Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Nemesis: Noise-randomized Encryption with Modular Efficiency and Secure Integration in Machine Learning Systems

Dongfang Zhao

TL;DR

Nemesis tackles the high computational cost of Fully Homomorphic Encryption in privacy-preserving ML by introducing a caching-based framework for multi-slot FHE, integrating precomputation, reconstruction, and randomization to boost throughput without sacrificing security or accuracy. Built on CKKS and extending prior work like Rache, Nemesis provides formal IND-CPA security guarantees and demonstrates substantial end-to-end speedups in federated settings using OpenFHE and PFLlib on standard datasets. The approach achieves near-constant precomputation costs, while reconstruction remains the dominant runtime factor, guiding future optimization efforts. The practical impact is a more scalable path to deploying privacy-preserving ML at scale in real-world applications.

Abstract

Machine learning (ML) systems that guarantee security and privacy often rely on Fully Homomorphic Encryption (FHE) as a cornerstone technique, enabling computations on encrypted data without exposing sensitive information. However, a critical limitation of FHE is its computational inefficiency, making it impractical for large-scale applications. In this work, we propose \textit{Nemesis}, a framework that accelerates FHE-based systems without compromising accuracy or security. The design of Nemesis is inspired by Rache (SIGMOD'23), which introduced a caching mechanism for encrypted integers and scalars. Nemesis extends this idea with more advanced caching techniques and mathematical tools, enabling efficient operations over multi-slot FHE schemes and overcoming Rache's limitations to support general plaintext structures. We formally prove the security of Nemesis under standard cryptographic assumptions and evaluate its performance extensively on widely used datasets, including MNIST, FashionMNIST, and CIFAR-10. Experimental results show that Nemesis significantly reduces the computational overhead of FHE-based ML systems, paving the way for broader adoption of privacy-preserving technologies.

Nemesis: Noise-randomized Encryption with Modular Efficiency and Secure Integration in Machine Learning Systems

TL;DR

Nemesis tackles the high computational cost of Fully Homomorphic Encryption in privacy-preserving ML by introducing a caching-based framework for multi-slot FHE, integrating precomputation, reconstruction, and randomization to boost throughput without sacrificing security or accuracy. Built on CKKS and extending prior work like Rache, Nemesis provides formal IND-CPA security guarantees and demonstrates substantial end-to-end speedups in federated settings using OpenFHE and PFLlib on standard datasets. The approach achieves near-constant precomputation costs, while reconstruction remains the dominant runtime factor, guiding future optimization efforts. The practical impact is a more scalable path to deploying privacy-preserving ML at scale in real-world applications.

Abstract

Machine learning (ML) systems that guarantee security and privacy often rely on Fully Homomorphic Encryption (FHE) as a cornerstone technique, enabling computations on encrypted data without exposing sensitive information. However, a critical limitation of FHE is its computational inefficiency, making it impractical for large-scale applications. In this work, we propose \textit{Nemesis}, a framework that accelerates FHE-based systems without compromising accuracy or security. The design of Nemesis is inspired by Rache (SIGMOD'23), which introduced a caching mechanism for encrypted integers and scalars. Nemesis extends this idea with more advanced caching techniques and mathematical tools, enabling efficient operations over multi-slot FHE schemes and overcoming Rache's limitations to support general plaintext structures. We formally prove the security of Nemesis under standard cryptographic assumptions and evaluate its performance extensively on widely used datasets, including MNIST, FashionMNIST, and CIFAR-10. Experimental results show that Nemesis significantly reduces the computational overhead of FHE-based ML systems, paving the way for broader adoption of privacy-preserving technologies.

Paper Structure

This paper contains 21 sections, 1 theorem, 12 equations, 5 figures, 1 table, 3 algorithms.

Table of Contents

  1. Introduction
  2. Related Work and Preliminaries
  3. Methodology
  4. Precomputation in Nemesis
  5. Reconstruction in Nemesis
  6. Randomization in Nemesis
  7. Security Analysis
  8. Threat Model
  9. Security Proof
  10. Evaluation
  11. System Implementation
  12. PFLlib
  13. OpenFHE
  14. Experimental Setup
  15. Feature Comparison with State-of-the-arts
  16. ...and 6 more sections

Key Result

Proposition 3.1

Under the assumption that the underlying FHE scheme is IND-CPA secure, Nemesis maintains semantic security for all ciphertexts generated by the scheme.

Figures (5)

  • Figure 1: Comparison of Nemesis, CKKS Batch, Rache, and CKKS Naïve methods.
  • Figure 2: Nemesis' Time Overhead (i.e., precomputation) for Plaintext Packing and Batch Encryption across Different Batch Sizes
  • Figure 3: Nemesis' Reconstruction Time with Different Batch Sizes.
  • Figure 4: Nemesis' Randomization Time with Different Batch Sizes.
  • Figure 5: End-to-end time distribution across Nemesis stages for varying batch sizes.

Theorems & Definitions (2)

  • Proposition 3.1
  • proof