pith. sign in

arxiv: 2605.04858 · v1 · submitted 2026-05-06 · 💻 cs.CR

A Pragmatic Comparison of Cryptographic Computation Technologies for Machine Learning

Marcus Taubert , Adam Skuta , Thomas Loruenser This is my paper

Pith reviewed 2026-05-08 17:29 UTC · model grok-4.3

classification 💻 cs.CR
keywords fully homomorphic encryptionsecure multi-party computationmachine learningbenchmarkingprivacy-preserving computationcryptographic protocols
0
0 comments X

The pith

Current FHE implementations outperform SMPC for regressions and simple neural nets but lag on complex CNNs.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper benchmarks open-source frameworks for secure multi-party computation and fully homomorphic encryption on machine learning tasks to help practitioners select the right technology. It finds that FHE currently delivers better runtimes for linear regressions and may do so for basic dense networks when GPUs or hybrid approaches are used. In contrast, SMPC frameworks prove faster for deeper convolutional models. The work supplies concrete timing data across common operations and models rather than relying on theoretical comparisons alone. These results aim to reduce the guesswork when deploying cryptographic protections in real ML pipelines.

Core claim

Extensive benchmarks of leading open-source SMPC and FHE libraries show that fully homomorphic encryption currently outperforms secure multi-party computation on regression tasks and can be competitive for simple dense networks when GPUs or hybrid models are employed, while SMPC remains faster for complex convolutional neural networks.

What carries the argument

Side-by-side runtime measurements of open-source SMPC and FHE libraries on standard ML workloads including linear regression, dense networks, and CNNs.

If this is right

  • Practitioners can prefer FHE libraries for regression-based secure ML workloads today.
  • Complex image or sequence models should default to SMPC frameworks until FHE improves.
  • GPU acceleration and hybrid protocols become high-value targets for FHE development.
  • Future comparisons should standardize on the same model code and data to isolate technology effects.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Adoption of secure ML would accelerate if vendors shipped pre-tuned FHE or SMPC backends matched to common model families.
  • The observed performance crossover points could guide automatic selection logic inside ML frameworks.
  • Extending the benchmarks to transformer architectures would test whether the CNN pattern generalizes to attention-based models.

Load-bearing premise

The specific software libraries, hardware setups, and model implementations chosen for testing reflect the true performance difference between the underlying SMPC and FHE technologies rather than quirks of those particular choices.

What would settle it

Re-running the same models and operations with alternate open-source libraries or on different hardware platforms and obtaining the opposite ranking of runtimes for regressions versus CNNs.

Figures

Figures reproduced from arXiv: 2605.04858 by Adam Skuta, Marcus Taubert, Thomas Loruenser.

Figure 1
Figure 1. Figure 1: Random Forest Regressor benchmarks view at source ↗
Figure 3
Figure 3. Figure 3: Plain and SMPC CNN benchmarks. images of size 112 × 112 takes too long, to yield any reasonable results, so we evaluated smaller inputs and varied the number of parameters in the same model. We tested RGB images of size 8×8, 16×16 and 32×32. For these small inputs, deeper networks could not be benchmarked reli￾ably because activations collapsed to zero, pro￾ducing non-representative runtimes. The results a… view at source ↗
Figure 2
Figure 2. Figure 2: Dense Model benchmarks. Convolutional Models. Convolutional neural networks (CNNs) are a family of networks pri￾marily used for image processing. Their main building blocks are convolutional layers. For benchmarking, a simple model was constructed, that works with 3×112×112 randomly generated pictures. A single layer of a generic CNN con￾sists of a convolution operation, maximum pool￾ing and a ReLU activat… view at source ↗
Figure 4
Figure 4. Figure 4: Plain and FHE CNN benchmarks. can significantly impact inference times. Never￾theless, we expect SMPC to perform very well still. We advise using close proximity networks or very fast channels. Regression models and simple calculations are also very fast, taking only up to 100ms to compute. For practitioners in need of a secure computational technology, SMPC can be used for all use cases. However, it is di… view at source ↗
read the original abstract

