An End-to-End Homomorphically Encrypted Neural Network

TL;DR

This paper introduces a homomorphically encrypted neural network architecture that enables secure, privacy-preserving data processing with comparable accuracy to traditional neural networks, using a novel Differentiable Soft-Argmax layer.

Contribution

It presents a new homomorphic neural network architecture with a novel differentiable layer, achieving privacy without significant accuracy loss.

Findings

Achieves up to 82.5% of the accuracy of plain models.

Maintains full privacy and security during inference.

Introduces a Differentiable Soft-Argmax layer for encrypted output calibration.

Abstract

Every commercially available, state-of-the-art neural network consume plain input data, which is a well-known privacy concern. We propose a new architecture based on homomorphic encryption, which allows the neural network to operate on encrypted data. We show that Homomorphic Neural Networks (HNN) can achieve full privacy and security while maintaining levels of accuracy comparable to plain neural networks. We also introduce a new layer, the Differentiable Soft-Argmax, which allows the calibration of output logits in the encrypted domain, raising the entropy of the activation parameters, thus improving the security of the model, while keeping the overall noise below the acceptable noise budget. Experiments were conducted using the Stanford Sentiment Treebank (SST-2) corpora on the DistilBERT base uncased finetuned SST-2 English sentiment analysis model, and the results show that the HNN model can achieve up to 82.5% of the accuracy of the plain model while maintaining full privacy and security.