![Page 1: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/1.jpg)
Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1,
Vassil Dimitrov2, and Ingrid Verbauwhede1
1ESAT/COSIC and iMinds, KU Leuven
2The University of Calgary, Canada and Computer Modelling Group
Modular Hardware Architecture for
Somewhat Homomorphic Function Evaluation
1
CHES 2015
![Page 2: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/2.jpg)
Outsourcing Computation
2
![Page 3: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/3.jpg)
Outsourcing Computation
3
![Page 4: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/4.jpg)
Outsourcing Computation
4
![Page 5: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/5.jpg)
Outsourcing Computation
5
![Page 6: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/6.jpg)
Outsourcing Computation
6
![Page 7: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/7.jpg)
Outsourcing Computation
7
![Page 8: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/8.jpg)
Outsourcing Computation
8
![Page 9: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/9.jpg)
Some Facts about Homomorphic Encryption
9
• Any fun( ) can be represented as a sequence of {+, ×} over GF(2)
• + is xor gate
• × is and gate
• {xor, and} gates together give us universal gate
Homomorphic encryption scheme allows us to homomorphically
compute GF(2) addition and multiplication on encrypted data.
![Page 10: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/10.jpg)
Some Facts about Homomorphic Encryption
10
• Multiplicative depth of fun is number of and gate in critical path
• Fully Homomorphic Encryption (FHE) ≡ unlimited depth
Thus any fun
• Somewhat Homomorphic Encryption (SHE) ≡ limited depth
Less complicated fun
![Page 11: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/11.jpg)
Performances of FHE and SHE
11
![Page 12: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/12.jpg)
Performance of FHE
Batch Fully Homomorphic Encryption over Integers, by Coron, Lepoint,
and Tibouchi. Eurocrypt 2013
• Encryption 61 seconds, Decryption 9.8 seconds
• Multiplication 0.72 seconds
• Recrypt 172 seconds
• AES evaluation takes 113 hours on Intel Core i7-2600 at 3.4 GHz
• 5120 Multiplications and 2448 Recrypt
12
FHE is Very Slow
![Page 13: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/13.jpg)
Performance of SHE
A Comparison of the Homomorphic Encryption Schemes FV and YASHE,
by Lepoint, Naehrig. Africacrypt 2014
• Evaluate SIMON -64/128 using YASHE in 70 minutes
• No recrypt
• Using 4-cores of Intel Core i7-2600 at 3.4 GHz
13
SHE is > faster than FHE
Motivation: Can we accelerate using FPGAs?
![Page 14: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/14.jpg)
Why do we need to Evaluate SIMON in Cloud?
• User encrypts message bits using EncHE( )
• Ciphertext size is huge (can be in GBs)
• Heavy load on the communication network
14
![Page 15: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/15.jpg)
Why do we need to Evaluate SIMON in Cloud?
• Ciphertext size is message size
• SIMON has small multiplicative depth
15
![Page 16: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/16.jpg)
The YASHE Scheme
16
![Page 17: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/17.jpg)
The YASHE Scheme
• Defined over a ring
We use 1228 bit q
f ( ) is 65535-th cyclotomic polynomial, degree n= 215
• YASHE.KeyGen( ) (pk, sk, evk), pk, sk , evk
17
![Page 18: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/18.jpg)
The YASHE Scheme
• YASHE.Enc (m, pk) c
Gaussian sampling from narrow distribution
One polynomial multiplication and two additions
• YASHE.Dec(c, sk) m
One polynomial multiplication and a decoding
18
![Page 19: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/19.jpg)
The YASHE Scheme
• YASHE.Add (c1, c2 ) c = c1 + c2
• YASHE.Mult (c1, c2 )
Compute polynomial multiplication c1·c2 in
Q ~ n·q2 [In our case |Q| = 2,517 bits]
Division and rounding
Return
performs 22 poly mult and 21 poly add
19
![Page 20: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/20.jpg)
Implementation
20
![Page 21: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/21.jpg)
Operations in the Cloud
21
• Discrete Gaussian sampling (from narrow distribution)
• Polynomial addition
• Polynomial multiplication
• Division and roundingCostly Computation
![Page 22: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/22.jpg)
Polynomial Multiplication
• FFT based multiplication has low complexity (n log n)
• Number Theoretic Transform (NTT) is a generalization of FFT
n-th primitive root of 1 in (an integer)
Only integer arithmetic modulo q
22
![Page 23: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/23.jpg)
Polynomial Multiplication using NTT
23
• Expand input polynomials from n coefficients to
• Compute N-point NTTs
• Multiply them coefficient wise
• Compute INTT
• Finally reduce the result modulo f(x) [ deg(f) = n ]
• Our f(x) is 65535-th cyclotomic polynomial [ it supports SIMD ]
Not a sparse polynomial
We use polynomial Barrett reduction
![Page 24: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/24.jpg)
Handling of Long Integer Arithmetic
24
• Coefficients are modulo q where |q| = 1,228 bits
[ and sometimes modulo Q where |Q| = 2,517 bits ]
• Difficult to implement
• We use CRT and take
Small and Parallel computations
use DSP multipliers of the FPGA
![Page 25: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/25.jpg)
Architecture
25
![Page 26: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/26.jpg)
Overview of the HE Architecture
26
Cip
he
rte
xt
Po
lyn
om
ials
codesign
![Page 27: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/27.jpg)
Polynomial Arithmetic Unit Core
27
The core is based on our CHES2014 paper “Compact ring-LWE Cryptoprocessor”
![Page 28: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/28.jpg)
Polynomial Arithmetic Unit Core
28
Computing … butterfly during an NTTt + u ·ω
t - u ·ω
![Page 29: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/29.jpg)
Multi-Core Polynomial Arithmetic Unit
29
• NTT is parallelizable
• Speedup using many cores
• Routing friendly NTT
Local data access
[ details in the paper ]
Processor cores
Our architecture has 16 cores
![Page 30: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/30.jpg)
Division and Rounding Unit (DRU)
30
• Divides by and then rounds to nearest integer ( is fixed )
• Precomputed reciprocal
• Multiplies input by
![Page 31: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/31.jpg)
Implementation of CRT
Small-CRT
Large-CRT
31
![Page 32: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/32.jpg)
CRT Computation
32
• Small CRT is required to map coefficients c from to
• Computation involves
Sum of long and short products
Division in parallel
![Page 33: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/33.jpg)
Sum of Product during CRT
33
![Page 34: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/34.jpg)
coming back to the overall architecture ….
