Homomorphically encrypted CIFAR-10 inference in 200ms
j2kun
69 points
33 comments
July 17, 2026
Related Discussions
Found 5 related stories in 313.2ms across 14,015 title embeddings via pgvector HNSW
- Belfort Releases Fastest Encrypted Image Classifer furkanturan · 16 pts · July 17, 2026 · 59% similar
- Real-time LLM Inference on Standard GPUs: 3k tokens/s per request NicoConstant · 202 pts · May 29, 2026 · 52% similar
- Executing programs inside transformers with exponentially faster inference u1hcw9nx · 17 pts · March 12, 2026 · 51% similar
- 14× faster embeddings: how we rebuilt the ONNX path in Manticore snikolaev · 13 pts · July 03, 2026 · 50% similar
- Zero-Copy GPU Inference from WebAssembly on Apple Silicon agambrahma · 58 pts · April 18, 2026 · 50% similar
Discussion Highlights (8 comments)
smalltorch
It's pretty confident this calculator is a cat. https://i.postimg.cc/90WGjk8t/results.png What's the use case for this?
jszymborski
Big if true! One of the caveats here is that the file size seems to balloon 341 times.
Sajarin
They have a bit more info on their announcement blog post[0] > Belfort today released the "so far" CIFAR demo, an encrypted implementation of ResNet-20, a popular model for image classification. It outperforms recent SOTA by 3x with a total latency of less than 200ms Not many details on how they've done this, so I'm a bit skeptical. Fast HE is a holy grail. > Belfort's image classification is built on top of its upcoming GPU library, Cyclops. It comes with several optimizations that make Cyclops extremely fast on Encrypted AI workloads. Looks like a lead up to an upcoming library release [0] https://belfortlabs.com/blog/sofar
rcr-anti
Looked at the network logs and the JS, did some testing, there's a caveat here. For an encryption demo you might expect your secrets to be generated locally, they do the compute on something they can't read, you compare their results to your original plaintext; (imo at least) the point would be that it isn't physically possible for them to cheat. Here, you literally download client_secret.bin from their server, so they have control over the keys and evaluators. So two things. First, the per user key flow would be several minutes for per user keys, the evaluator bundle would be in the 100s MB to GB realm. Second, there's no way for us to tell the difference between them really doing FHE or decrypting with the key. To be clear, not evidence it's fake, just not total proof it's real. Really hope it's real, been a field I've been following for awhile.
deckar01
I think they only trained on dogs with floppy ears, because it is very confident the German Shepherd is a cat.
sam_lowry_
Kudos to the KULeuven alumni, but I am curious if the US finances research on homo morphic encryption still /s
digitallawyer
Super interesting work - should become default for sensitive data over time (finance / legal / ...)
grg0
> Image classification without the server seeing the image. Does a given plain image always result in the same encrypted payload?