Aditya Induraj - Portfolio

This is a blog on FHE and my implementation of an invisible image watermarking system using it.

An Introduction

Encryption is really old. And important.

Early methods, like the Caesar Cipher from 60 BC which simply shifted letters in the alphabet paved the way for the sophisticated encryption techniques we rely on today.

In the age of the internet, and artificial intelligence, our data is the new currency upon which the digital world runs. Big-Tech is locked in a modern race to hoard as much data as technically possible to fund the AI-arms race. Encryption is the only thing that stands to defend privacy as we know it.

End-to-End Encryption (E2EE) is the modern standard for security, and it is E2EE that safeguards our communications. However, it only protects our data in transit, and it requires decryption for any sort of processing to be performed on it.

This opens a Pandora's Box of privacy and compliance concerns, and involves a great deal of trust in the third party in-charge of processing your data.

Just in the year 2024, 85% of data breaches involved data stored in the cloud with the average data breach costing upwords of 4.5 million USD. And that's just when a breach is identified, it takes an average company roughly 277 days to actually identify a data breach. (Source - IBM Security 2024 Report).

Encrypted data is technically and accurately...gibberish. You can't do anything with gibberish, hence the need to decrypt. It's just how things are done.

But should it be?

Fully Homomorphic Encryption

Fully Homomorphic Encryption or FHE for short, is a technology that enables processing encrypted data, eliminating the need to ever decrypt your data.

Unlike standard encryption that only encrypts data when it's stored or transmitted, FHE ensures that data remains secure during the entire pipeline, including processing.

This breakthrough technology means that companies can offer their services without ever needing to see their user's data. With data encrypted both in transit and during processing, everything we do online could be E2EE, not just sending messages.

Our Watermarking Solution

Invisible digital watermarking is a technique used to embed hidden information within media files without visibly altering their appearance. Our approach leverages Fully Homomorphic Encryption (FHE), specifically using the Concrete library, to enhance privacy and security in the watermarking process.

By applying FHE, watermarking operations can be conducted directly on encrypted images, ensuring that neither the image nor the watermark is exposed at any stage. This is particularly relevant in the context of Generative AI and regulatory efforts like the EU AI Act, which emphasize the need for reliable digital watermarking to trace AI-generated content and enforce digital rights.

FHE enables a trustless service where watermarking can be standardized across all images, addressing the growing need for attribution and authenticity verification in digital media. Key applications include:

Copyright Protection – Embedding ownership information within images to prevent unauthorized use.
Authentication – Verifying the legitimacy of an image by extracting and validating hidden watermarks.
Tamper Detection – Identifying and localizing modifications or alterations.
Digital Media Tracking – Monitoring image distribution and usage across platforms.

With FHE, these operations can be performed while maintaining complete data privacy, eliminating the need to decrypt sensitive content. This approach ensures compliance with emerging data security regulations and reinforces trust in digital watermarking for both AI-generated and conventional media.

Technicalities

Our watermarking system demonstrates how FHE can be practically applied to secure digital watermarking using Concrete - an FHE library by Zama.

1. Approach and Pre-Processing: To reduce computational overhead, we work with 32×32 grayscale images. The system begins by converting any input image to grayscale and resizing it. This low resolution is a deliberate choice to balance demonstration clarity with the heavy computational demands of FHE.

2. Watermark Construction and Embedding: The watermark is a secret message (e.g., “fhe_secret”) that is first converted into its binary representation—each character becomes an 8-bit string. The bits are then repeated cyclically to create a watermark mask that matches the total number of pixels (1024 in a 32×32 image). The core watermarking function operates by clearing the least significant bit (LSB) of each pixel and replacing it with the corresponding watermark bit. In technical terms, this is achieved by performing an integer division to clear the LSB and then adding the watermark bit:

watermarked = (x // 2) * 2 + watermark_mask

This ensures the watermark is “invisible” since only the LSB is modified.

3. FHE Circuit Compilation with Concrete ML: One of the most exciting aspects is that the watermarking operation is performed on encrypted data using FHE. We define the watermarking function in Python and compile it into an FHE circuit using the Concrete library. The Concrete compiler transforms our function into an optimized FHE circuit by accepting an input set of two sample images. The show_mlir=True parameter exposes the Multi-Level Intermediate Representation (MLIR) of the circuit, which is useful for debugging and further optimizations.

compiler = fhe.Compiler(self.apply_watermark, {"x": "encrypted"})
 self.fhe_circuit = compiler.compile(inputset, show_mlir=True)

4. Encryption, Server Processing, and Key Management: The client encrypts the flattened image array using FHE, serializing the encrypted data before sending it to the server. The server, using a precompiled circuit, processes the encrypted image to embed the watermark, all while the data remains encrypted. After processing, the encrypted output is sent back to the client, where it is deserialized and decrypted.

Key management is critical. The system uses separate client and server classes for managing encryption keys, ensuring that the keys and the compiled circuit are securely stored in designated directories. This modularity not only streamlines the process but also reinforces security by keeping encryption keys isolated from processing logic.

5. Decryption and Watermark Extraction: After decryption, the system extracts the watermark by reading the LSBs of the decrypted image. The extracted binary data is reassembled into the original message, confirming the watermark’s successful embedding without ever exposing the image content during processing.

So...what's next?

Fully Homomorphic Encryption is a transformative technology that redefines data security by allowing operations on encrypted data, offering unprecedented privacy. It paves the way for innovative applications like secure digital watermarking. Our system, built on the Concrete library, demonstrates how watermarks can be embedded directly into the encrypted domain, ensuring that privacy remains intact. As FHE technology matures, it promises to revolutionize the way we process, store, and secure data online, moving us closer to an internet where security and functionality coexist seamlessly.

And I for one, can't wait!