Presentation is loading. Please wait.

Presentation is loading. Please wait.

Accelerating Homomorphic Evaluation on Reconfigurable Hardware Thomas Pöppelmann, Michael Naehrig, Andrew Putnam, Adrian Macias.

Published byHarriet Carr Modified over 9 years ago

Similar presentations

Presentation on theme: "Accelerating Homomorphic Evaluation on Reconfigurable Hardware Thomas Pöppelmann, Michael Naehrig, Andrew Putnam, Adrian Macias."— Presentation transcript:

1 Accelerating Homomorphic Evaluation on Reconfigurable Hardware Thomas Pöppelmann, Michael Naehrig, Andrew Putnam, Adrian Macias

2 Outline Motivation Somewhat Homomorphic Encryption Implementation Results Conclusion 1 2 3 4 5 2 14.09.2015Copyright © Infineon Technologies AG 2015. All rights reserved.

3 Outline Motivation Somewhat Homomorphic Encryption Implementation Results Conclusion 1 2 3 4 5 3 14.09.2015Copyright © Infineon Technologies AG 2015. All rights reserved.

4 Motivation: Secure Computation › Homomorphic encryption allows computation on data without revealing the data itself to the entity performing the computation › Premium example: cloud computing –Clients encrypt data and store encrypted data in the cloud –The cloud server performs computation but an attacker (malicious admin, hacker, intelligence agency) cannot see the actual data –The client just gets the result › Practical usable for specialized, high risk, or privacy sensitive applications –Genomic data processing –Medical data processing –Machine learning 4 14.09.2015Copyright © Infineon Technologies AG 2015. All rights reserved.

5 Motivation: Homomorphic evaluation 5 10 20 Encrypt ? ? ? ? ? ? ADD MUL ? ? Decrypt 1500 ADD ? ? Decrypt 80 Untrusted environment, e.g., the cloud SW Evaluation This work: How can we use FPGAs to accelerate homomorphic evaluation? 5 14.09.2015Copyright © Infineon Technologies AG 2015. All rights reserved.

6 Outline Motivation Somewhat Homomorphic Encryption Implementation Results Conclusion 1 2 3 4 5 6 14.09.2015Copyright © Infineon Technologies AG 2015. All rights reserved.

7 YASHE [BLLN’13] ]Joppe W. Bos, Kristin Lauter, Jake Loftus, Michael Naehrig: Improved Security for a Ring-Based Fully Homomorphic Encryption Scheme. IMACC 2013, 7 14.09.2015Copyright © Infineon Technologies AG 2015. All rights reserved.

8 YASHE’ Algorithms 8 14.09.2015Copyright © Infineon Technologies AG 2015. All rights reserved.

9 YASHE RMult c’ polynomial multiplication Multiplication by scalar and rounding n log(q) 9 14.09.2015Copyright © Infineon Technologies AG 2015. All rights reserved.

10 YASHE KeySwitch Several polynomial multiplications by constant evaluation key 10 14.09.2015Copyright © Infineon Technologies AG 2015. All rights reserved.

11 YASHE (Selected) Parameters DescriptionParameterSet-ISet-II Polynomial coefficientsn409616384 Modulusq Plaintext spacet1024 Windows sizew Evaluation keysq/w18 Supported multiplications (levels)L19 Size of one polynomial-62 KB1 MB Size of evaluation key-124 KB8 MB  Parameters are supposed to provide at least 80 bits of security 11 14.09.2015Copyright © Infineon Technologies AG 2015. All rights reserved.

12 Outline Motivation Somewhat Homomorphic Encryption Implementation Results Conclusion 1 2 3 4 5 12 14.09.2015Copyright © Infineon Technologies AG 2015. All rights reserved.

13 Target Platform: Catapult › Microsoft project [PCC+14] to accelerate cloud services using Altera Stratix V FPGAs –Each server contains an FPGA –FPGAs are connected by complex dedicated communication network › 2x throughput over software- only Bing ranking in 1632 server/FPGA prototype › Of independent interest to CHES community [PCC+14] Andrew Putnam et al, A Reconfigurable Fabric for Accelerating Large-Scale Datacenter Services. ISCA 2014 13 14.09.2015Copyright © Infineon Technologies AG 2015. All rights reserved.

14 Implementation Challenges on FPGAs › Target device: Stratix V –172,600 ALMs (logic blocks) –4.9 MB internal memory –1590 embedded multipliers › Implementation Challenge –Usage of external memory –Large multipliers required (e.g., 512x512-bits) –Development more complex FPGA (4 MB) DRAM0 (4 GB) DRAM0 (4 GB) DDR PC PCIe DRAM1 (4 GB) DRAM1 (4 GB) DDR Evaluation operations 14 14.09.2015Copyright © Infineon Technologies AG 2015. All rights reserved.

