Hi there,
I have a question about the new encrypted fine-tuning feature in Concrete-ML. If I understand correctly, the dataset used for fine-tuning stays unencrypted but is private to the client (the data owner). In this process, FHE is applied only during the inference stage, not during fine-tuning. The dataset remains private because it’s processed locally on the client’s end.
Thank you in advance!
No, the data-set stays private during fine-tuning, not only during inference. Both the backward and the forward passes use FHE, with original model weights (that stay constant) being used in both of these passes.
E.g. the forward pass is y = Wx + ABx, with W being the original weight matrix and A, B being the LORA weights. In the backward pass we simply do dx = W^Ty + A^TB^Ty. both computations involving W are outsourced securely using FHE.