Practical Cryptographically Private and Verifiable Computation through Hardware-Software Co-Design

Author(s)

Samardzic, Nikola

Advisor

Sanchez, Daniel

Abstract

Fully Homomorphic Encryption (FHE) and Verifiable Computation (VC) enable offloading computation to untrusted servers with cryptographic privacy and integrity guarantees. Despite their attractive security properties, FHE and VC are not widely adopted because (1) they suffer prohibitive performance overheads, about 10,000× to 1,000,000× over unencrypted and unverified computation, respectively and (2) they are hard to use even for expert cryptographers: porting non-trivial applications takes experts months of manual work. This thesis contributes hardware and software techniques to make FHE and VC practical. Specifically, we present a full hardware and software stack for FHE that addresses its performance and usability challenges, consisting of hardware accelerators that erase FHE’s overheads, a redesign of the state-of-the-art FHE scheme to make accelerators more efficient, and an FHE compiler that produces efficient programs from high-level code. We then leverage the commonalities between FHE and VC to design an accelerator that reduces VC overheads. F1 and CraterLake are FHE accelerators that improve performance over state-of-the-art by 10,000×. F1 is the first programmable FHE accelerator, and erases most performance overheads for smaller FHE programs. CraterLake builds on F1, and is the first accelerator able to support arbitrarily large FHE programs effectively. F1 and CraterLake’s speedups bring with them new bottlenecks, mainly arithmetic efficiency. We present BitPacker, a new implementation of an FHE scheme that keeps encrypted data packed in fixed-size words, enabling near-full arithmetic efficiency in accelerators. BitPacker is the first redesign of an FHE scheme that targets accelerators. On CraterLake, BitPacker improves performance by gmean 59% and up to 3×, and reduces energy by gmean 61%. To make the performance we unleashed accessible to non-experts, we contribute Fhelipe, a compiler that abstracts away FHE’s implementation details and hides its complex and restrictive programming interface. Fhelipe translates high-level tensor programs into optimized FHE circuits that can then be executed on CraterLake or a CPU. Fhelipe produces compiled programs that match or exceed the performance of state-of-the-art manual implementations. It also outperforms prior FHE compilers by gmean 18.5× on a wide set of benchmarks. While FHE provides data privacy, it does not provide integrity. NoCap is a hardware accelerator that enables practical integrity by speeding up verifiable computation by 40× over state-of-the-art accelerators and by 580× over CPU.

Date issued

2024-05

URI

https://hdl.handle.net/1721.1/156628

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Publisher

Massachusetts Institute of Technology