As security demands increase, the importance of secure computation technologies grows, yet these technologies can often seem overwhelming to practitioners. Furthermore, many approaches focus only on a single technology, potentially overlooking superior alternatives. This work aims to address the issue of selecting the right technology for secure computation by presenting a comparative analysis of two highly relevant cryptographic methods and their software implementations, with a particular focus on machine learning. Firstly, we provide a theoretical summary and comparison of the secure computation paradigms of secure multi-party computation (SMPC) and fully homomorphic encryption (FHE). We outline the advantages and limitations of the protocols, as well as the relevant open-source software implementations. Secondly, we present the results of extensive benchmarking of the main software frameworks identified for machine learning operations and models. Regarding the current state of the art in FHE, we observe that it outperforms SMPC for regressions. Additionally it may be faster for simple dense networks using GPUs or Hybrid Models. Conversely, SMPC showed superior performance for complex models such as CNNs. Our results should pave the way for more technology-agnostic benchmarking of secure computation technologies for machine learning, providing guidance for practitioners looking to adopt these technologies.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The manuscript provides a theoretical summary and comparison of secure multi-party computation (SMPC) and fully homomorphic encryption (FHE), reviews their advantages, limitations, and open-source implementations, and reports benchmarking results for machine learning operations and models. It concludes that, in the current state of the art, FHE outperforms SMPC for regressions, may be faster for simple dense networks using GPUs or hybrid models, and that SMPC shows superior performance for complex models such as CNNs.

Significance. If the benchmarking results hold under scrutiny, the paper offers pragmatic, technology-agnostic guidance for practitioners selecting between SMPC and FHE for secure ML, filling a gap between purely theoretical comparisons and single-technology studies while encouraging more reproducible evaluations in the field.

major comments (2)
  1. [Benchmarking results] Benchmarking results section: The experimental setup lacks essential details including hardware specifications (CPU/GPU models and configurations), exact software library versions and build options, number of repetitions for runtime measurements, statistical methods for reporting averages or significance, and any data exclusion rules. Without these, the central empirical claims (FHE faster for regressions; SMPC faster for CNNs) cannot be independently verified or distinguished from implementation artifacts.
  2. [Results and discussion] Results discussion: The performance ordering is presented as observations on the state of the art, yet the paper provides no justification that the chosen frameworks, model implementations, and tuning choices are representative or equivalently optimized across SMPC and FHE. This leaves open the possibility that the reported advantages reflect specific library maturity rather than intrinsic properties of the cryptographic paradigms, directly affecting the reliability of the practitioner guidance.
minor comments (2)
  1. [Abstract] Abstract: The scope of the 'extensive benchmarking' (specific operations, model architectures, and input sizes tested) could be stated more explicitly to help readers assess the generalizability of the conclusions.
  2. [Theoretical summary] Theoretical comparison: Some protocol descriptions would benefit from explicit cross-references to the open-source implementations discussed later, to better connect theory with the subsequent benchmarks.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their constructive and detailed feedback. The comments highlight important aspects of reproducibility and the interpretation of our pragmatic comparison. We address each major comment below and have revised the manuscript to strengthen these areas.

read point-by-point responses

  1. Referee: Benchmarking results section: The experimental setup lacks essential details including hardware specifications (CPU/GPU models and configurations), exact software library versions and build options, number of repetitions for runtime measurements, statistical methods for reporting averages or significance, and any data exclusion rules. Without these, the central empirical claims (FHE faster for regressions; SMPC faster for CNNs) cannot be independently verified or distinguished from implementation artifacts.

    Authors: We agree that additional details are necessary for full reproducibility. In the revised manuscript we have expanded the experimental setup subsection to specify the exact hardware (Intel Xeon Gold 6248R CPU and NVIDIA A100 GPU configurations with memory and core counts), precise library versions and build flags (e.g., TenSEAL 0.3.0 compiled with SEAL 3.7, MP-SPDZ commit hash, PyTorch 2.1 with CUDA 11.8), the number of repetitions (ten independent runs per benchmark), the statistical reporting method (arithmetic mean with standard deviation), and confirmation that no measurements were excluded. These additions directly support independent verification of the reported performance ordering. revision: yes

  2. Referee: Results discussion: The performance ordering is presented as observations on the state of the art, yet the paper provides no justification that the chosen frameworks, model implementations, and tuning choices are representative or equivalently optimized across SMPC and FHE. This leaves open the possibility that the reported advantages reflect specific library maturity rather than intrinsic properties of the cryptographic paradigms, directly affecting the reliability of the practitioner guidance.

