Sensitive financial, health, and identity data is protected by encryption methods like the Advanced Encryption Standard (AES), which translates data into a code that can only be decrypted by a special key. However, data must be decrypted for computation to occur. Once “in the clear,” that data is vulnerable to compromise.
Fully homomorphic encryption (FHE) helps ensure that this “last mile” of data confidentiality is secure, by keeping data encrypted even when computation is occurring. Data is encrypted by data providers before being transmitted (for example, to a cloud server) for computation. Computation can then take place, and encrypted results can be returned for decryption. However, current software-based FHE techniques are not efficient enough to make this level of security practical. DARPA’s DPRIVE program was developed to “design and implement a hardware accelerator for FHE computations that aims to significantly reduce the current computational burden to drastically speed up FHE calculations.”
Galois proposes the Bespoke Asynchronous Silicon-Accelerated LWE Intrinsics through Software/Hardware Codesign (BASALISC) project to answer this challenge. BASALISC will realize both hardware and software innovations, bringing together Galois’s core strengths in homomorphic encryption, formal verification, advanced ASIC design, and compiler research to create an accelerator that maximizes efficient FHE performance while remaining flexible enough to support diverse FHE parameter settings. The project derives its inspiration from the mythical basilisk that could repel threats with a glance, essentially protecting its own “last mile.”
Galois believes BASALISC will succeed by taking a software/hardware co-design approach, and by formally verifying the basic computation engines included in the BASALISC design.
Galois’s Cryptol domain-specific language will be central to providing correct-by-construction circuit synthesis and proofs of correct operation for the accelerator.
In order to achieve our target performance at reasonable power and area cost, Galois plans to use asynchronous circuit design techniques for the core functionality of BASALISC. Asynchronous designs take variable amounts of time to compute, allowing each computation to run “as fast as it can,” rather than being limited by the worst case.
Traditional CPU architectures are designed to efficiently move and compute on small data elements—64 bits or so. However, the mechanisms used to enable computation on encrypted data via FHE result in individual data elements that are much larger, even megabytes in size. To address this challenge in BASALISC, Galois plans to create its own dataflow microarchitecture designed to route data “just in time” to independently operating processing elements. As part of this dataflow engine Galois will develop optimized access sequences to support commonly used optimizations, such as the “butterfly” sequences needed to implement the Discrete Fourier Transforms used in homomorphic multiplication.
Galois believes an overall performance gain of ~10,000X is feasible relative to current software-based FHE solutions. Roughly, we expect the following key gains:
BASALISC is designed to substantially enhance the performance of FHE for key application classes, resulting in a potential sea change for FHE adoption.
This material is based upon work supported by the Defense Advanced Research Projects Agency (DARPA) under Contract No. HR0011-21-C-0034. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Defense Advanced Research Projects Agency (DARPA).