魔方派:面向全同态加密的存算模运算加速器设计  被引量：1

作　　者：李冰[1] 刘怀骏 张伟功[2] LI Bing;LIU Huaijun;ZHANG Weigong(Academy for Multidisciplinary Studies,Capital Normal University,Beijing 100048,China;College of Information Engineering,Capital Normal University,Beijing 100048,China)

机构地区：[1]首都师范大学交叉科学研究院,北京100048 [2]首都师范大学信息工程学院,北京100048

出　　处：《电子与信息学报》2023年第9期3302-3310,共9页Journal of Electronics & Information Technology

基　　金：国家自然基金项目(62204164)。

摘　　要：全同态加密(FHE)由于其可以实现隐私数据的计算,大大提高了数据的安全性而在医疗诊断、云计算、机器学习等领域取得了广泛的关注。但是全同态密码高昂的计算代价阻碍了其广泛应用。即使经过算法和软件设计优化,FHE全同态加密中一个整数明文的密文数据规模可以达到56 MByte,端侧生成的密钥最大都会达到11 k Byte。密文以及密钥数据规模过大引起严重的计算和访存瓶颈。存内计算(PIM)是一个解决该问题的有效方案,其完全消除了内存墙的延迟和功耗问题,在端侧计算大规模数据时更具优势。利用存内计算加速全同态计算的工作已经被广泛研究,但是全同态加密端侧的执行过程由于耗时的模运算也面临着执行时间的瓶颈。该文分析了BFV方案加密、解密、密钥生成操作中各个关键算子的计算开销,发现模计算的计算开销平均占比达到了41%,延迟占比中访存占97%,因此,该文提出一个名为魔方派(M^(2)PI)的基于静态随机存取存储器(SRAM)存内计算的模运算加速器设计。实验结果表明,该文所提加速器相比CPU中模计算有1.77倍的计算速度提升以及32.76倍能量的节省。Fully Homomorphic Encryption(FHE)attracts emerging interests from the fields of medical diagnosis,cloud computing,machine learning,etc.because it can realize the calculation on encrypted data and improve significantly the security of private data in the cloud computing scenarios.However,the expensive computational cost of FHE prevents its wide application.Even after algorithm and software design optimization,the ciphertext data size of an integer plaintext in FHE reaches 56 MByte,and the secret key data size reaches 11 k Byte.The large size of ciphertext and key causes serious bottlenecks in computation and memory access.Processing-In-Memory(PIM)is an effective solution to this problem,which eliminates completely the efficiency and power problem of the memory wall,and enables the deployment of data-intensive of application to the edge side.The application of processing-in memory to accelerate fully homomorphic computing has been widely studied,but the execution of homomorphic encryption still faces the execution time bottleneck induced by time-consuming modular computing.The computational costs of various key operators in BFV encryption,decryption,and key generation operations are analyzed in this paper,and found that the average computational cost of modular computing reached 41%,with memory access accounting for 97%.A modular accelerator called Processing-In-Memory Modular(M^(2)PI)based on Static Random-Access Memory(SRAM)array is proposed to optimize modular computing in full-homomorphic encryption.The experimental results show that the proposed work achieves 1.77 times speedup and 32.76 times energy saving compared to CPU.

关 键 词：全同态加密 存内计算 模运算 

分 类 号：TN401[电子电信—微电子学与固体电子学] TP391[自动化与计算机技术—计算机应用技术]