Machine learning (ML) systems that guarantee security and privacy often rely on Fully Homomorphic Encryption (FHE) as a cornerstone technique, enabling computations on encrypted data without exposing sensitive information. However, a critical limitation of FHE is its computational inefficiency, making it impractical for large-scale applications. In this work, we propose \textit{Nemesis}, a framework that accelerates FHE-based systems without compromising accuracy or security. The design of Nemesis is inspired by Rache (SIGMOD'23), which introduced a caching mechanism for encrypted integers and scalars. Nemesis extends this idea with more advanced caching techniques and mathematical tools, enabling efficient operations over multi-slot FHE schemes and overcoming Rache's limitations to support general plaintext structures. We formally prove the security of Nemesis under standard cryptographic assumptions and evaluate its performance extensively on widely used datasets, including MNIST, FashionMNIST, and CIFAR-10. Experimental results show that Nemesis significantly reduces the computational overhead of FHE-based ML systems, paving the way for broader adoption of privacy-preserving technologies.
翻译:保障安全与隐私的机器学习系统通常将全同态加密作为核心技术,支持在加密数据上直接进行计算而无需暴露敏感信息。然而,FHE存在一个关键局限——其计算效率低下,导致其难以应用于大规模场景。本文提出\textit{Nemesis}框架,该框架能在不损失精度或安全性的前提下加速基于FHE的系统。Nemesis的设计灵感来源于Rache,后者为加密整数与标量引入了缓存机制。Nemesis通过更先进的缓存技术与数学工具扩展了这一思想,实现了对多槽位FHE方案的高效运算,并克服了Rache的局限性以支持通用明文结构。我们在标准密码学假设下形式化证明了Nemesis的安全性,并在MNIST、FashionMNIST和CIFAR-10等广泛使用的数据集上进行了全面的性能评估。实验结果表明,Nemesis显著降低了基于FHE的机器学习系统的计算开销,为隐私保护技术的更广泛采用铺平了道路。