Multi Party FHE#
Multi-Party FHE allows a set of parties to collaborate in computing some function over their combined secret data while not revealing their respective data to any of the other parties. For example, multiple parties may join to train a single model based on the secret data of the different parties.
Using a regular public-key setting for such a use-case will not be secure, since it requires the parties to trust the holder of the secret key, whether it is one of the parties or a “trusted” third party. In the multi-party FHE setting, none of the parties has a hold on the secret key. Instead, each party has its own secret key. The public keys (which include the encryption key and the FHE evaluation keys) are generated in an initialization protocol (a.k.a InitProtocol) between the parties. To decrypt a ciphertext, all the parties (key-owners) need to give their consent and to take part in a decryption protocol (a.k.a. DecryptProtocol).
Using Multi Party FHE with HeLayers#
Setup: Every party that wants to participate in a joint multi-party FHE computation (via InitProtocol, FHE computations, and DecryptProtocol - see below) must first extend its FHE context (HeContext) with multi-party configuration information (MultiPartyConfig) which specifies the role (MultiPartyRole) that the party is expected to play in the protocols and identifies the other collaborating parties and their respective roles.
Initialize keys: Every party that wants to participate in a joint multi-party FHE computation while keeping its own data secret from the other parties, must first set its own private secret key (a.k.a. a private “key-share”) known only to itself. All the parties then communicate via an InitProtocol and jointly compute the shared public FHE keys, which include the public encryption key and the public evaluation keys that enable the FHE computations (see below).
Private Data Encryption: Every party can now encrypt its own private data using the shared public encryption key that was jointly computed in the previous step. Any data encrypted with the shared public encryption key, or resulting from FHE computations based on such encrypted data, can only be decrypted via a Decryption protocol in which all the parties participate (see below). Thus, the private data encrypted by the various parties can be communicated and shared among the parties without the risk of it being decrypted by any single party or by a subset of colluding parties.
FHE computation: Anyone with access to the shared public evaluation keys and to private data encrypted with the shared public encryption key can now perform FHE computations involving the encrypted data of the multiple parties. This computation can be carried out by the original parties that participated in the InitProtocol (see above) but also by a “new” participant such as a public cloud service.
Decryption: The result of the FHE computation described above is a ciphertext, which can only be decrypted via a Decryption protocol (DecryptProtocol) in which all the parties participate. All the parties jointly compute the decrypted plaintext using their respective private secret keys (which were created in the above Initialize keys step).
See an example for the above steps in an example cpp program (HE utilities tutorials) where two parties train a shared Linear-Regression model based on their respective private data, using a separate server to perform the training on their private encrypted data, and then joining to decrypt the result.
Main classes:#
Class name |
Description |
|---|---|
The main access point to the underlying cryptographic library. Initialized during startup to a specific library and scheme. Most other classes receive a reference to it in their constructors. |
|
A configuration of the role that the party is expected to play in the protocols and of identities of the other collaborating parties and their respective roles. |
|
A multi-party protocol in which the parties collaborate to compute shared public FHE keys (for encryption and evaluation) in several rounds involving message communication and processing. |
|
A multi-party protocol in which the parties collaborate to decrypt a given ciphertext using their respective secret key-shares, in several rounds involving message communication and processing. |
|
A message sent and received in a protocol. The message structure depends on the particular protocol. |
Most of the classes listed in the above table have inherited classes that correspond to corresponding FHE contexts. For example, OpenFheCkksInitProtocol inherit from the InitProtocol class.