Search

US-12619745-B2 - Homomorphic operation system and operating method thereof

US12619745B2US 12619745 B2US12619745 B2US 12619745B2US-12619745-B2

Abstract

A homomorphic operation system according to an embodiment includes a homomorphic encryption device configured to output a first ciphertext data generated based on a first base, a homomorphic encryption server including a storage device storing base conversion table configured to convert ciphertext data based on the first base into a second ciphertext data based on a second base and the first ciphertext data received from the homomorphic encryption device, and a homomorphic encryption operation device configured to perform a predetermined operation using the base conversion table on the first ciphertext data to convert the first ciphertext data into the second ciphertext data based on the second base.

Inventors

  • HANBYEUL NA
  • Sangpyo Kim
  • JongMin Kim
  • Jung Ho Ahn
  • Dong-Min Shin

Assignees

  • SAMSUNG ELECTRONICS CO., LTD.

Dates

Publication Date
20260505
Application Date
20231226
Priority Date
20230427

Claims (20)

  1. 1 . A homomorphic operation system, comprising: a homomorphic encryption device outputting a first ciphertext data generated based on a first base; and a homomorphic encryption server comprising a storage device storing a base conversion table for converting ciphertext data based on the first base into a ciphertext data based on a second base and the first ciphertext data received from the homomorphic encryption device, and a homomorphic encryption operation device performing a predetermined operation using the base conversion table on the first ciphertext data to convert the first ciphertext data into a second ciphertext data based on the second base.
  2. 2 . The homomorphic operation system of claim 1 , wherein: the first ciphertext data includes a plurality of coefficients, the homomorphic encryption operation device comprises: a plurality of lanes receiving the plurality of coefficients, performing multiply and accumulate (MAC) operations to generate a plurality of accumulated output values, and performing modulo operations for each of the plurality of the accumulated output values to generate result values corresponding to the coefficients of the second ciphertext data; a plurality of broadcasting units supplying a base conversion value corresponding to each of the plurality of coefficients of the first ciphertext data based on the base conversion table; and a homomorphic operation manage circuit setting operation periods of the plurality of broadcasting units.
  3. 3 . The homomorphic operation system of claim 2 , wherein: the homomorphic operation manage circuit determines the plurality of coefficients corresponding to each of the plurality of lanes according to a predetermined method, each of the plurality of lanes includes a plurality of MAC units, a first lane of the plurality of lanes receives a first coefficient of the plurality of coefficients, and a first MAC unit of the plurality of MAC units of the first lane perform a MAC operation on a first element value in the first coefficient including a plurality of element values and a first base conversion value corresponding to the first MAC unit among the base conversion table, to generate a first accumulated output value among the plurality of accumulated output values.
  4. 4 . The homomorphic operation system of claim 3 , wherein: the number of MAC units in the first lane and the number of the plurality of broadcasting units are the same.
  5. 5 . The homomorphic operation system of claim 3 , wherein: the first lane comprises: a multiplexer that receives a plurality of accumulated output values from each of a plurality of MAC units in the first lane, and selects one of the plurality of accumulated output values by the homomorphic operation manage circuit; and a modular operation device coupled to the multiplexer to perform a modular operation on each of the plurality of accumulated output values.
  6. 6 . The homomorphic operation system of claim 5 , wherein: the first MAC unit comprises: a plurality of input buffers sequentially receiving and storing a plurality of element values in the first coefficient from the storage device; a broadcasting buffer receiving the first base conversion value corresponding to the first MAC unit from the broadcasting unit; and a multiplier coupled to the plurality of input buffers and the broadcasting buffer to generate a multiplication value by multiplying the plurality of element values and the first base conversion value.
  7. 7 . The homomorphic operation system of claim 6 , wherein: the multiplication value includes a first multiplication value obtained by multiplying the first element value among a plurality of element values in the first coefficient and the first base conversion value, and the multiplier generates a second multiplication value by multiplying a second element value among the plurality of element values and the first base conversion value, the first MAC unit further comprises: a plurality of output buffers storing multiplication values from the multiplier; and an adder connected to the plurality of output buffers and the multiplier, and generating a third addition value by adding the first multiplication value and the second multiplication value.
  8. 8 . The homomorphic operation system of claim 7 , wherein: the first MAC unit further comprises a demultiplexer connected to the adder and transferring the third addition value to the output buffer or the multiplexer under control of the homomorphic operation manage circuit.
