Homomorphic encryption (HE), which allows computations on encrypted data, is an enabling technology for confidential cloud computing. One notable example is privacy-preserving Prediction-as-a-Service (PaaS), where machine-learning predictions are computed on encrypted data. However, developing HE-based solutions for encrypted PaaS is a tedious task which requires a careful design that predominantly depends on the deployment scenario and on leveraging the characteristics of modern HE schemes. Prior works on privacy-preserving PaaS focus solely on protecting the confidentiality of the client data uploaded to a remote model provider, e.g., a cloud offering a prediction API, and assume (or take advantage of the fact) that the model is held in plaintext. Furthermore, their aim is to either minimize the latency of the service by processing one sample at a time, or to maximize the number of samples processed per second, while processing a fixed (large) number of samples. In this work, we present slytHErin, an agile framework that enables privacy-preserving PaaS beyond the application scenarios considered in prior works. Thanks to its hybrid design leveraging HE and its multiparty variant (MHE), slytHErin enables novel PaaS scenarios by encrypting the data, the model or both. Moreover, slytHErin features a flexible input data packing approach that allows processing a batch of an arbitrary number of samples, and several computation optimizations that are model-and-setting-agnostic. slytHErin is implemented in Go and it allows end-users to perform encrypted PaaS on custom deep learning models comprising fully-connected, convolutional, and pooling layers, in a few lines of code and without having to worry about the cumbersome implementation and optimization concerns inherent to HE.

翻译：同态加密（HE）允许对加密数据进行计算，是实现机密云计算的使能技术。一个典型例子是隐私保护的预测即服务（PaaS），其中基于机器学习的预测在加密数据上进行计算。然而，为加密PaaS开发基于HE的解决方案是一项繁琐的任务，需要精心设计，这主要取决于部署场景以及对现代HE方案特性的利用。先前关于隐私保护PaaS的工作仅专注于保护上传至远程模型提供商（例如提供预测API的云服务）的客户端数据的机密性，并假设（或利用）模型以明文形式持有。此外，其目标要么是每次处理一个样本以最小化服务延迟，要么是在处理固定（大量）样本时最大化每秒处理的样本数量。在本工作中，我们提出slytHErin，一种超越先前工作中考虑的应用场景、实现隐私保护PaaS的灵活框架。凭借其结合HE及其多方变体（MHE）的混合设计，slytHErin通过加密数据、模型或两者兼施，实现了新颖的PaaS场景。此外，slytHErin采用灵活的输入数据打包方法，可处理任意数量样本的批次，并实现了多种与模型和设置无关的计算优化。slytHErin用Go语言实现，允许最终用户用几行代码对包含全连接层、卷积层和池化层的自定义深度学习模型执行加密PaaS，而无需担心HE固有的繁琐实现与优化问题。