Closed isentropic closed 12 months ago
Hi @isentropic, could you provide more context around the application that you are trying to build?
Lattigo is not thread safe, to be able to use an encryptor concurrently, you must create a shallow copy for each separate go routine. This can be done with encryptor.ShallowCopy()
Hello, I'm trying to build a CNN based on CKKS for training (not inference). I have started this journey with pyseal only to realize to make this whole thing faster I gotta use threads as the whole operation is parallel. So I could not use python, then I tried to use Julia and Seal.jl bindings for it, only to realize that SEAL inadvertently leaks memory and sooner or later I get memory issues. Which is why I've come to test my luck with lattigo and see if its faster. I also noticed that while lattigo is a little faster for a single cipher-cipher multiplication in isolation, seal outperforms lattigo when I build a CNN. Maybe its because of seal's weird memory allocation/reuse procedure? That part is also annoying in that memory leaks are unavoidable if used from cbindings of seal.
I also wonder about thread safety of other operations like addition and multiplication are they all thread safe?
It's the same behavior for all structs: Encoder
, Encryptor
, Decryptor
, Evaluator
, ... If you want to use them concurrently, you need to create shallow copies.
Lattigo will outperform SEAL if memory is correctly managed (minimizing the number of allocations) and parameterization for the auxiliary prime (LogP
) is correctly set. The slowdown you experience might be caused by the garbage collector (which by the way gets ride of memory leaks), which will be triggered a lot if you constantly allocate memory for ciphertexts/plaintexts, e.g. by calling MulRelinNew
instead of MulRelin
.
May I know where you are from? Is this for a PhD project?
I work for a startup in research department and we are trying to test this idea of CNN with HE. Currently just trying to do one layer only encoded in the batch direction. Hence there is no need for smart packing and rotations as batch dim is naturally independent.
Now that I've experimented more with Seal and lattigo and multithreadding i've come to realize something I should have realized a long before. FHE is fundamentally memory bound it creates and moves a lot of memory and for CNN creation of new memory is unavoidable (GPUs struggle with this for normal clearstate nets). It does not matter that I have N cores, as long as the memory throughput and RAM is constant I would never see a sizable speedup. What do you think about this?
Seal has been faster because of its weird memory allocation, but that's a double edged sword as it creates memory leaks. Though, I've tried to be smart about memory usage by trying to pre-allocate ciphertexts first before doing any computation but its just that memory bottleneck is bound to happen sooner or later.
I gotta say I've enjoyed go and lattigo especially the fact that it is much more readable than seal code, and probably we would go with lattigo further down the line. I just wish lattigo had python bindings of sorts for an easier and interactive usage for research purposes. Many thanks for your responses and this library, it is brilliant.
Your remark on memory bandwidth is very close to what was said in this paper: Does Fully Homomorphic Encryption Need Compute Acceleration?
I'm closing this issue as the mentioned outcome is an intended behavior of the library. If you want to know more about the library or have any other question, you can contact us at lattigo@tuneinsight.com.
Here is a minimal example of a
panic: runtime error: slice bounds out of range [:192] with length 128
I was attempting to perform parallel encryption and encoding using goroutines. Apparently encoding and/or encryption is not really thread safe. Is there any information about thread safety in general for other operations? For low count of threads and
rows,cols
there is no race condition popping up, but with larger arrays like in this example this is a problem. Here is the stacktrace: