5. Encryption
After preparing your dataset (.npz) and model (.h5) files, you can encrypt them using Cifer’s FHE CLI tools. Encryption ensures your data and models remain confidential throughout computation.
Recommendations:
Ensure your dataset and model files load correctly without errors before encryption.
Avoid encrypting extremely large files during trial or testing phases to optimize performance and reduce runtime.
5.1 Encryption Commands
After completing data and model preparation, encrypt your files using the commands below.
Encrypting the Dataset
cifer securetrain encrypt-dataset \
--dataset datasets/my_dataset.npz \
--output datasets/encrypted_dataset.enc--dataset: Path to the preprocessed dataset file (.npz).--output: Path to save the encrypted dataset file.
Encrypting the Model
cifer securetrain encrypt-model \
--model models/my_model.h5 \
--output models/encrypted_model.enc--model: Path to the model file (.h5).--output: Path to save the encrypted model file.
5.2 Encryption Process and Key Management
What happens during encryption?
The input datasets (
.npz) and models (.h5) are converted from plaintext files into encrypted ciphertext files (.enc), which are unreadable without the private key.A cryptographic key pair is generated:
Public key: Used to encrypt and enable computations on encrypted files without decrypting them.
Private key: Required to decrypt computation results and recover original data or models.
This diagram shows the encryption and key management workflow.
The Data Owner first generates a public/private key pair, then uses the public key to encrypt datasets and models into ciphertext. The encrypted files and public key are shared with the Project Owner, who can perform computations directly on the encrypted data without accessing the raw information. Only the Data Owner holds the private key needed to decrypt the computation results, ensuring data privacy throughout.
Generated Files and Default Locations
Running encryption commands will create the following files:
encrypted_dataset.enc
Encrypted dataset ciphertext
datasets/
encrypted_model.enc
Encrypted model ciphertext
models/
public.key
Public key for encrypted computation
keys/public.key
private.key
Private key for decryption
keys/private.key
By default, key files are saved in the ./keys/ directory inside your project folder.
Example Project Folder Structure
project-root/
│
├── datasets/
│ ├── my_dataset.npz
│ ├── encrypted_dataset.enc
│ └── ...
│
├── models/
│ ├── my_model.h5
│ ├── encrypted_model.enc
│ └── ...
│
├── keys/
│ ├── public.key
│ └── private.key
│
├── examples/
├── README.md
└── ...Important Notes
Public key (
public.key) is safe to share with anyone performing encrypted computations but cannot decrypt data.Private key (
private.key) must be kept strictly confidential. Loss of the private key means losing access to decrypt the encrypted data and model.Maintain secure storage and backups of your private key.
5.3 Usage Tips and Troubleshooting
Ensure your input
.npzand.h5files are valid and load without errors before encryption.Avoid very large files during initial experiments to improve processing speed.
Verify file and folder permissions allow reading inputs and writing outputs.
If encryption fails, check CLI error messages and verify file formats and paths.
Contact support or consult documentation for detailed troubleshooting help.
Next Steps
Once your data and model are encrypted, you are ready to proceed with the federated learning workflow. Encrypted files can be securely shared and computed on without exposing sensitive information.
Refer to the next section “Federated Learning with Encrypted Assets” for instructions on using these encrypted datasets and models in your training and inference pipelines.
Last updated