Subject Area

Computer Science


Various approaches to privacy-preserving machine learning (PPML) using Fully Homomorphic Encryption (FHE) have been developed, focusing on secure data outsourcing to untrusted servers by data owners. While FHE enables arithmetic operations on encrypted data, it struggles with integrating control structures like decision statements essential for machine learning models. Because of this, FHE is used primarily for arithmetic tasks. Non-arithmetic programming logic, such as control structures, are handled outside the encrypted domain using Interactive Rounds of Decryption and Evaluation (IRDE), where encrypted data is periodically decrypted for plaintext processing, highlighting the challenge of direct evaluation on encrypted data.

While non-interactive inference protocols have been demonstrated in prior works owing to their relative logical simplicity, development of non-interactive training protocols have gone largely unaddressed. In decision tree training for example, the current state-of-the-art requires d-rounds of IRDE for tree-depth of d. To address this issue in PPML and FHE, we introduce the Blind Evaluation Framework (BEF), a cryptographically secure programming framework that enables execution of control structures and logical statements in encrypted space without evaluating the necessary conditional expressions. BEF facilitates encrypted functions such as conditional branching, argmin/argmax operations, sorting, and can be used as building blocks for more complex functions without IRDE.

Our contribution is as follows: we introduce BEF as an alternative to IRDE protocols and demonstrate its use-case with encrypted decision tree modeling with FHE, performing both training and inference without IRDE. To our knowledge, this is the first framework to enable both training and inference of PPML models with FHE without decryption rounds. By advancing the state-of-the-art in IRDE efficiency by eliminating IRDE entirely, BEF enables adoption of FHE in use-cases where large amounts of computing services are available without the ability to have trusted clients available to perform decryption rounds, such as in volunteer computing grids, blockchain-based paradigms, or in cases where clients simply have limited computing resources/bandwidth.

Degree Date

Spring 5-11-2024

Document Type


Degree Name



Computer Science


Corey Clark

Number of Pages




Creative Commons License

Creative Commons Attribution-Noncommercial 4.0 License
This work is licensed under a Creative Commons Attribution-Noncommercial 4.0 License