34
![Page 35: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/35.jpg)
HE Architecture
35
![Page 36: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/36.jpg)
HE Architecture
36
![Page 37: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/37.jpg)
HE Architecture
37
![Page 38: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/38.jpg)
HE Architecture
38
![Page 39: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/39.jpg)
HE Architecture
39
Independent parallel processors
![Page 40: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/40.jpg)
Results
40
![Page 41: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/41.jpg)
Area Results
41
• We use the largest Virtex 7 FPGA XCV1140TFLG1930
• Resource consumption
FFs 22.6%
LUTs 53%
BRAMs 37.8%
DSPs 53%
• With more processors routing problem
![Page 42: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/42.jpg)
Timing Results
42
• Does not include external memory--FPGA communication cost
• Operating frequency is 143 MHz after P&R
• YASHE.Mult requires 121.678 milliseconds
• SIMON-64/128 performs 32×44 YASHE.Mult operations
171.3 seconds
• Relative time is per slot (2048 slots using SIMD)
83.65 milliseconds
![Page 43: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/43.jpg)
Future Works
43
• Implement interface between FPGA and external RAM
Serial data transfer is slow
Parallel 64-bit comm. between FPGA and external DDR3 RAM
Source: Xilinx Virtex-7 FPGA VC709 Connectivity Kit, www.xilinx.com
![Page 44: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/44.jpg)
Future Works
44
• Architectural low-level optimization
Reduce pipeline bubbles [reduce cycles]
Increase frequency of sub blocks
Area optimization [more processors in FPGA]
• Higher level parallel processing
We have independent processors working in parallel
Hence more processors in several FPGAs
![Page 45: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/45.jpg)
Thank You
45
![Page 46: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/46.jpg)
46
![Page 47: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/47.jpg)
Backup Slides
47
![Page 48: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/48.jpg)
Homomorphic Encryption
• Enc(·,·) is homomorphic for an operation □ on message space M iff
Enc(m1 □ m2, kE) = Enc(m1, kE) ○ Enc(m2, kE)
with ○ operation on ciphertext space C
• Enc(·,·) is additively homomorphic is □ = +
• eg. Caesar cipher
• Enc(·,·) is multiplicatively homomorphic is □ = ×
• eg. Unpadded RSA
48
![Page 49: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/49.jpg)
The YASHE Scheme
49
![Page 50: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/50.jpg)
The YASHE Scheme
• Defined over a ring
• YASHE.KeyGen( )
• where pk and sk and evk
• YASHE.Enc (m, pk)
•
•
•
• YASHE.Dec(c, sk)
•
50
![Page 51: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/51.jpg)
The YASHE Scheme
• YASHE.Add (c1, c2 )
Return
Requires one polynomial addition
• YASHE.Mult (c1, c2 )
Compute normal polynomial multiplication c1·c2
Coefficients could be larger than q2
Division and rounding
Return
Requires is u+1 poly mult and u poly add
51
![Page 52: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/52.jpg)
Small-CRT Computation
52
• Required to map polynomial coefficients c from to
Remember and
• Compute [c]qj for l-1 < j < L
• First compute c =( [c]q0·b0+…+ [c]ql-1·bl-1 ) [ sum of long products ]
• Next k = floor(c/q) [ division by q ]
• Next [c’ ]qj = ([c]q0·[b0]qj+…+ [c]ql-1·[bl-1]qj ) [sum of short products ]
• Finally [c]qj = [c’]qj – [k]qi · [q]qj
![Page 53: Modular Hardware Architecture for Somewhat Homomorphic ...Sujoy Sinha Roy1, Kimmo Järvinen1, Frederik Vercauteren1, Vassil Dimitrov2, and Ingrid Verbauwhede1 1ESAT/COSIC and iMinds,](https://reader035.vdocuments.site/reader035/viewer/2022071113/5fe9fb5aea61df052e0fc786/html5/thumbnails/53.jpg)
Area Results
53
• We use the largest Virtex 7 FPGA XCV1140TFLG1930
• With more processors routing problem