Blind Evaluation Framework for Fully Homomorphic Encryption and Privacy-Preserving Machine Learning

Various approaches to privacy-preserving machine learning (PPML) using Fully Homomorphic Encryption (FHE) have been developed, focusing on secure data outsourcing to untrusted servers by data owners. While FHE enables computation on encrypted data, it faces significant limitations, particularly in integrating control structures like decision expressions and conditional statements, which are vital in standard programming. For instance, tasks like selecting the smallest value from an encrypted list for feature selection in decision trees are challenging due to the inability to evaluate comparison expressions in encrypted form. Most existing literature on FHE have concentrated on encrypted prediction using pre-trained models due to these challenges, with training processes often requiring Intermediate Rounds of Decryption and Evaluation (IRDE). IRDE involves interactive communication where the potentially untrusted server performs encrypted computations, while the client handles control structures by decrypting and evaluating data in plaintext. While it presents a solution to the control structure problem in encrypted programming, IRDE protocols go against FHE's principles of building truly encrypted programs as portions of such programs must leave the encrypted space (untrusted server) and be executed on the trusted client, who holds the private keys for decryption. Such models, however efficiently they can be made, would be inferior to models that eliminate the need for IRDE all-together. The ability to remove IRDE allows both computation and control structures to be performed on untrusted servers without requiring trusted clients for multiple IRDE cycles. This paper introduces the Blind Evaluation Framework (BEF), a cryptographically secure programming framework enabling the execution of control structures in encrypted space without evaluating conditional expressions...