Polynomial Adaptation of Large-Scale CNNs for Homomorphic Encryption-Based Secure Inference

Moran Baruch; Nir Drucker; Gilad Ezov; Yoav Goldberg; Eyal Kushnir; Jenny Lerner; Omri Soceanu; Itamar Zimerman

doi:10.1007/978-3-031-76934-4_1

Polynomial Adaptation of Large-Scale CNNs for Homomorphic Encryption-Based Secure Inference

Moran Baruch, Nir Drucker, Gilad Ezov, Yoav Goldberg, Eyal Kushnir, Jenny Lerner, Omri Soceanu, Itamar Zimerman

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Enabling secure inference of large-scale CNNs using Homomorphic Encryption (HE) requires a preliminary step for adapting unencrypted pre-trained models to only use polynomial operations. Prior art advocates for high-degree polynomials for accurate approximations, which comes at the price of extensive computations. We demonstrate that low-degree polynomials can be sufficient for accurate approximation even for large-scale DNNs. For that, we introduce a dedicated fine-tuning process on unencrypted data that reduces the input range to the activation functions. The resulting models have competitive accuracy of up to 3.5% degradation from the original non-polynomial model, which outperforms prior art on tasks such as ImageNet classification over ResNet and ConvNeXt. Upon adaptation, these models can process HE-encrypted samples and are ready for secure inference. Based on these, we provide optimization insights for activation functions and skip connections, enhancing HE evaluation efficiency. We evaluated ResNet50-152 on encrypted ImageNet samples, an accomplishment not previously reached by polynomial networks, in just 3:13–7:12 min, using commodity hardware under the CKKS scheme with 128-bit security. In comparison to prior high-degree polynomial solutions, our low-degree polynomials boost evaluation latency, for example, by 3× for ResNet-50 and CIFAR-10. We further show our approach versatility, by adapting the CLIP model for secure zero-shot predictions, highlighting new potential in HE and transfer learning.

Original language	English
Title of host publication	Cyber Security, Cryptology, and Machine Learning - 8th International Symposium, CSCML 2024, Proceedings
Editors	Shlomi Dolev, Michael Elhadad, Mirosław Kutyłowski, Giuseppe Persiano
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	3-25
Number of pages	23
ISBN (Print)	9783031769337
DOIs	https://doi.org/10.1007/978-3-031-76934-4_1
State	Published - 2025
Externally published	Yes
Event	8th International Symposium on Cyber Security, Cryptology, and Machine Learning, CSCML 2024 - Be'er Sheva, Israel Duration: 19 Dec 2024 → 20 Dec 2024

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	15349 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	8th International Symposium on Cyber Security, Cryptology, and Machine Learning, CSCML 2024
Country/Territory	Israel
City	Be'er Sheva
Period	19/12/24 → 20/12/24

Bibliographical note

Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-031-76934-4_1

Cite this

Baruch, M., Drucker, N., Ezov, G., Goldberg, Y., Kushnir, E., Lerner, J., Soceanu, O., & Zimerman, I. (2025). Polynomial Adaptation of Large-Scale CNNs for Homomorphic Encryption-Based Secure Inference. In S. Dolev, M. Elhadad, M. Kutyłowski, & G. Persiano (Eds.), Cyber Security, Cryptology, and Machine Learning - 8th International Symposium, CSCML 2024, Proceedings (pp. 3-25). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 15349 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-76934-4_1

