Periodic Reporting for period 2 - BELFORT (Hardware Acceleration for Computing on Encrypted Data)
Okres sprawozdawczy: 2023-09-01 do 2025-02-28
The overall objective of the Belfort ERC project is to make computing on encrypted data feasible from a hardware perspective and not only from a mathematical theoretical perspective. Cryptography for a long time has solved the problem of encrypting data for storage or for transmission. Only recently novel mathematical techniques were developed that allow computations on encrypted data. Computing on encrypted data encompasses techniques that enable data owners to outsource computations on their data to untrusted cloud processing parties. This server computes on the encrypted data while remaining oblivious of the data and the computed results. Yet, these techniques are extremely computation intensive and suffer from large bandwidth and memory requirements.
This ERC project focuses on the implementation challenges. Dedicated hardware acceleration units are developed to improve performance and reduce energy requirements.
Why is it important for society?
Computing on encrypted data enables multiple new applications. Examples are statistics or machine learning on healthcare, financial, and energy data. This data could be used to monitor pandemics, monitor abnormal financial transactions, or tune supply and demand in an energy market. These operations should be performed on the encrypted data without first decrypting.
What are the overall objectives?
Computing on encrypted data is a relatively new branch in cryptography: it enables calculations on the encrypted data, while data remains encrypted in the cloud and without the need to decrypt it. The result itself will only be decrypted by the final recipient. The challenge with these novel mathematical concepts is a gigantic blow-up in the size of ciphertext data, in the number of calculations on the encrypted data, and in the novel lattice-based arithmetic used. The overall objective is to make computing on encrypted data feasible, from the 1000’s to 100.000 times overhead down to the ambitious limited overhead of a factor 10, compared to unencrypted operations on the data. Not only speed or throughput is important, also the reduction of power and energy consumption is an important objective to evolve towards a green solution.
This ERC project focuses on the implementation challenges. Dedicated hardware acceleration units are developed to improve performance and reduce energy requirements.
Why is it important for society?
Computing on encrypted data enables multiple new applications. Examples are statistics or machine learning on healthcare, financial, and energy data. This data could be used to monitor pandemics, monitor abnormal financial transactions, or tune supply and demand in an energy market. These operations should be performed on the encrypted data without first decrypting.
What are the overall objectives?
Computing on encrypted data is a relatively new branch in cryptography: it enables calculations on the encrypted data, while data remains encrypted in the cloud and without the need to decrypt it. The result itself will only be decrypted by the final recipient. The challenge with these novel mathematical concepts is a gigantic blow-up in the size of ciphertext data, in the number of calculations on the encrypted data, and in the novel lattice-based arithmetic used. The overall objective is to make computing on encrypted data feasible, from the 1000’s to 100.000 times overhead down to the ambitious limited overhead of a factor 10, compared to unencrypted operations on the data. Not only speed or throughput is important, also the reduction of power and energy consumption is an important objective to evolve towards a green solution.
During the first 36 months of the project, the PI together with her team focused on the “Foundational building blocks”, which is phase 1 of the project. Month 36 is the end of WP1 - End Node, WP2 – Computational Complexity, WP3 – HW/SW interface: flexibility versus performance, and WP4 – Design of core accelerator. Partial results are also available for phase 2, ‘the stepwise integration’. Phase 3 recently started (M31).
Computing on encrypted data means that the sensitive data is encrypted at the user’s side, which we call the end-nodes. The encrypted data is next sent on the internet, or stored on a remote server, which we assume is untrusted. The topics we started during this first period are the following:
• At the user’s end, sensitive data needs to be encrypted, and the results of the operations decrypted. The challenge here is that the encryption and decryption operations occur potentially in insecure environments, so these hardware implementations need protection against side-channel and fault attacks. In this first period, we focused on masking, a particular protection mechanism, to protect lattice-based encryption schemes against side-channel and fault attacks. This work is part of WP1. We have results both on the attack side, as well as on the protection side.
Some highlights are:
[Higher-Order Masked Saber. https://doi.org/10.1007/978-3-031-14791-3_5](odnośnik otworzy się w nowym oknie) Google Scholar: 34 citations
[C. Mujdei, L. Wouters, A. Karmakar, A. Beckers, J. Bermudo Mera, I. Verbauwhede (2024): Side-channel Analysis of Lattice-based Post-quantum Cryptography: Exploiting Polynomial Multiplication. ACM Trans. Embed. Comput. Syst. 23(2): 27:1-27:23 (2024).] Measuring impact: this paper has already 71 citations on Google Scholar.
• Making applications Computing on Encrypted Data (COED) friendly is a big challenge. In a first experiment, we studied the quantization effect on neural networks to make them more FHE-friendly. This work is part of WP2.
• A major result of the first phase is our FPT processor. This is a domain-specific accelerator suitable for an FPGA platform. It focuses on the programmable bootstrapping step of the Torus Fully Homomorphic Encryption (TFHE). It is designed under WP3 and WP4.
This FPT processor is part of IP transfer that will be transferred from KU Leuven to the spinoff company Belfort Labs.
