# AI News, Encrypt your Machine Learning

- On Sunday, September 30, 2018
- By Read More

## Encrypt your Machine Learning

We have a pretty good understanding of the application of machine learning and cryptography as a security concept, but when it comes to combining the two, things become a bit nebulous and we enter fairly untraveled wilderness.

Let me explain this in a bit more detail with another quote: Let’s define out notation for message, ciphertext, encryption, and decryption: Assuming homomorphism, we then get: It might have been obvious to some of you, but it’s important here to mention another feature: Operations between clear texts and cipher texts are homomorphic as well: The operation of the structures was preserved, despite the value being encrypted.

more realistic example: If the RSA public key is mod r and exponent e, then the encryption of a message x is given by: The homomorphic property is then: When implementing a cryptographic algorithm, you have to consider various ways to attack the cipher.

Without semantic security, the algorithm is vulnerable to chosen-plaintext attacks: One way to protect against CPA is the introduction of a random component so that encrypting a message twice results in two different ciphers.

While we build algorithms to remove the random component in the decryption step, there is an upper limit of randomness after which we are unable to recover the message.

If you consider the amount of operations involved in training a model or inferring data with an encrypted model, we quickly end up unable to decrypt the noise-polluted cypertext.

Recrypt encrypts the ciphertext with the new private key (pk2) and then removes the first encryption (pk1) in the evaluation step using the encrypted secret key (sk).

Keeping in mind that all arithmetic is binary (i.e., modulo 2), such a function produces the following truth table: If you haven’t guessed already, this is a big deal.

Such a system was proposed in 2009 by Craig Gentry using lattice-based cryptography, and described the first plausible construction for a fully homomorphic encryption scheme.

Although the literature tends to be a bit vague or hard to compare, here are a couple of quotes in rough chronological order: 100 trillion?

Okay, this isn’t even feasible for a calculator… While IBM’s numbers are a significant improvement over the initial implementation, their solution is still at least 50 million times slower than working with plain text.

While the increased size of an encrypted model might not have a considerable impact, an industry who’s value is based on large amounts of data might struggle if their training data needs to be homomorphically encrypted.

- On Tuesday, May 26, 2020

**Implementation of Homomorphic Encryption: Paillier**

**Fully Homomorphic Encryption**

Zvika Brakerski, Weizmann Institute The Mathematics of Modern Cryptography

**NDSS 2017: Using Fully Homomorphic Encryption for Statistical Analysis of...**

Video taken during the Network and Distributed System Security (NDSS) Symposium 2017, held February 26 through March 1, 2017, at Catamaran Resort Hotel ...

**Attribute based Encryption (ABE)**

**Securing the cloud**

Meet Vinod Vaikuntanathan, who is developing fully homomorphic encryption. This form of cryptography promises to make cloud computing perfectly secure.

**How do we Democratize Access to Data?**

OpenMined is a community focused on building technology for decentralized ownership of data and AI. Data scientists can pay users directly for their data and ...

**Fully Homomorphic Encryption II**

Shai Halevi, IBM T.J. Watson Research Center Cryptography Boot Camp

**Algorithms in HElib**

Algorithms in HElib by Shai Halevi, Victor Shoup. Talk at Crypto 2014.

**AES Encryption - شرح بالعربي**

شرح كامل لطريقة التشفير باستخدام Advanced Encryption Standard Block Cipher بطريقة مبسطة مع حل مثال. - سيف بدران Information Security...

**Highly-Scalable Searchable Symmetric Encryption with Sup ...**

Talk at crypto 2013. Authors: David Cash, Stanislaw Jarecki, Charanjit S. Jutla, Hugo Krawczyk, Marcel-Catalin Rosu, Michael Steiner.