    Authors: We have revised the results and discussion sections to include explicit justification for framework selection. We now state that the libraries were chosen as the most mature, actively maintained open-source implementations available for each paradigm at the time of the study, reflecting what a typical practitioner would encounter. We acknowledge that the observed ordering may partly reflect differences in library maturity and optimization effort rather than purely intrinsic properties, and we have added a dedicated paragraph discussing this limitation together with a call for future community-driven standardized benchmarks. This framing preserves the pragmatic, technology-agnostic guidance while clarifying its scope. revision: yes

Circularity Check

0 steps flagged

No circularity; claims rest on direct empirical measurements without derivations or self-referential reductions

full rationale

The paper consists of a theoretical summary of SMPC and FHE paradigms plus runtime benchmarks on open-source libraries for ML operations. No equations, fitted parameters, predictions derived from inputs, or self-citation chains appear in the provided text. Performance orderings (FHE for regressions, SMPC for CNNs) are presented as observations from measurements rather than constructed from prior results by the authors. The analysis is therefore self-contained against external benchmarks with no load-bearing step that reduces to its own inputs by definition.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

The paper is an empirical comparison study and introduces no new free parameters, axioms, or invented entities; it evaluates standard cryptographic assumptions and existing software libraries.

pith-pipeline@v0.9.0 · 5506 in / 1134 out tokens · 24865 ms · 2026-05-08T17:29:26.786394+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

75 extracted references · 75 canonical work pages

  1. [1]

    2026 , booktitle =

    Marcus Taubert and Adam Skuta and Thomas Lorunser , title =. 2026 , booktitle =

    work page 2026

  2. [2]

    Proceedings of the 12th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP , year=

    Marcus Taubert and Adam Skuta and Thomas Lorünser , title=. Proceedings of the 12th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP , year=. doi:10.5220/0014567700004061 , isbn=

    work page doi:10.5220/0014567700004061

  3. [3]

    Keller, Marcel , month = nov, year =. SIGSAC. doi:10.1145/3372297.3417872 , urldate =

    work page doi:10.1145/3372297.3417872

  4. [4]

    PUMA: secure inference of llama-7b in five minutes

    Dong, Ye and Lu, Wen-jie and Zheng, Yancheng and Wu, Haoqi and Zhao, Derun and Tan, Jin and Huang, Zhicong and Hong, Cheng and Wei, Tao and Chen, Wenguang , month = sep, year =. doi:10.48550/arXiv.2307.12533 , abstract =

    work page doi:10.48550/arxiv.2307.12533

  5. [5]

    Watermarking Graph Neural Networks based on Backdoor Attacks

    Akimoto, Yoshimasa and Fukuchi, Kazuto and Akimoto, Youhei and Sakuma, Jun , month = jul, year =. Privformer:. 2023. doi:10.1109/EuroSP57164.2023.00031 , abstract =

    work page doi:10.1109/eurosp57164.2023.00031 2023

  6. [6]

    , month = dec, year =

    Luo, Jinglong and Chen, Guanzhong and et al. , month = dec, year =. Centaur:. doi:10.48550/arXiv.2412.10652 , urldate =

    work page doi:10.48550/arxiv.2412.10652

  7. [7]

    Cryptography , VOLUME =

    Fauzi, Prastudy and Hovd, Martha Norberg and Raddum, Håvard , TITLE =. Cryptography , VOLUME =. 2022 , NUMBER =

    work page 2022

  8. [8]

    2024 , url =

    Mark Manulis and Jérôme Nguyen , title =. 2024 , url =

    work page 2024

  9. [9]

