Hacker News new | past | comments | ask | show | jobs | submit login
Cupcake - A Rust library for lattice-based additive homomorphic encryption (github.com/facebookresearch)
102 points by Karrot_Kream on June 24, 2021 | hide | past | favorite | 8 comments



Pretty cool:

https://github.com/facebookresearch/Cupcake/blob/main/exampl...

Looks really straightforward. For reference, output for the above program:

Encrypting a constant vector v of 1s...decrypted v: [1, 1, ..., 1]

Encrypting a constant vector w of 2s...decrypted w: [2, 2, ..., 2]

Decrypting the sum...decrypted v+w: [3, 3, ..., 3]

Decrypting the sum...decrypted v+w+w: [5, 5, ..., 5]


Why would facebook be doing homomorphic encryption? It makes sense for public cloud providers, not fb.


Retaining a talented contributor who is bored of their daily job?

This is 3 commits by a single guy in over 3 months - and that's exactly the type of project I would dream of doing.

Some time off the daily grind can save expensive recruiter s' fees.


Is privacy-preserving analytics a use case for FHE? I can imagine them working on that as a backup plan.


An alternative would be Differential Privacy. There are two ways to do that: one way collects a big database, but only allows aggregate queries which give approximate answers; the other way is to approximate the data during collection.

My favourite example of the latter is if we're asking a sensitive yes/no question like 'have you taken drug X in the past year?'. For each respondent we toss a coin twice, and record the following as their answer:

    HH -> Record their real response
    HT -> Record their real response
    TH -> Record 'yes'
    TT -> Record 'no'
The resulting data set can tell us the prevalence of yes/no answers within a population, based on how much it deviates from the 50/50 'fake' answers. Yet we don't know whether any particular response is real or fake.

I can imagine this sort of thing being used for e.g. usage metrics ("did this user press the Foo button within the past day?").


It could be, but most practical FHE are ridiculously slow and not usable past trivial data sizes. It would be cool if they published some numbers for cupcake.

Looking at an older paper: https://eprint.iacr.org/2011/405.pdf "Homomorphic addition is essentially instantaneous (i.e., takes less than 1 ms), whereas homomorphic multiplication takes about 41 ms".

My run (with decyption disabled because it didn't compile):

    test encrypt_pk           ... bench:     619,097 ns/iter (+/- 38,166)
    test encrypt_sk           ... bench:     540,205 ns/iter (+/- 40,429)
    test encrypt_zero_pk      ... bench:     576,200 ns/iter (+/- 39,531)
    test homomorphic_addition ... bench:      21,842 ns/iter (+/- 1,088)
    test rerandomize          ... bench:     591,631 ns/iter (+/- 23,246)
So 21us for addition - that's getting into a reasonable territory, but may be close to the result from the paper. Multiplication doesn't seem to be supported yet.


Cool, shame about the daft name


Which is of course, subjective.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: