International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

BASALISC: Programmable Hardware Accelerator for BGV Fully Homomorphic Encryption

Authors:
Robin Geelen , COSIC KU Leuven, Leuven, Belgium
Michiel Van Beirendonck , COSIC KU Leuven, Leuven, Belgium
Hilder V. L. Pereira , COSIC KU Leuven, Leuven, Belgium
Brian Huffman , Galois, Inc., Portland, OR, USA
Tynan McAuley , Niobium Microsystems, Portland, OR, USA
Ben Selfridge , Galois, Inc., Portland, OR, USA
Daniel Wagner , Galois, Inc., Portland, OR, USA
Georgios Dimou , Niobium Microsystems, Portland, OR, USA
Ingrid Verbauwhede , COSIC KU Leuven, Leuven, Belgium
Frederik Vercauteren , COSIC KU Leuven, Leuven, Belgium
David W. Archer , Galois, Inc., Portland, OR, USA
Download:
DOI: 10.46586/tches.v2023.i4.32-57
URL: https://tches.iacr.org/index.php/TCHES/article/view/11157
Search ePrint
Search Google
Abstract: Fully Homomorphic Encryption (FHE) allows for secure computation on encrypted data. Unfortunately, huge memory size, computational cost and bandwidth requirements limit its practicality. We present BASALISC, an architecture family of hardware accelerators that aims to substantially accelerate FHE computations in the cloud. BASALISC is the first to implement the BGV scheme with fully-packed bootstrapping – the noise removal capability necessary for arbitrary-depth computation. It supports a customized version of bootstrapping that can be instantiated with hardware multipliers optimized for area and power.BASALISC is a three-abstraction-layer RISC architecture, designed for a 1 GHz ASIC implementation and underway toward 150mm2 die tape-out in a 12nm GF process. BASALISC’s four-layer memory hierarchy includes a two-dimensional conflict-free inner memory layer that enables 32 Tb/s radix-256 NTT computations without pipeline stalls. Its conflict-resolution permutation hardware is generalized and re-used to compute BGV automorphisms without throughput penalty. BASALISC also has a custom multiply-accumulate unit to accelerate BGV key switching.The BASALISC toolchain comprises a custom compiler and a joint performance and correctness simulator. To evaluate BASALISC, we study its physical realizability, emulate and formally verify its core functional units, and we study its performance on a set of benchmarks. Simulation results show a speedup of more than 5,000× over HElib – a popular software FHE library.
BibTeX
@article{tches-2023-33339,
  title={BASALISC: Programmable Hardware Accelerator for BGV Fully Homomorphic Encryption},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universität Bochum},
  volume={2023, Issue 4},
  pages={32-57},
  url={https://tches.iacr.org/index.php/TCHES/article/view/11157},
  doi={10.46586/tches.v2023.i4.32-57},
  author={Robin Geelen and Michiel Van Beirendonck and Hilder V. L. Pereira and Brian Huffman and Tynan McAuley and Ben Selfridge and Daniel Wagner and Georgios Dimou and Ingrid Verbauwhede and Frederik Vercauteren and David W. Archer},
  year=2023
}