    2023 , url =

    Ahmad Al Badawi and Yuriy Polyakov , title =. 2023 , url =

    work page 2023

  10. [10]

    2018 , url =

    Ilaria Chillotti and Nicolas Gama and Mariya Georgieva and Malika Izabachène , title =. 2018 , url =

    work page 2018

  11. [11]

    Faster Bootstrapping With Multiple Addends , year=

    Zhou, Tanping and Yang, Xiaoyuan and Liu, Longfei and Zhang, Wei and Li, Ningbo , journal=. Faster Bootstrapping With Multiple Addends , year=

    work page

  12. [12]

    Concrete

    Zama , year=. Concrete

    work page

  13. [13]

    Smart , title =

    Nigel P. Smart , title =. 2023 , url =

    work page 2023

  14. [14]

    Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP , year=

    Modjtaba Gharibyar and Clemens Krüger and Dominik Schoop , title=. Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP , year=. doi:10.5220/0013144800003899 , isbn=

    work page doi:10.5220/0013144800003899

  15. [15]

    2012 , url =

    Junfeng Fan and Frederik Vercauteren , title =. 2012 , url =

    work page 2012

  16. [16]

    2016 , url =

    Jung Hee Cheon and Andrey Kim and Miran Kim and Yongsoo Song , title =. 2016 , url =

    work page 2016

  17. [17]

    2011 , url =

    Zvika Brakerski and Craig Gentry and Vinod Vaikuntanathan , title =. 2011 , url =

    work page 2011

  18. [18]

    2025 , eprint=

    HEIR: A Universal Compiler for Homomorphic Encryption , author=. 2025 , eprint=

    work page 2025

  19. [19]

    , title =

    Ahmad Al Badawi and Andreea Alexandru and et al. , title =. 2022 , note =

    work page 2022

  20. [20]

    Join the FHE.org community , year =

    work page

  21. [21]

    2025 , url =

    Zama AI , title =. 2025 , url =

    work page 2025

  22. [22]

    2015 , eprint=

    Deep Residual Learning for Image Recognition , author=. 2015 , eprint=

    work page 2015

  23. [23]

    2018 , eprint=

    MobileFaceNets: Efficient CNNs for Accurate Real-Time Face Verification on Mobile Devices , author=. 2018 , eprint=

    work page 2018

  24. [24]

    GhostFaceNets: Lightweight Face Recognition Model From Cheap Operations , year=

    Alansari, Mohamad and Hay, Oussama Abdul and Javed, Sajid and Shoufan, Abdulhadi and Zweiri, Yahya and Werghi, Naoufel , journal=. GhostFaceNets: Lightweight Face Recognition Model From Cheap Operations , year=

    work page

  25. [25]

    2021 , eprint=

    An Image is Worth 16x16 Words: Transformers for Image Recognition at Scale , author=. 2021 , eprint=

    work page 2021

  26. [26]

    2021 , eprint=

    CvT: Introducing Convolutions to Vision Transformers , author=. 2021 , eprint=

    work page 2021

  27. [27]

    Random Forest – H2O Wiki , year =

    work page

  28. [28]

    2023 , month =

    Bourgerie, Quentin , title =. 2023 , month =

    work page 2023

  29. [29]

    2021 , url =

    David Balbás , title =. 2021 , url =

    work page 2021

  30. [30]

    2022 , url =

    Baiyu Li and Daniele Micciancio and Mark Schultz and Jessica Sorrell , title =. 2022 , url =

    work page 2022

  31. [31]

    2021 , month =

    Marc Joye , title =. 2021 , month =

    work page 2021

  32. [32]

    2022 , month =

    Introducing the Concrete Framework , howpublished =. 2022 , month =

    work page 2022

  33. [33]

    Xilinx/brevitas,

    Franco, Giuseppe and Pappalardo, Alessandro and Fraser, Nicholas J , title =. 2025 , publisher =. doi:10.5281/zenodo.3333552 , url =

    work page doi:10.5281/zenodo.3333552 2025

  34. [34]

    2026.cloc: v2.08

    Albert Danial , title =. doi:10.5281/zenodo.5760077 , url =

    work page doi:10.5281/zenodo.5760077

  35. [35]

