Homomorphic Encryption Group Homomorphism: Two groups G and G are homomorphic if there exists a function (homomorphism) f:G G such that for all x,y G,

1.79k views • 165 slides
Spark architecture Spark architecture Hardware organization Hardware organization In local

Spark architecture Spark architecture Hardware organization Hardware organization In local

Spark architecture Spark architecture Hardware organization Hardware organization In local installation, cores serve as master &amp; slaves Communication Communication Sh Sh uf uf fle fle Same machines are used for both map and reduce

341 views • 12 slides
IRNAS OPEN HARDWARE INSTITUTE Modular open hardware design for electronics and 3D printing

IRNAS OPEN HARDWARE INSTITUTE Modular open hardware design for electronics and 3D printing

IRNAS OPEN HARDWARE INSTITUTE Modular open hardware design for electronics and 3D printing Luka Mustafa Musti musti@irnas.eu @slomusti S56MC IRNAS.EU | @institute_irnas CC BY-SA 4.0 Presentation outline Overview of multiple

880 views • 73 slides
Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption

Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption

Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption Standardization Consortium HomomorphicEncryption.org 0.1 Presenters Roger A. Hallman (SPAWAR Systems Center Pacific; Thayer School of

1.36k views • 91 slides
Outline Background Venezia Hardware Architecture Venezia Software Architecture

Outline Background Venezia Hardware Architecture Venezia Software Architecture

Venezia: a Scalable Multicore Subsystem for Multimedia Applications Takashi Miyamori Toshiba Corporation Outline Background Venezia Hardware Architecture Venezia Software Architecture Evaluation Chip and Performance Results

401 views • 14 slides
Graphics Hardware Hardware Overview of Pipeline Architecture Alternatives First graphics

Graphics Hardware Hardware Overview of Pipeline Architecture Alternatives First graphics

Graphics Hardware Hardware Overview of Pipeline Architecture Alternatives First graphics processors just did display management, not rendering per se. bitblit for block transfer of bits Computer Graphics 15-462 (Fall 2002) 2 Pipeline

469 views • 3 slides
Homomorphic Secret Sharing II Homomorphic Secret Sharing for Branching Programs Under DDH Ele:e

Homomorphic Secret Sharing II Homomorphic Secret Sharing for Branching Programs Under DDH Ele:e

Homomorphic Secret Sharing II Homomorphic Secret Sharing for Branching Programs Under DDH Ele:e Boyle Niv Gilboa Yuval Ishai IDC BGU Technion &amp; UCLA Secure ComputaGon Approaches Classical

342 views • 33 slides
Urdu and the Modular Architecture of ParGram Tina B ogel, Miriam Butt, Annette Hautli,

Urdu and the Modular Architecture of ParGram Tina B ogel, Miriam Butt, Annette Hautli,

Preview Introduction Overall Architecture Morphology Syntax Prosody Semantics Conclusion Urdu and the Modular Architecture of ParGram Tina B ogel, Miriam Butt, Annette Hautli, Sebastian Sulger Universit at Konstanz CLT 2009, Lahore

671 views • 16 slides
Platform &amp; Modular Design Development Of Subsystems and Interface Architecture Product

Platform &amp; Modular Design Development Of Subsystems and Interface Architecture Product

Platform &amp; Modular Design Development Of Subsystems and Interface Architecture Product Platform - Definition An Architecture of a set of Subsystems (Modules) and their Interfaces the Form a Common Structure from Which a Stream of

1.06k views • 44 slides
Towards MKM in the Large: Modular Representation and Scalable Software Architecture Michael

Towards MKM in the Large: Modular Representation and Scalable Software Architecture Michael

Towards MKM in the Large: Modular Representation and Scalable Software Architecture Michael Kohlhase, Florian Rabe, Vyacheslav Zholudev Jacobs University Bremen 1 Motivation Focus: computer-supported deduction, computation, representation

182 views • 17 slides
Homomorphic SIM 2 D operations: Single Instruction Much More Data Wouter Castryck Ilia

Homomorphic SIM 2 D operations: Single Instruction Much More Data Wouter Castryck Ilia

Homomorphic SIM 2 D operations: Single Instruction Much More Data Wouter Castryck Ilia Iliashenko Frederik Vercauteren Homomorphic encryption cryp 175.2 {#*| Homomorphic encoding real-world data plaintext ciphertext

512 views • 40 slides
Integrated Modular Integrated Modular Federal Aviation Administration Avionics Approval

Integrated Modular Integrated Modular Federal Aviation Administration Avionics Approval

Integrated Modular Integrated Modular Federal Aviation Administration Avionics Approval Avionics Approval Concerns Concerns Presented to: FAA Software and Airborne Electronic Hardware Conference By: Gregg Bartley ANM-111/AIR-20 Date: August

488 views • 32 slides
Homomorphic Secret Sharing &amp; Applications from Lattice-Based Assumptions Elette Boyle Many

Homomorphic Secret Sharing &amp; Applications from Lattice-Based Assumptions Elette Boyle Many

Homomorphic Secret Sharing &amp; Applications from Lattice-Based Assumptions Elette Boyle Many slides taken/adapted from Geoffroy Couteau, Lisa Kohl, &amp; Peter Scholl Fully Homomorphic Encryption (FHE) Supports homomorphic

791 views • 40 slides
Summary Exploring modular protein architecture

Summary Exploring modular protein architecture

Summary Exploring modular protein architecture http://www.embl.de/gibson/SeqAnal/dev/wiki/index.php/Training/EmpaJan2010.html Wiki of the group of Toby Gibson at the EMBL in Heidelberg providing a number of presentations, tutorials and examples

416 views • 5 slides
Modular &amp; Reusable Embedded Control Architecture: Case of a Car-like Robot N. Ouadah

Modular &amp; Reusable Embedded Control Architecture: Case of a Car-like Robot N. Ouadah

Centre de D veloppement des Technologies Avanc es Modular &amp; Reusable Embedded Control Architecture: Case of a Car-like Robot N. Ouadah Robotics &amp; Automation Dept. NCRM Team CDTA , Algeria ouadahn@yahoo.fr 2013 IEEE International

434 views • 9 slides
CSSE 232 Computer Architecture I Verilog 1 / 10 What it is Verilog is hardware description

CSSE 232 Computer Architecture I Verilog 1 / 10 What it is Verilog is hardware description

CSSE 232 Computer Architecture I Verilog 1 / 10 What it is Verilog is hardware description language Describes the functions of a hardware circuit Can be used to test circuits also Looks similar to C ( + , - , != , ~ , etc)

510 views • 10 slides
Parameters for Homomorphic Encryption Kim Laine and Kristin Lauter University of California,

Parameters for Homomorphic Encryption Kim Laine and Kristin Lauter University of California,

Parameters for Homomorphic Encryption Kim Laine and Kristin Lauter University of California, Berkeley and Microsoft Research September 3, 2015 Homomorphic Encryption Homomorphic Encryption Consider a public key cryptosystem, and operations

777 views • 35 slides
D EEP packet inspection is an important component in performance can be found in [9]. The

D EEP packet inspection is an important component in performance can be found in [9]. The

984 IEEE TRANSACTIONS ON COMPUTERS, VOL. 58, NO. 7, JULY 2009 Hardware Architecture for High-Performance Regular Expression Matching Tsern-Huei Lee, Senior Member , IEEE Abstract This paper presents a bitmap-based hardware architecture for

413 views • 10 slides
Modular sensor architecture for automated agricultural data collection on the field ANDR C.

Modular sensor architecture for automated agricultural data collection on the field ANDR C.

Modular sensor architecture for automated agricultural data collection on the field ANDR C. HERNANDES, RAFAEL V. AROCA, DANIEL V. MAGALHES, MARCELO BECKER THE 3RD INTERNATIONAL ELECTRONIC CONFERENCE ON SENSORS AND APPLICATIONS (ECSA 2016)

355 views • 17 slides
Exit Hardware 376 Series - Push Bar Exit Hardware 376 Series - Push Bar Exit Hardware In distinct

Exit Hardware 376 Series - Push Bar Exit Hardware 376 Series - Push Bar Exit Hardware In distinct

Exit Hardware 376 Series - Push Bar Exit Hardware 376 Series - Push Bar Exit Hardware In distinct contrast to the modular nature of the Briton 560 - 570 Series, the Features &amp; Benefits long established Briton 376 Series is supplied as a

182 views • 7 slides
Modular Monoliths @simonbrown An independent consultant specialising in software architecture

Modular Monoliths @simonbrown An independent consultant specialising in software architecture

Modular Monoliths @simonbrown An independent consultant specialising in software architecture The Missing Chapter Also the creator of the Context C4 model, and Structurizr Containers Components Code The server-side of Structurizr is

1.47k views • 99 slides

More recommend