Support of encrypting bigger model with homomorphic encryption

[Rahn80643]

Hi,

Is your feature request related to a problem? Please describe. I'm applying homomorphic encryption (CKKS scheme) to a ResNet-18 model based on NVFlare/examples/advanced/cifar10/cifar10-real-world/, and the polynomial degree is set as 8192, which makes slot size of acceptable vector for encryption is 8192/2 = 4096. When executing encryption, TenSeal throws a warning: "WARNING: The input does not fit in a single ciphertext, and some operations will be disabled. The following operations are disabled in this setup: matmul, matmul_plain, enc_matmul_plain, conv2d_im2col. If you need to use those operations, try increasing the poly_modulus parameter, to fit your input."

After inspection, the warning comes from line 145 in model_encryptor.py. When the size of a layer is bigger than slot size, TenSeal throws such warning for insufficient polynomial degree for the layer to be encrypted. In this example, the size of the layer is 51200 and the slot size is 4096.

Describe the solution you'd like As neural networks becomes deeper and wider, the number of parameters to be encrypted also increases. In order to encrypt the model successfully, is it possible to split a big layer to multiple smaller layers, and encrypt them?

Describe alternatives you've considered Because a big layer is splitted into multiple smaller layers, these layers need to be recombined as the original layer during decryption.

Additional context N/A

[chesterxgchen]

@holgerroth @ZiyueXu77 can you share some insight on this one ?

[ZiyueXu77]

TenSeal automatically takes care of this scenario (splitting big vec to several ciphertexts) - and that's why it is a "warning" rather than "error". As mentioned, the operations no longer supported in this case are mostly matmul-related, and since we only need add for aggregation, this will not cause any issue.

[Rahn80643]

Thank you for your quick reply and explanation.