Secure Convolutional Neural Network using FHE

TL;DR

This paper presents a method to securely run convolutional neural networks on encrypted data using Fully Homomorphic Encryption, enabling privacy-preserving cloud-based classification without revealing model or data.

Contribution

It introduces a real number framework over FHE with fixed point representation, including secure comparison, max functions, and a ReLU, enabling practical encrypted CNN inference.

Findings

Encrypted CNN achieves accuracy comparable to unencrypted models.

The framework supports basic arithmetic, comparison, and ReLU in encrypted form.

Experimental results validate the approach on handwritten digit classification.

Abstract

In this paper, a secure Convolutional Neural Network classifier is proposed using Fully Homomorphic Encryption (FHE). The secure classifier provides a user with the ability to out-source the computations to a powerful cloud server and/or setup a server to classify inputs without providing the model or revealing source data. To this end, a real number framework is developed over FHE by using a fixed point format with binary digits. This allows for real number computations for basic operators like addition, subtraction, and multiplication but also to include secure comparisons and max functions. Additionally, a rectified linear unit is designed and realized in the framework. Experimentally, the model was verified using a Convolutional Neural Network trained for handwritten digits. This encrypted implementation shows accurate results for all classification when compared against an unencrypted implementation.