WP5 and WP6 recently started:
In the context of WP5, we have first results making a distance calculation application FHE friendly. It is currently submitted to a major security conference. Its pre-print is available through IACR eprint. On the technology developed in this work, a patent application has been filed.
In the contecxt of WP6, we are experimenting with designs to fit on multiple FPGA, addressing the parallelism challenges.
This work will be presented at CHES in September 2025:
WP7 also recently started. In WP7, an end-to-end application is developed. We start from real-life use cases, such as the above mentioned Leuvensthein. We will investigate if Leuvensthein is also suitable for DNA matching applications. Other applications being considered are privacy friendly machine learning.
Computing on encrypted data means that the sensitive data is encrypted at the user’s side, which we call the end-nodes. The encrypted data is next sent on the internet, or stored on a remote server, which we assume is untrusted. The topics we started during this first period are the following:
• At the user’s end, sensitive data needs to be encrypted, and the results of the operations decrypted. The challenge here is that the encryption and decryption operations occur potentially in insecure environments, so these hardware implementations need protection against side-channel and fault attacks. In this first period, we focused on masking, a particular protection mechanism, to protect lattice-based encryption schemes against side-channel and fault attacks. This work is part of WP1. We have results both on the attack side, as well as on the protection side.
Some highlights are:
[Higher-Order Masked Saber. https://doi.org/10.1007/978-3-031-14791-3_5](odnośnik otworzy się w nowym oknie) Google Scholar: 34 citations
[C. Mujdei, L. Wouters, A. Karmakar, A. Beckers, J. Bermudo Mera, I. Verbauwhede (2024): Side-channel Analysis of Lattice-based Post-quantum Cryptography: Exploiting Polynomial Multiplication. ACM Trans. Embed. Comput. Syst. 23(2): 27:1-27:23 (2024).] Measuring impact: this paper has already 71 citations on Google Scholar.
• Making applications Computing on Encrypted Data (COED) friendly is a big challenge. In a first experiment, we studied the quantization effect on neural networks to make them more FHE-friendly. This work is part of WP2.
• A major result of the first phase is our FPT processor. This is a domain-specific accelerator suitable for an FPGA platform. It focuses on the programmable bootstrapping step of the Torus Fully Homomorphic Encryption (TFHE). It is designed under WP3 and WP4.
This FPT processor is part of IP transfer that will be transferred from KU Leuven to the spinoff company Belfort Labs.
WP5 and WP6 recently started:
In the context of WP5, we have first results making a distance calculation application FHE friendly. It is currently submitted to a major security conference. Its pre-print is available through IACR eprint. On the technology developed in this work, a patent application has been filed.
In the contecxt of WP6, we are experimenting with designs to fit on multiple FPGA, addressing the parallelism challenges.
This work will be presented at CHES in September 2025:
WP7 also recently started. In WP7, an end-to-end application is developed. We start from real-life use cases, such as the above mentioned Leuvensthein. We will investigate if Leuvensthein is also suitable for DNA matching applications. Other applications being considered are privacy friendly machine learning.
We consider our FPT processor already as progress beyond the state of the art. Through an in-depth analysis, we came to the conclusion that for typical TFHE security parameter sets, almost 80% of the calculations are consumed in the programmable bootstrapping. Thus it makes most sense to focus on this programmable bootstrapping step. By a unique combination of understanding the underlying mathematics, the design of a streaming domain-specific processor, and making use of the acceleration potential of FPGA’s, we obtained a working demonstration of the FPT. Our PhD students were able to demonstrate its acceleration potential with a ‘game of life’ demonstrator. The first demonstration of the FPT was during the FHE.org conference in March 2023. This presentation and life demonstration is available through the website of FHE and YouTube. For this demo, we also received through the AMD university program a donation of an AMD Alveo U280 datacenter accelerator card. This means we have an extra FPGA board for our research.
As promised in our proposal, we organized a workshop in May 2024. The focus of this very successful workshop was the hardware acceleration of computing on encrypted data. Through our international connections, all major players in the field were present at our workshop, including representation from major silicon and software companies. At this workshop, we had a major second demonstrator: we had prototype version of the Leuvensthein algorithm running. It also showed during this workshop, that our project was the only one with a working demo.
Based on these early promising results, we applied for and received an ERC Proof of Concept Grant, called “Belfort Match”. Belfort match allows us to further develop the technology and raise the TRL level of the technology.
In September 2024, we also started discussions with Leuven Research and Development (LRD), which is the tech transfer office of the university. We plan to take the results of the ERC project towards a spin-off company (called Belfort Labs).
As promised in our proposal, we organized a workshop in May 2024. The focus of this very successful workshop was the hardware acceleration of computing on encrypted data. Through our international connections, all major players in the field were present at our workshop, including representation from major silicon and software companies. At this workshop, we had a major second demonstrator: we had prototype version of the Leuvensthein algorithm running. It also showed during this workshop, that our project was the only one with a working demo.
Based on these early promising results, we applied for and received an ERC Proof of Concept Grant, called “Belfort Match”. Belfort match allows us to further develop the technology and raise the TRL level of the technology.
In September 2024, we also started discussions with Leuven Research and Development (LRD), which is the tech transfer office of the university. We plan to take the results of the ERC project towards a spin-off company (called Belfort Labs).