Note: HEIR is our next generation FHE compiler framework, please see its GitHub repo and its website https://heir.dev.
This repository contains open-source libraries and tools to perform fully homomorphic encryption (FHE) operations on an encrypted data set.
About Fully Homomorphic Encryption
Fully Homomorphic Encryption (FHE) is an emerging cryptographic technique that allows developers to perform computations on encrypted data. This represents a paradigm shift in how data processing and data privacy relate to each other.
Previously, if an application had to perform some computation on data that was encrypted, this application would necessarily need to decrypt the data first, perform the desired computations on the clear data, and then re-encrypt the data. FHE, on the other hand, simply removes the need for this decryption-encryption steps by the application, all at once.
In practice, for an application that needs to perform some computation F on data that is encrypted, the FHE scheme would provide some alternative computation F' which when applied directly over the encrypted data will result in the encryption of the application of F over the data in the clear. More formally: F(unencrypted_data) = Decrypt(F'(encrypted_data)).
As a result, FHE can have an enormous impact to our society. It can change the way computations are performed by preserving end-to-end privacy. For example, users would be able to offload expensive computations to cloud providers in a way that cloud providers will not have access to the users' data at all.
The main hindrance for the adoption of FHE has been its very poor performance. Despite significant scientific improvements, performing computations on encrypted data using FHE is still orders of magnitude slower than performing the computation on the plaintext. On top of that, converting a program that operates on unencrypted data to one that FHE-operates on encrypted data is far from being a trivial translation. If not properly done, this translation can significantly increase the performance gap between computing on unencrypted data and the FHE-computation on encrypted data, thus precluding wide FHE adoption.
The concept of FHE states that every computation in plaintext space has an equivalent computation in the encrypted space. So building programs on FHE involves translating a program to work in the encrypted space.
To perform computations in the encrypted space, FHE programs need to adhere to the FHE programming paradigm which includes data-independent computations and ciphertext management operations.
Computations in the encrypted space are oblivious to the underlying data and hence need to follow a data-independent computational paradigm. This means that simple programming constructs such as branches or if-then-else statements that depend on the output of data need to be rewritten.
The keys and ciphertexts (i.e. after encryption, the encrypted data is called ciphertext) need to maintain mathematical relations for correct decryption. To ensure decryption remains feasible, periodic ciphertext management operations need to be performed. These operations are computationally heavy but essential for ensuring accurate computation in the encrypted domain. They also vary depending on the type of Fully Homomorphic Encryption (FHE) used. FHE schemes are generally categorized into two main types: scalar and vector. Scalar schemes encrypt small integers or individual bits. They excel at general-purpose computations, offering unlimited operations, exact computations and less intensive ciphertext management operations. Vector schemes, on the other hand, encrypt vectors of integers or floats. These schemes excel at large-scale analytics and machine learning tasks. They require more intensive ciphertext management and polynomial approximation for non-linear functions.
Developing FHE programs with FHE typically includes these steps:
- Converting the program to its FHE equivalent using domain-specific compilers.
- Adhering to data-independent programming constraints.
- Optimizing the program for efficient execution on a selected hardware platform.
It often involves compilers. However, achieving optimal performance on specific FHE scheme and hardware accelerators sometimes necessitates cutting-edge research. Below are the compilers we offer and some demo programs to try.
Compilers provide a bridge from unencrypted programs to programs that function on encrypted data, including the bridge to hardware accelerators. Google aims to provide industry-standard compilers with simple interfaces and modular, reusable and interoperable components to accelerate the research and development of production-strength privacy-first software systems.
HEIR is a compiler toolchain and design environment for Fully Homomorphic Encryption. Application developers, compiler engineers, hardware designers, and cryptography researchers can build upon HEIR to further research and bring FHE to practicality.
Note: Transpiler is a general purpose FHE compiler for C++ that works for subclass of FHE problems and uses boolean optimizations such as Yosys and ABC. We plan to migrate features of the transpiler into HEIR.
We will continue to publish updates and improvements to the FHE library. We are not yet accepting external contributions to this project. We will respond to issues filed in this project. If we ever intend to stop publishing improvements and responding to issues we will publish notice here at least 3 months in advance.
This is not an officially supported Google product.
Apache License 2.0. See LICENSE.
We are committed to open-sourcing our work to support your use cases. We want to know how you use this library and what problems it helps you to solve. We have two communication channels for you to contact us:
-
A public discussion group where we will also share our preliminary roadmap, updates, events, and more.
-
A private email alias at fhe-open-source@google.com where you can reach out to us directly about your use cases and what more we can do to help and improve the library.
Please refrain from sending any sensitive or confidential information. If you wish to delete a message you've previously sent, please contact us.
The contributors to this project are (sorted by last name):
- Eric Astor
- Damien Desfontaines
- Christoph Dibak
- Alain Forget
- Bryant Gipson
- Shruthi Gorantala (Lead)
- Miguel Guevara
- Aishwarya Krishnamurthy
- Sasha Kulankhina
- William Lam
- David Marn
- Rafael Misoczki
- Bernat Guillén Pegueroles
- Milinda Perera
- Sean Purser-Haskell
- Sam Ruth
- Rob Springer
- Yurii Sushko
- Cameron Tew
- Royce Wilson
- Xinyu Ye
- Itai Zukerman
- Iliyan Malchev
To cite FHE Transpiler in academic papers, please use the following entry:
@misc{cryptoeprint:2021/811,
author = {Shruthi Gorantala and Rob Springer and Sean Purser-Haskell and William Lam and Royce Wilson and Asra Ali and Eric P. Astor and Itai Zukerman and Sam Ruth and Christoph Dibak and Phillipp Schoppmann and Sasha Kulankhina and Alain Forget and David Marn and Cameron Tew and Rafael Misoczki and Bernat Guillen and Xinyu Ye and Dennis Kraft and Damien Desfontaines and Aishe Krishnamurthy and Miguel Guevara and Irippuge Milinda Perera and Yurii Sushko and Bryant Gipson},
title = {A General Purpose Transpiler for Fully Homomorphic Encryption},
howpublished = {Cryptology ePrint Archive, Paper 2021/811},
year = {2021},
note = {\url{https://eprint.iacr.org/2021/811}},
url = {https://eprint.iacr.org/2021/811}
}