    2022 , eprint=

    FHEBench: Benchmarking Fully Homomorphic Encryption Schemes , author=. 2022 , eprint=

    work page 2022

  36. [36]

    2025 , url =

    Faneela and Jawad Ahmad and Baraq Ghaleb and Sana Ullah Jan and William J Buchanan , title =. 2025 , url =

    work page 2025

  37. [37]

    2025 , url =

    B PRADEEP KUMAR REDDY and SAMEEKSHA GOYAL and RUCHIKA MEEL and Ayantika Chatterjee , title =. 2025 , url =

    work page 2025

  38. [38]

    2025 , eprint=

    Orion: A Fully Homomorphic Encryption Framework for Deep Learning , author=. 2025 , eprint=

    work page 2025

  39. [39]

    Craig Gentry , title =

    work page

  40. [40]

    2025 , url =

    Zvika Brakerski and Offir Friedman and Avichai Marmor and Dolev Mutzari and Yuval Spiizer and Ni Trieu , title =. 2025 , url =

    work page 2025

  41. [41]

    2023 , url =

    Jung Hee Cheon and Wonhee Cho and Jiseung Kim , title =. 2023 , url =

    work page 2023

  42. [42]

    2023 , url =

    Katharina Boudgoust and Peter Scholl , title =. 2023 , url =

    work page 2023

  43. [43]

    2025 , eprint=

    Arbitrary-Threshold Fully Homomorphic Encryption with Lower Complexity , author=. 2025 , eprint=

    work page 2025

  44. [44]

    2013 , url =

    Adriana Lopez-Alt and Eran Tromer and Vinod Vaikuntanathan , title =. 2013 , url =

    work page 2013

  45. [45]

    2016 , url =

    Martin Albrecht and Shi Bai and Léo Ducas , title =. 2016 , url =

    work page 2016

  46. [46]

    2021 , url =

    Tanping Zhou and Long Chen and Xiaoliang Che and Wenchao Liu and Zhenfeng Zhang and Xiaoyuan Yang , title =. 2021 , url =

    work page 2021

  47. [47]

    2024 , doi =

    Jeongeun Park and Barry Van Leeuwen and Oliver Zajonc , title =. 2024 , doi =

    work page 2024

  48. [48]

    2025 , url =

    Robin Jadoul and Barry van Leeuwen and Oliver Zajonc , title =. 2025 , url =

    work page 2025

  49. [49]

    Foundations and Trends

    A pragmatic introduction to secure multi-party computation , author=. Foundations and Trends. 2018 , publisher=

    work page 2018

  50. [50]

    Crypten: Secure multi-party computation meets machine learning,

    Knott, Brian and Venkataraman, Shobha and Hannun, Awni and Sengupta, Shubho and Ibrahim, Mark and Maaten, Laurens van der , month = sep, year =. doi:10.48550/arXiv.2109.00984 , urldate =

    work page doi:10.48550/arxiv.2109.00984

  51. [51]

    , year =

    Ma, Junming and Zheng, Yancheng and et al. , year =

    work page

  52. [52]

    Protecting Privacy in Federated Time Series Analysis:

    Daniel Bachlechner and Ruben Helmut Hetfleisch and Stephan Krenn and Thomas Lor. Protecting Privacy in Federated Time Series Analysis:. CLOSER 2025, Porto, Portugal, April 1-3, 2025 , pages =. 2025 , url =. doi:10.5220/0013356100003950 , timestamp =

    work page doi:10.5220/0013356100003950 2025

  53. [53]

    Secure Computation and Trustless Data Intermediaries in Data Spaces , journal =

    Christoph Fabianek and Stephan Krenn and Thomas Lor. Secure Computation and Trustless Data Intermediaries in Data Spaces , journal =. 2024 , url =. doi:10.48550/ARXIV.2410.16442 , eprinttype =. 2410.16442 , timestamp =

    work page doi:10.48550/arxiv.2410.16442 2024

  54. [54]