  9. 9 . The homomorphic operation system of claim 7 , wherein: a second MAC unit of the plurality of MAC units receives the first coefficient from the input buffer of the first MAC unit, the second MAC unit performs a MAC operation on the second base conversion value corresponding to the second MAC unit among the base conversion table and the second element value in the first coefficient.
  10. 10 . The homomorphic operation system of claim 7 , wherein: the homomorphic operation manage circuit sets an operation period of the broadcasting unit based on the number of the plurality of input buffers and the number of the plurality of output buffers.
  11. 11 . The homomorphic operation system of claim 7 , wherein: the broadcasting unit updates the base conversion value based on the operation period.
  12. 12 . The homomorphic operation system of claim 11 , wherein: the first accumulated output value is a value obtained by adding all values obtained by multiplying each of a plurality of element values in the first coefficient by the first base conversion value.
  13. 13 . An operating method of a homomorphic operation system, comprising: receiving a first ciphertext data generated based on a first base; and performing a predetermined operation to convert the first ciphertext data into a second ciphertext data based on a second base, based on a base conversion table for converting ciphertext data based on the first base into ciphertext data based on the second base, the predetermined operation comprising multiply-accumulate operations using base conversion values from a base conversion table and modulo operations to generate coefficients of the second ciphertext data, the base conversion table comprising numerical values for mathematical base conversion of ciphertext coefficients.
  14. 14 . The operating method of the homomorphic operation system of claim 13 , wherein: the first ciphertext data comprises a plurality of coefficients, the performing of the predetermined operation comprises: generating a plurality of accumulated outputs by performing a MAC operation on a base conversion value corresponding to each of the plurality of coefficients of the first ciphertext data among the base conversion table and the plurality of coefficients; and generating a result value corresponding to the coefficient of the second ciphertext data by performing a modular operation on each of the plurality of accumulated output values.
  15. 15 . The operating method of the homomorphic operation system of claim 14 , wherein: the generating of the plurality of accumulated output values comprises generating a first accumulated output value among the plurality of accumulated output values, by a first MAC unit among a plurality of MAC units, by performing a MAC operation on a plurality of elements in a first coefficient among the plurality of coefficients and a first base conversion value corresponding to the first MAC unit in the base conversion table.
  16. 16 . The operating method of the homomorphic operation system of claim 15 , wherein: the generating of the plurality of accumulated output values further comprises: receiving the first coefficient from the first MAC unit, by a second MAC unit among the plurality of MAC units; and generating a second accumulated output value among the plurality of accumulated output values by performing a MAC operation on a plurality of elements in the first coefficient and a second base conversion value corresponding to the second MAC unit in the base conversion table, by the second MAC.
  17. 17 . The operating method of the homomorphic operation system of claim 16 , wherein: the generating the second accumulated output value is performed after a predetermined operation period after the generating the first accumulated output value.
  18. 18 . The operating method of the homomorphic operation system of claim 17 , wherein: the generating the first accumulated output value and the receiving the first coefficient are performed simultaneously.
  19. 19 . A homomorphic operation accelerator, comprising: a first MAC unit comprising: a plurality of first input buffers receiving and storing a first coefficient of a plurality of coefficients from a storage device in which a first ciphertext data generated based on a first base and including a plurality of coefficients is stored, a first broadcasting buffer storing a first base conversion value among a base conversion table for converting data based on the first base into a second base, and a first multiplier connected to the plurality of first input buffers and the first broadcasting buffer generating a first multiplication value by multiplying the first coefficient and the first base conversion value; and a modulo operation device coupled to the first MAC unit, wherein the modulo operation device is performing a modulo operation on the first multiplication value.
  20. 20 . The homomorphic operation accelerator of claim 19 , further comprising: a second MAC unit comprising: a plurality of second input buffers connected to the plurality of first input buffers of the first MAC unit to receive and store the first coefficient from the first MAC unit, a second broadcasting buffer storing a second base conversion value among the base conversion table, and a second multiplier connected to the plurality of second input buffers and the second broadcasting buffer, and generating a second multiplication value by multiplying the first coefficient and the second base conversion value, wherein the modulo operation device is coupled to the second MAC unit, wherein the modulo operation device is performing a modulo operation on the second multiplication value.

