Table of Contents
Fetching ...

Multi-Input Ciphertext Multiplication for Homomorphic Encryption

Sajjad Akherati, Xinmiao Zhang

TL;DR

This work addresses the need for efficient multiplication of more than two ciphertexts in CKKS by developing a multi-input ciphertext multiplier framework. It first improves the existing three-input multiplier by reformulating relinearization and rescaling to share intermediate results, and then extends to arbitrary input counts using a tree structure and a novel multi-rescaling technique that keeps the multiplicative depth manageable. The approach introduces new evaluation keys for higher-order terms and provides guidelines for input partitioning to maximize rescaling merging while preserving noise bounds, achieving substantial hardware efficiency gains. Practically, the proposed architectures yield up to about 32% area and 45% latency reductions (4–12 inputs) and roughly 50% latency reduction (3-input improved) with favorable memory footprints, enabling faster privacy-preserving computations on encrypted data.

Abstract

Homomorphic encryption (HE) enables arithmetic operations to be performed directly on encrypted data. It is essential for privacy-preserving applications such as machine learning, medical diagnosis, and financial data analysis. In popular HE schemes, ciphertext multiplication is only defined for two inputs. However, the multiplication of multiple inputs is needed in many HE applications. In our previous work, a three-input ciphertext multiplication method for the CKKS HE scheme was developed. This paper first reformulates the three-input ciphertext multiplication to enable the combination of computations in order to further reduce the complexity. The second contribution is extending the multiplication to multiple inputs without compromising the noise overhead. Additional evaluation keys are introduced to achieve relinearization of polynomial multiplication results. To minimize the complexity of the large number of rescaling units in the multiplier, a theoretical analysis is developed to relocate the rescaling, and a multi-level rescaling approach is proposed to implement combined rescaling with complexity similar to that of a single rescaling unit. Guidelines and examples are provided on the input partition to enable the combination of more rescaling. Additionally, efficient hardware architectures are designed to implement our proposed multipliers. The improved three-input ciphertext multiplier reduces the logic area and latency by 15% and 50%, respectively, compared to the best prior design. For multipliers with more inputs, ranging from 4 to 12, the architectural analysis reveals 32% savings in area and 45% shorter latency, on average, compared to prior work.

Multi-Input Ciphertext Multiplication for Homomorphic Encryption

TL;DR

This work addresses the need for efficient multiplication of more than two ciphertexts in CKKS by developing a multi-input ciphertext multiplier framework. It first improves the existing three-input multiplier by reformulating relinearization and rescaling to share intermediate results, and then extends to arbitrary input counts using a tree structure and a novel multi-rescaling technique that keeps the multiplicative depth manageable. The approach introduces new evaluation keys for higher-order terms and provides guidelines for input partitioning to maximize rescaling merging while preserving noise bounds, achieving substantial hardware efficiency gains. Practically, the proposed architectures yield up to about 32% area and 45% latency reductions (4–12 inputs) and roughly 50% latency reduction (3-input improved) with favorable memory footprints, enabling faster privacy-preserving computations on encrypted data.

Abstract

Homomorphic encryption (HE) enables arithmetic operations to be performed directly on encrypted data. It is essential for privacy-preserving applications such as machine learning, medical diagnosis, and financial data analysis. In popular HE schemes, ciphertext multiplication is only defined for two inputs. However, the multiplication of multiple inputs is needed in many HE applications. In our previous work, a three-input ciphertext multiplication method for the CKKS HE scheme was developed. This paper first reformulates the three-input ciphertext multiplication to enable the combination of computations in order to further reduce the complexity. The second contribution is extending the multiplication to multiple inputs without compromising the noise overhead. Additional evaluation keys are introduced to achieve relinearization of polynomial multiplication results. To minimize the complexity of the large number of rescaling units in the multiplier, a theoretical analysis is developed to relocate the rescaling, and a multi-level rescaling approach is proposed to implement combined rescaling with complexity similar to that of a single rescaling unit. Guidelines and examples are provided on the input partition to enable the combination of more rescaling. Additionally, efficient hardware architectures are designed to implement our proposed multipliers. The improved three-input ciphertext multiplier reduces the logic area and latency by 15% and 50%, respectively, compared to the best prior design. For multipliers with more inputs, ranging from 4 to 12, the architectural analysis reveals 32% savings in area and 45% shorter latency, on average, compared to prior work.
Paper Structure (13 sections, 24 equations, 6 figures, 7 tables, 1 algorithm)

This paper contains 13 sections, 24 equations, 6 figures, 7 tables, 1 algorithm.

Figures (6)

  • Figure 1: Hardware architectures for: (a) 2-input ciphertext multiplication using the RNS-CKKS scheme 3-ct_mult; (b) ModUp operation; (c) ModDown operation; and (d) rescaling (RS).
  • Figure 2: (a) Block diagram for three-input ciphertext multiplication using the RNS-CKKS scheme 3-ct_mult; (b) architecture for polynomial multiplication (PM) in three-input ciphertext multiplication; (c) architecture for relinearization. The ModUp, ModDown, and RS blocks are implemented using the architecture in Fig. \ref{['fig: 2 ct mult arc']}(b), (c), and (d), respectively.
  • Figure 3: (a) Block diagram for the proposed improved three-input ciphertext multiplication; (b) architecture for relinearization; (c) architecture for rs block according to \ref{['eq: 1-rs']}; and (d) the architecture for RS* block. The computations inside the dashed block in (b) correspond to those for the ModDown operation after applying the proposed improvements in Section \ref{['sec: low-complexity ciphertext multiplication']}
  • Figure 4: Hardware implementation architecture of the proposed multi-RS for $\mu=2$ (2-RS).
  • Figure 5: Block diagram for the 6-input ciphertext multiplication: (a) the ciphertexts are partitioned to $(2,2,2)$; (b) the ciphertexts are grouped as $(5,1)\mid(3,2)$.
  • ...and 1 more figures