    Machines , VOLUME =

    Skuta, Adam and Steurer, Philipp and Hegenbart, Sebastian and Hoch, Ralph and Loruenser, Thomas , TITLE =. Machines , VOLUME =. 2025 , NUMBER =

    work page 2025

  55. [55]

    Noah, Asher and Okunola, Abiodun , year =

    work page

  56. [56]

    Chadhar, Muhammed and Oladele, Sunday and Rouf, Abdur , year =

    work page

  57. [57]

    2025 , eprint=

    Comparison of Fully Homomorphic Encryption and Garbled Circuit Techniques in Privacy-Preserving Machine Learning Inference , author=. 2025 , eprint=

    work page 2025

  58. [58]

    TFHE-rs Benchmarks , year =

    work page

  59. [59]

    2026 , eprint=

    MOZAIK: A Privacy-Preserving Analytics Platform for IoT Data Using MPC and FHE , author=. 2026 , eprint=

    work page 2026

  60. [60]

    Albrecht and Rachel Player and Sam Scott , title =

    Martin R. Albrecht and Rachel Player and Sam Scott , title =. 2015 , url =

    work page 2015

  61. [61]

    Mohassel, Payman and Rindal, Peter , year =

    work page

  62. [62]

    2022 , url =

    Jakub Klemsa , title =. 2022 , url =

    work page 2022

  63. [63]

    2024 , url =

    Deokhwa Hong and Young-Sik Kim and Yongwoo Lee and Eunyoung Seo , title =. 2024 , url =

    work page 2024

  64. [64]

    2018 , month =

    Martin Albrecht and Melissa Chase and Hao Chen and Jintai Ding and Shafi Goldwasser and Sergey Gorbunov and Shai Halevi and Jeffrey Hoffstein and Kim Laine and Kristin Lauter and Satya Lokam and Daniele Micciancio and Dustin Moody and Travis Morrison and Amit Sahai and Vinod Vaikuntanathan , title =. 2018 , month =

    work page 2018

  65. [65]

    and Onizawa, N

    Kanda, R. and Onizawa, N. and Leonardon, M. and Gripon, V. and Hanyu, T. , year=. Design Environment of Quantization-Aware Edge AI Hardware for Few-Shot Learning , url=. doi:10.1109/mwscas60917.2024.10658789 , booktitle=

    work page doi:10.1109/mwscas60917.2024.10658789 2024

  66. [66]

    2021 , eprint=

    Benchmarking Quantized Neural Networks on FPGAs with FINN , author=. 2021 , eprint=

    work page 2021

  67. [67]

    2017 , eprint=

    Incremental Network Quantization: Towards Lossless CNNs with Low-Precision Weights , author=. 2017 , eprint=

    work page 2017

  68. [68]

    2019 , eprint=

    PyTorch: An Imperative Style, High-Performance Deep Learning Library , author=. 2019 , eprint=

    work page 2019

  69. [69]

    ONNX Authors , title =

    work page

  70. [70]

    2023 , eprint=

    Practical Solutions in Fully Homomorphic Encryption -- A Survey Analyzing Existing Acceleration Methods , author=. 2023 , eprint=

    work page 2023

  71. [71]

    International Conference on Theory and Practice of Public Key Cryptography , year=

    Chosen-Ciphertext Secure Fully Homomorphic Encryption , author=. International Conference on Theory and Practice of Public Key Cryptography , year=

    work page

  72. [72]

    Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security , pages =

    Fiore, Dario and Gennaro, Rosario and Pastro, Valerio , title =. Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security , pages =. 2014 , isbn =. doi:10.1145/2660267.2660366 , abstract =

    work page doi:10.1145/2660267.2660366 2014

  73. [73]

    2021 , url =

    Deepika Natarajan and Andrew Loveless and Wei Dai and Ronald Dreslinski , title =. 2021 , url =

    work page 2021

  74. [74]

    2023 , eprint=

    Verifiable Fully Homomorphic Encryption , author=. 2023 , eprint=

    work page 2023

  75. [75]

    2023 , eprint=

    vFHE: Verifiable Fully Homomorphic Encryption with Blind Hash , author=. 2023 , eprint=

    work page 2023