15 Number Theoretic Transform 15 14.09.2015Copyright © Infineon Technologies AG 2015. All rights reserved.

16 Cached-NTT 16 14.09.2015Copyright © Infineon Technologies AG 2015. All rights reserved.

17 Architecture › NttCore computes one or several groups of NTT in parallel › NTTButterfly implements pipelined 512x512-bit multiplier (supports also 1040x1040-bit in 4 cycles) › Dual buffering of data set in FPGA to support computation and memory access in parallel 17 14.09.2015Copyright © Infineon Technologies AG 2015. All rights reserved. Microcode engine wit approx. 15 instructions

18 Outline Motivation Somewhat Homomorphic Encryption Implementation Results Conclusion 1 2 3 4 5 18 14.09.2015Copyright © Infineon Technologies AG 2015. All rights reserved.

19 Results › SET II implementation requires 141,090 (82%) ALMs, 577 (36%) DSPs and 17,626,400 (43%) BRAM bits on Altera Stratix V › Congested design and constraints of DRAM and PCIe controller result in relatively low clock frequency › Cycle counts measured online to account for DRAM latency ImplementationMultAdd Set I (n=4096) @100 MHz 675,326 cycles19,057 cycles 6.75 ms0.19 ms Set II (n=16384) @66 MHz 3,212,506 cycles61,775 cycles 48.67 ms0.94 ms 19 14.09.2015Copyright © Infineon Technologies AG 2015. All rights reserved.

20 Comparison [LN14] Tancrède Lepoint, Michael Naehrig: A Comparison of the Homomorphic Encryption Schemes FV and YASHE. AFRICACRYPT 2014 [RJVDV’15] Roy et al. Modular Hardware Architecture for Somewhat Homomorphic Function Evaluation. CHES 2015 AuthorParameterArchitectureMultAdd Our workYASHE, n=16384FPGA (Stratix 5)49 ms1 ms [LN’14]YASHE, n=40963.5 GHz Intel i749 ms0.7 ms [RJVDV’15]YASHE, n=32768FPGA (Virtex-7)112 ms0.17 ms 20 14.09.2015Copyright © Infineon Technologies AG 2015. All rights reserved. › Schemes and parameters differ widely › Costs of FPGAs are hard to compare (FPGA+I/O+board) › Numerous ASIC, GPU implementations published while schemes got better and better

21 Outline Motivation Somewhat Homomorphic Encryption Implementation Results Conclusion 1 2 3 4 5 21 14.09.2015Copyright © Infineon Technologies AG 2015. All rights reserved.

22 Conclusion › Cached-FFT/NTT solves problem of limited on-chip memory › Large multiplier (1040x1040) is a bottleneck => Chinese remainder theorem (see next talk) › Biggest effort/time was spend on external memory interface –Has to be taken into account for evaluation of costs and performance –Simulation and debugging more complex 22 14.09.2015Copyright © Infineon Technologies AG 2015. All rights reserved.

23 Future Work › Further evaluation of different implementation techniques (maybe CRT+cached-NTT) › Exploration of different and larger parameter sets › Can evaluation operations (MUL/ADD) be performed directly in frequency (NTT/FFT) domain › Multi-FPGA design or specialized board FPGA RAM 23 14.09.2015Copyright © Infineon Technologies AG 2015. All rights reserved.

24 Thank You Thank you for your attention! Any Questions? Contact: thomas.poeppelmann@Infineon.com Full paper: https://eprint.iacr.org/2015/631 24 14.09.2015Copyright © Infineon Technologies AG 2015. All rights reserved.

25

Download ppt "Accelerating Homomorphic Evaluation on Reconfigurable Hardware Thomas Pöppelmann, Michael Naehrig, Andrew Putnam, Adrian Macias."

Similar presentations

Deep Packet Inspection: Where are We? CCW08 Michela Becchi.

Deep Packet Inspection: Where are We? CCW08 Michela Becchi.
14. Aug. 2013 Towards Practical Lattice-Based Public-Key Encryption on Reconfigurable Hardware SAC 2013, Burnaby, Canada Thomas Pöppelmann and Tim Güneysu.

14. Aug Towards Practical Lattice-Based Public-Key Encryption on Reconfigurable Hardware SAC 2013, Burnaby, Canada Thomas Pöppelmann and Tim Güneysu.
Commercial FPGAs: Altera Stratix Family Dr. Philip Brisk Department of Computer Science and Engineering University of California, Riverside CS 223.

