1. ALCHEMY: A Language and Compiler for Homomorphic Encryption Made easY 2018 CCS FHE
    Eric Crockett, Chris Jason Peikert, and Chad Sharp
    [View PDF on web.eecs.umich.edu]
    [Show BibTex Citation]

    author = {Crockett, Eric and Peikert, Chris and Sharp, Chad},
    title = {ALCHEMY: A Language and Compiler for Homomorphic Encryption Made EasY},
    year = {2018},
    isbn = {9781450356930},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    url = {https://doi.org/10.1145/3243734.3243828},
    doi = {10.1145/3243734.3243828},
    booktitle = {Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security},
    pages = {1020–1037},
    numpages = {18},
    keywords = {compilers, domain-specific languages, fully homomorphic encryption},
    location = {Toronto, Canada},
    series = {CCS ’18}

Fully Homomorphic Encryption (FHE) is a cryptographic “holy grail” that allows a worker to perform arbitrary computations on client-encrypted data, without learning anything about the data itself. Since the first plausible construction in 2009, a variety of FHE implementations have been given and used for particular applications of interest. Unfortunately, using FHE is currently very complicated, and a great deal of expertise is required to properly implement nontrivial homomorphic computations. This work introduces ALCHEMY, a modular and extensible system that simplifies and accelerates the use of FHE. ALCHEMY compiles “in-the-clear” computations on plaintexts, written in a modular domain-specific language~(DSL), into corresponding homomorphic computations on ciphertexts—with no special knowledge of FHE required of the programmer. The compiler automatically chooses (most of the) parameters by statically inferring ciphertext noise rates, generates keys and “key-switching hints,” schedules appropriate ciphertext “maintenance” operations, and more. In addition, its components can be combined modularly to provide other useful functionality, such logging the empirical noise rates of ciphertexts throughout a computation, without requiring any changes to the original DSL code. As a testbed application, we demonstrate fast homomorphic evaluation of a pseudorandom function~(PRF) based on Ring-LWR, whose entire implementation is only a few dozen lines of simple DSL code. For a single (non-batched) evaluation, our unoptimized implementation takes only about 10 seconds on a commodity PC, which is more than an order of magnitude faster than state-of-the-art homomorphic evaluations of other PRFs, including some specifically designed for amenability to homomorphic evaluation.