Séminaire SoSySec : Compiling Programs to their FHE Equivalent and Applications to Machine Learning

Date de début
Date de fin
IRISA Rennes
Salle Pétri/Turing
Quentin Bourgerie (Zama) and Andrei Stoian (Zama)

SoSySec seminar Software and Systems Security
Inria - Rennes
Friday November 17th, 11:00
Remotely via BBB: https://bbb.inria.fr/all-t0p-qjq-9em
Access code: 192737

Quentin Bourgerie (Zama) and Andrei Stoian (Zama)

Compiling Programs to their FHE Equivalent and Applications to Machine Learning

Fully Homomorphic Encryption (FHE) is a powerful tool that preserves the privacy of users of online services that handle sensitive data, such as health data, biometrics or credit scores. TFHE is an FHE scheme that supports arithmetic computations and so-called programmable boostrapping, which applies arbitrary non-linear functions to ciphertexts while reducing noise. Backed by these two powerful features, TFHE is particularly adapted to the type of programs that are common in machine learning (ML), for various types of ML models: deep neural networks, large language-models (LLM) and decision trees. FHE has historically been reserved to cryptographers, with a too-high entry barrier for data scientists. This is the reason why we have developed a compiler, taking care of all the cryptographic complexities for the user. Our compiler takes care of everything, including the search for optimal secure cryptographic parameters, which has been a very important pain point for years. In this talk, we will present the technology and ideas behind our compiler, based on MLIR infrastructure. We will also describe how our automatic optimizer works, to find parameters which are both secure, correct and optimal. We will show how its frontend allows users to build programs directly in Python, without the burden of cryptography. Then, in a second part, we will present our ML application package, which adds privacy on top of classical frameworks such as scikit-learn or torch. We’ll explain the main technical challenges that we faced: first, quantization (both in post-training or during the training itself) — including to unseen-before low bit widths —; second, turning tree-based models to their FHE equivalent, which is not obvious since control-flow operations are not possible in FHE. We’ll finish with a bunch of demos, on both machine learning and deep learning, and will discuss our experiments on LLMs in FH

To follow the presentation remotely, please connect to the followingURL with a modern web browser:
- URL: https://bbb.inria.fr/all-t0p-qjq-9em
Access code: 192737
- Alternative audio access by phone will be possible but the parameters will be announced only a few minutes before the presentation.

Seminar taking place in person with mandatory registration at least 48h beforehand for *all* in-person participants by email to Nadia Derouault < nadia [*] derouaultatinria [*] fr >. Participants non-affiliated with Inria or IRISA will be asked to present an ID at the reception desk of the IRISA building.

To receive the SoSySec announcements, please subscribe to the SoSySec mailing list:
All past and future SoSySec talks are listed at

Séminaire en présentiel ouvert à tous et toutes mais avec inscription obligatoire au moins 48h à l'avance pour *tous* les participants en présentiel auprès de Nadia Derouault <nadia [*] derouaultatinria [*] fr>.
Les participants externes devront se présenter à l'accueil avec une pièce d'identité.

Vous pouvez vous abonner à nos annonces de séminaires :
et consulter la liste des exposés passés et à venir :