Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

mmFHE: mmWave Sensing with End-to-End Fully Homomorphic Encryption

Tanvir Ahmed, Yixuan Gao, Adnan Armouti, Rajalakshmi Nandakumar

Abstract

We present mmFHE, the first system that enables fully homomorphic encryption (FHE) for end-to-end mmWave radar sensing. mmFHE encrypts raw range profiles on a lightweight edge device and executes the entire mmWave signal-processing and ML inference pipeline homomorphically on an untrusted cloud that operates exclusively on ciphertexts. At the core of mmFHE is a library of seven composable, data-oblivious FHE kernels that replace standard DSP routines with fixed arithmetic circuits. These kernels can be flexibly composed into different application-specific pipelines. We demonstrate this approach on two representative tasks: vital-sign monitoring and gesture recognition. We formally prove two cryptographic guarantees for any pipeline assembled from this library: input privacy, the cloud learns nothing about the sensor data; and data obliviousness, the execution trace is identical on the cloud regardless of the data being processed. These guarantees effectively neutralize various supervised and unsupervised privacy attacks on raw data, including re-identification and data-dependent privacy leakage. Evaluation on three public radar datasets (270 vital-sign recordings, 600 gesture trials) shows that encryption introduces negligible error: HR/RR MAE <10^-3 bpm versus plaintext, and 84.5% gesture accuracy (vs. 84.7% plaintext) with end-to-end cloud GPU latency of 103s for a 10s vital-sign window and 37s for a 3s gesture window. These results show that privacy-preserving end-to-end mmWave sensing is feasible on commodity hardware today.

mmFHE: mmWave Sensing with End-to-End Fully Homomorphic Encryption

Abstract

We present mmFHE, the first system that enables fully homomorphic encryption (FHE) for end-to-end mmWave radar sensing. mmFHE encrypts raw range profiles on a lightweight edge device and executes the entire mmWave signal-processing and ML inference pipeline homomorphically on an untrusted cloud that operates exclusively on ciphertexts. At the core of mmFHE is a library of seven composable, data-oblivious FHE kernels that replace standard DSP routines with fixed arithmetic circuits. These kernels can be flexibly composed into different application-specific pipelines. We demonstrate this approach on two representative tasks: vital-sign monitoring and gesture recognition. We formally prove two cryptographic guarantees for any pipeline assembled from this library: input privacy, the cloud learns nothing about the sensor data; and data obliviousness, the execution trace is identical on the cloud regardless of the data being processed. These guarantees effectively neutralize various supervised and unsupervised privacy attacks on raw data, including re-identification and data-dependent privacy leakage. Evaluation on three public radar datasets (270 vital-sign recordings, 600 gesture trials) shows that encryption introduces negligible error: HR/RR MAE <10^-3 bpm versus plaintext, and 84.5% gesture accuracy (vs. 84.7% plaintext) with end-to-end cloud GPU latency of 103s for a 10s vital-sign window and 37s for a 3s gesture window. These results show that privacy-preserving end-to-end mmWave sensing is feasible on commodity hardware today.
Paper Structure (40 sections, 5 theorems, 16 equations, 3 figures, 9 tables)

This paper contains 40 sections, 5 theorems, 16 equations, 3 figures, 9 tables.

Table of Contents

  1. Introduction
  2. Motivation
  3. User re-identification from gesture data.
  4. Unsupervised linkability.
  5. Execution trace leakage from data-dependent algorithms
  6. mmFHE
  7. Threat Model
  8. Homomorphic Encryption Primer
  9. System Design
  10. Overview
  11. Pre-Cloud Client-Side Algorithms
  12. Cloud-Side Algorithms
  13. Kernel 1: Energy Integration
  14. Kernel 2: Soft Power Attention
  15. Kernel 3: DFT via Block-Diagonal Matmul
  16. ...and 25 more sections

Key Result

proposition 1

Let $\{\mathbf{z}[r, t]\}_{t=1}^{F}$ be a plaintext FMCW range-profile stream with carrier wavelength $\lambda$, slow-time sampling rate $f_s \geq 2 f_{\mu}$ (where $f_{\mu}$ is the highest micro-motion frequency of interest), and observation duration $F/f_s \geq T_{\min}$. Any protocol that grants

Figures (3)

  • Figure 1: Unsupervised privacy leakage from raw mmWave data. a): Linkability ROC on 50 children (AUC = 0.981). b): UMAP of gesture features (12 users); per-user clusters form without labels.
  • Figure 2: mmFHE end-to-end architecture. The trusted edge client encrypts raw range-FFT profiles under CKKS and sends ciphertexts to an untrusted cloud, which executes the entire DSP and ML inference pipeline using composable FHE kernels (K1--K7) over encrypted data. The cloud never observes any plaintext value. The client decrypts only authorized outputs (HR/RR BPM or waveform, or classification logits). Legend: black arrows = unencrypted plaintext, teal arrows = encrypted ciphertext, dashed arrows = keys.
  • Figure 3: Per-kernel encryption noise (MSE between encrypted and plaintext execution of the identical pipeline) at each stage. Bars are not monotonically increasing: kernels that contract the value range (e.g., plaintext rescaling in K4) reduce absolute error, while those that amplify it (K2 squaring, FC matmul) increase it.

Theorems & Definitions (5)

  • proposition 1: Inseparability Property and Biometric Leakage of Coherent Radar Streams
  • proposition 2: Side-Channel Leakage from Data-Dependent DSP
  • theorem 1: Input Privacy guarantee of mmFHE
  • theorem 2: Data Obliviousness Guarantee of mmFHE
  • theorem 3: Inseparability Property of Coherent Radar Streams