Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

New Permutation Decomposition Techniques for Efficient Homomorphic Permutation

Xirong Ma, Junling Fang, Chunpeng Ge, Dung Hoang Duong, Yali Jiang, Yanbin Li, Willy Susilo, Lizhen Cui

TL;DR

The paper addresses the dominant cost of homomorphic permutation in batch-encoded HE by introducing an ideal-depth decomposition framework and a novel network-based approach for arbitrary permutations. It proves depth-1 and full-depth ideal decomposability for key permutations in homomorphic matrix transposition and multiplication, enabling asymptotic speedups and rotation-key reductions, including up to $3.9\times$ latency savings in encrypted neural network inference. Additionally, it presents a flexible encoding-space strategy and a multi-group network design that achieves up to $1.69\times$ speedups with minimal rotation-key overhead for arbitrary permutations. The combinations of decomposition-based optimizations and network-inspired computation offer practical, parameter-tunable improvements over traditional Benes-network-based methods, with broad applicability to HE-based privacy-preserving matrix operations and neural network inference.

Abstract

Homomorphic permutation is fundamental to privacy-preserving computations based on batch-encoding homomorphic encryption. It underpins nearly all homomorphic matrix operations and predominantly influences their complexity. Permutation decomposition as a potential approach to optimize this critical component remains underexplored. In this paper, we propose novel decomposition techniques to optimize homomorphic permutations, advancing homomorphic encryption-based privacy-preserving computations. We start by defining an ideal decomposition form for permutations and propose an algorithm searching for depth-1 ideal decompositions. Based on this, we prove the full-depth ideal decomposability of permutations used in specific homomorphic matrix transposition (HMT) and multiplication (HMM) algorithms, allowing them to achieve asymptotic improvement in speed and rotation key reduction. As a demonstration of applicability, substituting the HMM components in the best-known inference framework of encrypted neural networks with our enhanced version shows up to $3.9\times$ reduction in latency. We further devise a new method for computing arbitrary homomorphic permutations, specifically those with weak structures that cannot be ideally decomposed. We design a network structure that deviates from the conventional scope of decomposition and outperforms the state-of-the-art technique with a speed-up of up to $1.69\times$ under a minimal rotation key requirement.

New Permutation Decomposition Techniques for Efficient Homomorphic Permutation

TL;DR

The paper addresses the dominant cost of homomorphic permutation in batch-encoded HE by introducing an ideal-depth decomposition framework and a novel network-based approach for arbitrary permutations. It proves depth-1 and full-depth ideal decomposability for key permutations in homomorphic matrix transposition and multiplication, enabling asymptotic speedups and rotation-key reductions, including up to latency savings in encrypted neural network inference. Additionally, it presents a flexible encoding-space strategy and a multi-group network design that achieves up to speedups with minimal rotation-key overhead for arbitrary permutations. The combinations of decomposition-based optimizations and network-inspired computation offer practical, parameter-tunable improvements over traditional Benes-network-based methods, with broad applicability to HE-based privacy-preserving matrix operations and neural network inference.

Abstract

Homomorphic permutation is fundamental to privacy-preserving computations based on batch-encoding homomorphic encryption. It underpins nearly all homomorphic matrix operations and predominantly influences their complexity. Permutation decomposition as a potential approach to optimize this critical component remains underexplored. In this paper, we propose novel decomposition techniques to optimize homomorphic permutations, advancing homomorphic encryption-based privacy-preserving computations. We start by defining an ideal decomposition form for permutations and propose an algorithm searching for depth-1 ideal decompositions. Based on this, we prove the full-depth ideal decomposability of permutations used in specific homomorphic matrix transposition (HMT) and multiplication (HMM) algorithms, allowing them to achieve asymptotic improvement in speed and rotation key reduction. As a demonstration of applicability, substituting the HMM components in the best-known inference framework of encrypted neural networks with our enhanced version shows up to reduction in latency. We further devise a new method for computing arbitrary homomorphic permutations, specifically those with weak structures that cannot be ideally decomposed. We design a network structure that deviates from the conventional scope of decomposition and outperforms the state-of-the-art technique with a speed-up of up to under a minimal rotation key requirement.

Paper Structure

This paper contains 43 sections, 5 theorems, 34 equations, 9 figures, 9 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Technique Overview & Contributions
  3. Background and Preliminary
  4. Notations
  5. Batch-encoding Homomorphic Encryption
  6. Homomorphic Permutation
  7. Permutation Decomposition
  8. Searching Ideal Depth-1 Decomposition
  9. Basic Decomposition Pattern
  10. Concrete Design
  11. Full-depth Ideal Decomposability on Specific Permutations
  12. Homomorphic Matrix Transposition
  13. Case with Dimension a Power of $2$
  14. Case with Arbitrary Dimension
  15. Homomorphic Matrix Multiplication
  16. ...and 28 more sections

Key Result

Theorem 1

MA2024103658Let $U$ be an $n \times n$ matrix formed by the product of two square matrices $U_L$ and $U_R$. Then, $U[i,j] = \sum_{a=0}^{n-1} U_L[i,a] \cdot U_R[a,j]$, and the diagonal index $k = j - i$ of $U[i,j]$ can be decomposed as the sum of the diagonal index $k_L = a - i$ of $U_L[i,a]$ and the

Figures (9)

  • Figure 1: Depth-2 ideal decomposition on a $32\times 32$ permutation with non-zero diagonal indices in $\{2\cdot i\mid -6\leq i\leq 6 \}$
  • Figure 2: Decompose single entry in $8\times 8$ permutation matrix
  • Figure 3: Applying depth-1 ideal decomposition search to $U^t$ of size $16\times 16$.
  • Figure 4: A multi-group network instance constructed for a length-$16$ permutation
  • Figure 5: Optimized ciphertext replication by multi-layer construction (using $\ell=2,d=4\times 2\times 2$ as an example)
  • ...and 4 more figures

Theorems & Definitions (10)

  • Theorem 1
  • Definition 1
  • Theorem 2
  • proof
  • Theorem 3
  • proof
  • Theorem 4
  • proof
  • Theorem 5
  • proof