Homomorphically encrypted CIFAR-10 inference in 200ms (sofar.belfortlabs.cloud)
16 points by j2kun 3 hours ago
rcr-anti a minute ago
Looked at the network logs and the JS, did some testing, there's a caveat here. For an encryption demo you might expect your secrets to be generated locally, they do the compute on something they can't read, you compare their results to your original plaintext; (imo at least) the point would be that it isn't physically possible for them to cheat.
Here, you literally download client_secret.bin from their server, so they have control over the keys and evaluators. So two things. First, the per user key flow would be several minutes for per user keys, the evaluator bundle would be in the 100s MB to GB realm. Second, there's no way for us to tell the difference between them really doing FHE or decrypting with the key. To be clear, not evidence it's fake, just not total proof it's real. Really hope it's real, been a field I've been following for awhile.
Sajarin 4 minutes ago
They have a bit more info on their announcement blog post[0]
> Belfort today released the "so far" CIFAR demo, an encrypted implementation of ResNet-20, a popular model for image classification. It outperforms recent SOTA by 3x with a total latency of less than 200ms
Not many details on how they've done this, so I'm a bit skeptical. Fast HE is a holy grail.
> Belfort's image classification is built on top of its upcoming GPU library, Cyclops. It comes with several optimizations that make Cyclops extremely fast on Encrypted AI workloads.
Looks like a lead up to an upcoming library release
jszymborski an hour ago
Big if true! One of the caveats here is that the file size seems to balloon 341 times.
monster_truck 21 minutes ago
That's a exceptional tradeoff. Even 3000x is noteworthy as long as processing time does not go to the moon wrt HE/FHE
smalltorch 3 hours ago
It's pretty confident this calculator is a cat.
https://i.postimg.cc/90WGjk8t/results.png
What's the use case for this?
furkanturan an hour ago
Consider encrypted AI. You ask a question under encryption. The remote calculates the answer, which is still under encryption. This is the critical point; the remote cannot see the question and answer. It only calculates. Once you receive the answer, you decrypt it and see the answer; only you see the answer.
smalltorch an hour ago
Ah, that sounds impossible. Good luck, sir...Also, who wants this if you can just run a local model?
simcop2387 34 minutes ago
furkanturan 36 minutes ago
sambejk an hour ago
I think calculator is not part of the labels in cifar-10. Pretty normal as it has ‘only’ 90% accuracy. Things could improve quickly though
jcs 7 minutes ago
That 90% only measures images already known to be one of CIFAR-10’s ten classes. There is no “none of the above,” so even a perfect benchmark score would still force a calculator into one of those labels.
malcolmgreaves an hour ago
From the webpage:
> Image classification without the server seeing the image.
The value is in being able to get the prediction from the model without ever giving unencrypted data to somebody you don’t trust.
You could have an LLM generate code for you without ever giving the operator your proprietary source code.