PRISM: Privacy-preserving Inference System with Homomorphic Encryption and Modular Activation

TL;DR

This paper introduces PRISM, a system that enables privacy-preserving inference on encrypted data using homomorphic encryption by approximating non-linear functions, achieving high accuracy with manageable computational costs.

Contribution

It proposes a novel framework that replaces non-linear activation functions with homomorphically compatible approximations in CNNs, optimizing privacy-preserving inference.

Findings

Achieves 94.4% accuracy on CIFAR-10

Per-sample inference time of 2.42 seconds

Supports large-scale encrypted data processing

Abstract

With the rapid advancements in machine learning, models have become increasingly capable of learning and making predictions in various industries. However, deploying these models in critical infrastructures presents a major challenge, as concerns about data privacy prevent unrestricted data sharing. Homomorphic encryption (HE) offers a solution by enabling computations on encrypted data, but it remains incompatible with machine learning models like convolutional neural networks (CNNs), due to their reliance on non-linear activation functions. To bridge this gap, this work proposes an optimized framework that replaces standard non-linear functions with homomorphically compatible approximations, ensuring secure computations while minimizing computational overhead. The proposed approach restructures the CNN architecture and introduces an efficient activation function approximation method to mitigate the performance trade-offs introduced by encryption. Experiments on CIFAR-10 achieve 94.4% accuracy with 2.42 s per single encrypted sample and 24,000 s per 10,000 encrypted samples, using a degree-4 polynomial and Softplus activation under CKKS, balancing accuracy and privacy.