Baruch, Moran ; Drucker, Nir ; Ezov, Gilad et al. / Polynomial Adaptation of Large-Scale CNNs for Homomorphic Encryption-Based Secure Inference. Cyber Security, Cryptology, and Machine Learning - 8th International Symposium, CSCML 2024, Proceedings. editor / Shlomi Dolev ; Michael Elhadad ; Mirosław Kutyłowski ; Giuseppe Persiano. Springer Science and Business Media Deutschland GmbH, 2025. pp. 3-25 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{2846da1cd1e245df8806b486b3c4aacc,

title = "Polynomial Adaptation of Large-Scale CNNs for Homomorphic Encryption-Based Secure Inference",

abstract = "Enabling secure inference of large-scale CNNs using Homomorphic Encryption (HE) requires a preliminary step for adapting unencrypted pre-trained models to only use polynomial operations. Prior art advocates for high-degree polynomials for accurate approximations, which comes at the price of extensive computations. We demonstrate that low-degree polynomials can be sufficient for accurate approximation even for large-scale DNNs. For that, we introduce a dedicated fine-tuning process on unencrypted data that reduces the input range to the activation functions. The resulting models have competitive accuracy of up to 3.5% degradation from the original non-polynomial model, which outperforms prior art on tasks such as ImageNet classification over ResNet and ConvNeXt. Upon adaptation, these models can process HE-encrypted samples and are ready for secure inference. Based on these, we provide optimization insights for activation functions and skip connections, enhancing HE evaluation efficiency. We evaluated ResNet50-152 on encrypted ImageNet samples, an accomplishment not previously reached by polynomial networks, in just 3:13–7:12 min, using commodity hardware under the CKKS scheme with 128-bit security. In comparison to prior high-degree polynomial solutions, our low-degree polynomials boost evaluation latency, for example, by 3× for ResNet-50 and CIFAR-10. We further show our approach versatility, by adapting the CLIP model for secure zero-shot predictions, highlighting new potential in HE and transfer learning.",

author = "Moran Baruch and Nir Drucker and Gilad Ezov and Yoav Goldberg and Eyal Kushnir and Jenny Lerner and Omri Soceanu and Itamar Zimerman",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.; 8th International Symposium on Cyber Security, Cryptology, and Machine Learning, CSCML 2024 ; Conference date: 19-12-2024 Through 20-12-2024",

year = "2025",

doi = "10.1007/978-3-031-76934-4_1",

language = "English",

isbn = "9783031769337",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "3--25",

editor = "Shlomi Dolev and Michael Elhadad and Miros{\l}aw Kuty{\l}owski and Giuseppe Persiano",

booktitle = "Cyber Security, Cryptology, and Machine Learning - 8th International Symposium, CSCML 2024, Proceedings",

address = "Germany",

}

Baruch, M, Drucker, N, Ezov, G, Goldberg, Y, Kushnir, E, Lerner, J, Soceanu, O & Zimerman, I 2025, Polynomial Adaptation of Large-Scale CNNs for Homomorphic Encryption-Based Secure Inference. in S Dolev, M Elhadad, M Kutyłowski & G Persiano (eds), Cyber Security, Cryptology, and Machine Learning - 8th International Symposium, CSCML 2024, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 15349 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 3-25, 8th International Symposium on Cyber Security, Cryptology, and Machine Learning, CSCML 2024, Be'er Sheva, Israel, 19/12/24. https://doi.org/10.1007/978-3-031-76934-4_1

Polynomial Adaptation of Large-Scale CNNs for Homomorphic Encryption-Based Secure Inference. / Baruch, Moran; Drucker, Nir; Ezov, Gilad et al.
Cyber Security, Cryptology, and Machine Learning - 8th International Symposium, CSCML 2024, Proceedings. ed. / Shlomi Dolev; Michael Elhadad; Mirosław Kutyłowski; Giuseppe Persiano. Springer Science and Business Media Deutschland GmbH, 2025. p. 3-25 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 15349 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Polynomial Adaptation of Large-Scale CNNs for Homomorphic Encryption-Based Secure Inference

