Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

FHE-Agent: Automating CKKS Configuration for Practical Encrypted Inference via an LLM-Guided Agentic Framework

Nuo Xu, Zhaoting Gong, Ran Ran, Jinwei Tang, Wujie Wen, Caiwen Ding

TL;DR

This work tackles the practical deployment challenge of CKKS-based encrypted inference by reframing CKKS configuration as a resource-limited, multi-objective search. It introduces FHE-Agent, an agentic framework that couples an LLM-based controller with a deterministic tool-suite to decompose global CKKS parameters from layer-specific packing, guided by a three-phase, multi-fidelity workflow. The system exposes static analyzers, layer profilers, and a cost model as tools, enabling safe exploration under an encrypted-evaluation budget and delivering feasible, 128-bit secure configurations across standard models, often with lower latency than naïve prompts. The results demonstrate that agent-guided orchestration can automatically discover high-quality CKKS configurations, improving precision and reducing encrypted inference time, and paving the way for scalable, auditable encrypted MLaaS deployment across varied architectures and backends.

Abstract

Fully Homomorphic Encryption (FHE), particularly the CKKS scheme, is a promising enabler for privacy-preserving MLaaS, but its practical deployment faces a prohibitive barrier: it heavily relies on domain expertise. Configuring CKKS involves a tightly coupled space of ring dimensions, modulus chains, and packing layouts. Without deep cryptographic knowledge to navigate these interactions, practitioners are restricted to compilers that rely on fixed heuristics. These "one-shot" tools often emit rigid configurations that are either severely over-provisioned in latency or fail to find a feasible solution entirely for deeper networks. We present FHE-Agent, an agentic framework that automates this expert reasoning process. By coupling a Large Language Model (LLM) controller with a deterministic tool suite, FHE-Agent decomposes the search into global parameter selection and layer-wise bottleneck repair. The agents operate within a multi-fidelity workflow, pruning invalid regimes using cheap static analysis and reserving expensive encrypted evaluations for the most promising candidates. We instantiate FHE-Agent on the Orion compiler and evaluate it on standard benchmarks (MLP, LeNet, LoLa) and deeper architectures (AlexNet). FHE-Agent consistently achieves better precision and lower latency than naïve search strategies. Crucially, it automatically discovers feasible, 128-bit secure configurations for complex models where baseline heuristics and one-shot prompts fail to produce a valid setup.

FHE-Agent: Automating CKKS Configuration for Practical Encrypted Inference via an LLM-Guided Agentic Framework

TL;DR

This work tackles the practical deployment challenge of CKKS-based encrypted inference by reframing CKKS configuration as a resource-limited, multi-objective search. It introduces FHE-Agent, an agentic framework that couples an LLM-based controller with a deterministic tool-suite to decompose global CKKS parameters from layer-specific packing, guided by a three-phase, multi-fidelity workflow. The system exposes static analyzers, layer profilers, and a cost model as tools, enabling safe exploration under an encrypted-evaluation budget and delivering feasible, 128-bit secure configurations across standard models, often with lower latency than naïve prompts. The results demonstrate that agent-guided orchestration can automatically discover high-quality CKKS configurations, improving precision and reducing encrypted inference time, and paving the way for scalable, auditable encrypted MLaaS deployment across varied architectures and backends.

Abstract

Fully Homomorphic Encryption (FHE), particularly the CKKS scheme, is a promising enabler for privacy-preserving MLaaS, but its practical deployment faces a prohibitive barrier: it heavily relies on domain expertise. Configuring CKKS involves a tightly coupled space of ring dimensions, modulus chains, and packing layouts. Without deep cryptographic knowledge to navigate these interactions, practitioners are restricted to compilers that rely on fixed heuristics. These "one-shot" tools often emit rigid configurations that are either severely over-provisioned in latency or fail to find a feasible solution entirely for deeper networks. We present FHE-Agent, an agentic framework that automates this expert reasoning process. By coupling a Large Language Model (LLM) controller with a deterministic tool suite, FHE-Agent decomposes the search into global parameter selection and layer-wise bottleneck repair. The agents operate within a multi-fidelity workflow, pruning invalid regimes using cheap static analysis and reserving expensive encrypted evaluations for the most promising candidates. We instantiate FHE-Agent on the Orion compiler and evaluate it on standard benchmarks (MLP, LeNet, LoLa) and deeper architectures (AlexNet). FHE-Agent consistently achieves better precision and lower latency than naïve search strategies. Crucially, it automatically discovers feasible, 128-bit secure configurations for complex models where baseline heuristics and one-shot prompts fail to produce a valid setup.

Paper Structure

This paper contains 29 sections, 7 equations, 1 figure, 2 tables.

Table of Contents

  1. Introduction
  2. Background and Related Work
  3. FHE Encrypted Inference using CKKS
  4. FHE Libraries and Compilers
  5. LLM-Based Agentic Workflows
  6. Threat Model and Deployment Setting
  7. Threat Model
  8. Config Space and Optimization Problem
  9. FHE-Agent System Design and Optimization Workflow
  10. FHE Tool Suite and Backend Capabilities
  11. StaticAnalyzer.
  12. LayerProfiler.
  13. BootstrapScheduler.
  14. CostModel.
  15. EncryptedEvaluator.
  16. ...and 14 more sections

Figures (1)

  • Figure 1: Overview of FHE-Agent. A multi-agent controller (top) runs on the cloud and orchestrates a deterministic FHE tool suite (middle) on top of CKKS backends (bottom). Phase A performs simulation-only structure search, Phase B calibrates the cost model with a few encrypted runs, and Phase C applies admitted refinements under a global FHE budget. The trace repository stores configurations, metrics, and decisions for reuse across deployments, while the client only uploads encrypted inputs and receives encrypted outputs.