Commercial FPGAs: Altera Stratix Family Dr. Philip Brisk Department of Computer Science and Engineering University of California, Riverside CS 223.
+ Accelerating Fully Homomorphic Encryption on GPUs Wei Wang, Yin Hu, Lianmu Chen, Xinming Huang, Berk Sunar ECE Dept., Worcester Polytechnic Institute.

+ Accelerating Fully Homomorphic Encryption on GPUs Wei Wang, Yin Hu, Lianmu Chen, Xinming Huang, Berk Sunar ECE Dept., Worcester Polytechnic Institute.
TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.
ECE 734: Project Presentation Pankhuri May 8, 2013 Pankhuri May 8, 2013 64-point FFT Algorithm for OFDM Applications using 8-point DFT processor (radix-8)

ECE 734: Project Presentation Pankhuri May 8, 2013 Pankhuri May 8, point FFT Algorithm for OFDM Applications using 8-point DFT processor (radix-8)
1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
System Simulation Of 1000-cores Heterogeneous SoCs Shivani Raghav Embedded System Laboratory (ESL) Ecole Polytechnique Federale de Lausanne (EPFL)

System Simulation Of 1000-cores Heterogeneous SoCs Shivani Raghav Embedded System Laboratory (ESL) Ecole Polytechnique Federale de Lausanne (EPFL)
VEGAS: Soft Vector Processor with Scratchpad Memory Christopher Han-Yu Chou Aaron Severance, Alex D. Brant, Zhiduo Liu, Saurabh Sant, Guy Lemieux University.

VEGAS: Soft Vector Processor with Scratchpad Memory Christopher Han-Yu Chou Aaron Severance, Alex D. Brant, Zhiduo Liu, Saurabh Sant, Guy Lemieux University.
Multithreaded FPGA Acceleration of DNA Sequence Mapping Edward Fernandez, Walid Najjar, Stefano Lonardi, Jason Villarreal UC Riverside, Department of Computer.

Multithreaded FPGA Acceleration of DNA Sequence Mapping Edward Fernandez, Walid Najjar, Stefano Lonardi, Jason Villarreal UC Riverside, Department of Computer.
Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.

Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.
Computes the partial dot products for only the diagonal and upper triangle of the input matrix. The vector computed by this architecture is added to the.

Computes the partial dot products for only the diagonal and upper triangle of the input matrix. The vector computed by this architecture is added to the.
Characterization Presentation Neural Network Implementation On FPGA Supervisor: Chen Koren Maria Nemets 309326767 Maxim Zavodchik 310623772.

Characterization Presentation Neural Network Implementation On FPGA Supervisor: Chen Koren Maria Nemets Maxim Zavodchik
MEMOCODE 2007 HW/SW Co-design Contest Documentation of the submission by Eric Simpson Pengyuan Yu Sumit Ahuja Sandeep Shukla Patrick Schaumont Electrical.

MEMOCODE 2007 HW/SW Co-design Contest Documentation of the submission by Eric Simpson Pengyuan Yu Sumit Ahuja Sandeep Shukla Patrick Schaumont Electrical.
A Performance and Energy Comparison of FPGAs, GPUs, and Multicores for Sliding-Window Applications From J. Fowers, G. Brown, P. Cooke, and G. Stitt, University.

A Performance and Energy Comparison of FPGAs, GPUs, and Multicores for Sliding-Window Applications From J. Fowers, G. Brown, P. Cooke, and G. Stitt, University.
Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.

Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.
Introduction to FPGA and DSPs Joe College, Chris Doyle, Ann Marie Rynning.

Introduction to FPGA and DSPs Joe College, Chris Doyle, Ann Marie Rynning.
Field Programmable Gate Array (FPGA) Layout An FPGA consists of a large array of Configurable Logic Blocks (CLBs) - typically 1,000 to 8,000 CLBs per chip.

Field Programmable Gate Array (FPGA) Layout An FPGA consists of a large array of Configurable Logic Blocks (CLBs) - typically 1,000 to 8,000 CLBs per chip.
System Architecture A Reconfigurable and Programmable Gigabit Network Interface Card Jeff Shafer, Hyong-Youb Kim, Paul Willmann, Dr. Scott Rixner Rice.

System Architecture A Reconfigurable and Programmable Gigabit Network Interface Card Jeff Shafer, Hyong-Youb Kim, Paul Willmann, Dr. Scott Rixner Rice.
Study of AES Encryption/Decription Optimizations Nathan Windels.

Study of AES Encryption/Decription Optimizations Nathan Windels.

Similar presentations

Ads by Google