Description

CROSS-REFERENCE TO RELATED APPLICATION This application claims priority under 35 U.S.C. § 119 to and the benefit of Korean Patent Application No. 10-2023-0055429 filed in the Korean Intellectual Property Office on Apr. 27, 2023, and Korean Patent Application No. 10-2023-0080427 filed in the Korean Intellectual Property Office on Jun. 22, 2023, the entire contents of which are incorporated herein by reference. BACKGROUND (a) Field The present disclosure relates to a homomorphic operation system and an operating method thereof. (b) Description of the Related Art Electronic and communication technologies, including various services for transmitting and receiving data between various devices have been developed. As an example, a cloud computing service in which users store their personal information in a server and use the stored information of the server is actively used. In such an environment, security technology to prevent data leakage is utilized. Homomorphic encryption technology is an encryption technology that supports operations, such as the operation, search, and analysis of homomorphic encrypted ciphertext, and its importance has been further emphasized as leakage of personal information has become a problem in modern times. In general, if a homomorphic encryption method is used, even if an operation is performed on the ciphertext itself without decrypting the encrypted information, the same result as the encrypted value after the operation on the plaintext may be obtained. Accordingly, various operations can be performed without decrypting the ciphertext. However, the size of the ciphertext encrypted according to the homomorphic encryption technology is tens of times larger than the size of the plaintext before encryption, and the computational complexity of the homomorphic operations supported by the homomorphic encryption technology is also very high. This results in an issue where the processing time is slower than the conventional plaintext operation method. SUMMARY The present disclosure attempts to provide a homomorphic encryption operation accelerator with a reduced homomorphic encryption operation time, and a method of operating the homomorphic encryption operation accelerator. A homomorphic operation system according to an embodiment comprises a homomorphic encryption device configured to output a first ciphertext data generated based on a first base, and a homomorphic encryption server comprising a storage device storing a base conversion table for converting ciphertext data based on the first base into a ciphertext data based on a second base and the first ciphertext data received from the homomorphic encryption device, and a homomorphic encryption operation device configured to perform a predetermined operation using the base conversion table on the first ciphertext data to convert the first ciphertext data into a second ciphertext data based on the second base. An operating method of a homomorphic operation system according to an embodiment includes receiving a first ciphertext data generated based on a first base, and performing a predetermined operation to convert the first ciphertext data into a second ciphertext data based on a second base, based on a base conversion table for converting ciphertext data based on the first base into ciphertext data based on the second base. A homomorphic operation accelerator according to an embodiment comprises a first MAC unit comprising a plurality of first input buffers configured to receive and store a first coefficient in a plurality of coefficients from a storage device in which a first ciphertext data generated based on a first base and including a plurality of coefficients is stored, a first broadcasting buffer configured to store a first base conversion value among a base conversion table for converting data based on the first base into a second base, and a first multiplier connected to the plurality of first input buffers and the first broadcasting buffer configured to generate a first multiplication value by multiplying the first coefficient and the first base conversion value, and a modulo operation device coupled to the first MAC unit, wherein the modulo operation device is configured to perform a modulo operation on the multiplication value. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a diagram illustrating an operating system for homomorphic encryption according to an embodiment. FIG. 2 is a block diagram illustrating a homomorphic encryption server according to an embodiment. FIG. 3 is a block diagram illustrating a homomorphic encryption operation device according to an embodiment. FIG. 4 is a diagram illustrating the structure of a homomorphic operation accelerator according to an embodiment. FIG. 5 is a diagram illustrating the structure of a multiply and accumulate (MAC) unit according to an embodiment. FIG. 6 is a diagram illustrating an operation of a homomorphic operation accelerator according to an embodiment. FIG. 7 is a flo