Can FHE be combined with differential privacy for enhanced ML protection?

Hi everyone,

I’m exploring privacy-preserving ML models and wondered if anyone has tried combining FHE with differential privacy.

For instance, training models with differential privacy guarantees, then running encrypted inference using Concrete or TFHE.

Is there a performance trade-off to layering both methods? Any papers or projects that explore this combo?

Just thinking out loud — curious if the Zama tools support that kind of hybrid privacy design.

Jhonn Mick

Hello. Yes FHE and differential privacy should combine very well. In particular, in Concrete ML, you can train your model with a clear dataset and differential privacy, and only use FHE to protect inferences. There are demo in our repository to use a pretrained model and compile it to FHE. Eg, look at Tree-based models | Concrete ML

The training with differential privacy is not modified so not impact to expect here. And then the FHE part is also independant of how the model was trained.

Cheers

1 Like