AU - Baruch, Moran

AU - Drucker, Nir

AU - Ezov, Gilad

AU - Goldberg, Yoav

AU - Kushnir, Eyal

AU - Lerner, Jenny

AU - Soceanu, Omri

AU - Zimerman, Itamar

PY - 2025

Y1 - 2025

N2 - Enabling secure inference of large-scale CNNs using Homomorphic Encryption (HE) requires a preliminary step for adapting unencrypted pre-trained models to only use polynomial operations. Prior art advocates for high-degree polynomials for accurate approximations, which comes at the price of extensive computations. We demonstrate that low-degree polynomials can be sufficient for accurate approximation even for large-scale DNNs. For that, we introduce a dedicated fine-tuning process on unencrypted data that reduces the input range to the activation functions. The resulting models have competitive accuracy of up to 3.5% degradation from the original non-polynomial model, which outperforms prior art on tasks such as ImageNet classification over ResNet and ConvNeXt. Upon adaptation, these models can process HE-encrypted samples and are ready for secure inference. Based on these, we provide optimization insights for activation functions and skip connections, enhancing HE evaluation efficiency. We evaluated ResNet50-152 on encrypted ImageNet samples, an accomplishment not previously reached by polynomial networks, in just 3:13–7:12 min, using commodity hardware under the CKKS scheme with 128-bit security. In comparison to prior high-degree polynomial solutions, our low-degree polynomials boost evaluation latency, for example, by 3× for ResNet-50 and CIFAR-10. We further show our approach versatility, by adapting the CLIP model for secure zero-shot predictions, highlighting new potential in HE and transfer learning.

AB - Enabling secure inference of large-scale CNNs using Homomorphic Encryption (HE) requires a preliminary step for adapting unencrypted pre-trained models to only use polynomial operations. Prior art advocates for high-degree polynomials for accurate approximations, which comes at the price of extensive computations. We demonstrate that low-degree polynomials can be sufficient for accurate approximation even for large-scale DNNs. For that, we introduce a dedicated fine-tuning process on unencrypted data that reduces the input range to the activation functions. The resulting models have competitive accuracy of up to 3.5% degradation from the original non-polynomial model, which outperforms prior art on tasks such as ImageNet classification over ResNet and ConvNeXt. Upon adaptation, these models can process HE-encrypted samples and are ready for secure inference. Based on these, we provide optimization insights for activation functions and skip connections, enhancing HE evaluation efficiency. We evaluated ResNet50-152 on encrypted ImageNet samples, an accomplishment not previously reached by polynomial networks, in just 3:13–7:12 min, using commodity hardware under the CKKS scheme with 128-bit security. In comparison to prior high-degree polynomial solutions, our low-degree polynomials boost evaluation latency, for example, by 3× for ResNet-50 and CIFAR-10. We further show our approach versatility, by adapting the CLIP model for secure zero-shot predictions, highlighting new potential in HE and transfer learning.

UR - http://www.scopus.com/inward/record.url?scp=85214208265&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-76934-4_1

DO - 10.1007/978-3-031-76934-4_1

M3 - Conference contribution

AN - SCOPUS:85214208265

SN - 9783031769337

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 3

EP - 25

BT - Cyber Security, Cryptology, and Machine Learning - 8th International Symposium, CSCML 2024, Proceedings

A2 - Dolev, Shlomi

A2 - Elhadad, Michael

A2 - Kutyłowski, Mirosław

A2 - Persiano, Giuseppe

PB - Springer Science and Business Media Deutschland GmbH

T2 - 8th International Symposium on Cyber Security, Cryptology, and Machine Learning, CSCML 2024

Y2 - 19 December 2024 through 20 December 2024

ER -

Baruch M, Drucker N, Ezov G, Goldberg Y, Kushnir E, Lerner J et al. Polynomial Adaptation of Large-Scale CNNs for Homomorphic Encryption-Based Secure Inference. In Dolev S, Elhadad M, Kutyłowski M, Persiano G, editors, Cyber Security, Cryptology, and Machine Learning - 8th International Symposium, CSCML 2024, Proceedings. Springer Science and Business Media Deutschland GmbH. 2025. p. 3-25. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-76934-4_1