- create a virtual env
- install project dependencies:
pip install .
run this command for an interactive help
he-man-tenseal --help
note:
all parameters defined in config.py can also be set by setting enviorment variables
This is a step-by-step manual to demonstrate the interface of he-man-tenseal by classifying MNIST images.
Input sample: demo/mnist/input.npy
Step 0: Model Training (optional)
Train an MNIST classifier by executing scripts/train_mnist_model.py. The resulting model will be saved at demo/mnist/mnist.onnx. This step is optional, as the repository contains a pre-trained model.
Step 1: Keyparams Generation
The model owner calls keyparams together with the model (-m) and a calibration-data container (zip/npz) (-c). The calibration-data is a set of sample inputs that is used to derive meta-data for the subsequent key generation. The keyparams are saved at the defined location (-o). Moreover, a calibrated model is generated and saved with the suffix _calibrated in the filename (i.e. mnist.onnx => mnist_calibrated.onnx). The calibrated model should be used for inference.
he-man-tenseal keyparams -m demo/mnist/mnist.onnx -c demo/mnist/calibration-data.zip -o demo/mnist/keyparams.json
Step 2: Key Generation
The client generates the keys using the previously computed keyparams (-i). The resulting secret key is saved at the defined location (-o) together with the evaluation key whose filename is appended by .pub.
he-man-tenseal keygen -i demo/mnist/keyparams.json -o demo/mnist/key
Step 3: Encryption
The client encrypts input data using the key (-k) and the cleartext input (-i). The encrypted input is saved at the defined location (-o).
he-man-tenseal encrypt -k demo/mnist/key -i demo/mnist/input.npy -o demo/mnist/input.enc
Step 4: Inference
The model owner performs inference using the calibrated model (-m), the public evaluation key (-k) and the encrypted input (-i). The encrypted result is saved at the defined location (-o).
he-man-tenseal inference -m demo/mnist/mnist_calibrated.onnx -k demo/mnist/key.pub -i demo/mnist/input.enc -o demo/mnist/output.enc
Step 5: Decryption
The client decrypts the encrypted result (-i) using the secret key (-k). The cleartext result is saved at the defined location (-o).
he-man-tenseal decrypt -k demo/mnist/key -i demo/mnist/output.enc -o demo/mnist/output.npy
Result:
The result output.npy contains a numpy-array of length ten, where output neuron seven has the hightest output activation:
[-10.61485652 -1.41687503 -0.2596516 3.86985058 -4.38157674
-7.26738544 -8.80905716 12.59595965 -0.35903776 7.6266054 ]
- create a virtual env
- install project editable:
pip install -e ".[dev]" - install commit hooks:
pre-commit install
pre-commit run --all-files
pre-commit run --all-files [HOOK_ID]
check .pre-commit-config.yaml for HOOK_ID
python -m build
wheels will be in dist folder
run pytest using:
pre-commit run pytest
this will generate a test coverage report in htmlcov
@inproceedings{10.1145/3589883.3589889,
author = {Nocker, Martin and Drexel, David and Rader, Michael and Montuoro, Alessio and Sch\"{o}ttle, Pascal},
title = {HE-MAN – Homomorphically Encrypted MAchine Learning with ONnx Models},
year = {2023},
isbn = {9781450398329},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3589883.3589889},
doi = {10.1145/3589883.3589889},
booktitle = {Proceedings of the 2023 8th International Conference on Machine Learning Technologies},
pages = {35–45},
numpages = {11},
keywords = {Machine Learning as a Service, Homomorphic Encryption, Secure and Privacy-Preserving Machine Learning},
location = {Stockholm, Sweden},
series = {ICMLT '23}
}