Development of Privacy-preserving Deep Learning Model with Homomorphic Encryption: A Technical Feasibility Study in Kidney CT Imaging.
Authors
Affiliations (4)
Affiliations (4)
- Department of Anesthesiology and Pain Medicine, Asan Medical Centre, University of Ulsan College of Medicine, Seoul, Republic of Korea.
- CryptoLab Inc, Seoul, Republic of Korea.
- Department of Mathematics, Yale University, New Haven, Conn.
- Department of Urology, Asan Medical Centre, University of Ulsan College of Medicine, 88 Olympic-ro 43-gil, Songpa-gu, 05505 Seoul, Republic of Korea.
Abstract
<i>"Just Accepted" papers have undergone full peer review and have been accepted for publication in <i>Radiology: Artificial Intelligence</i>. This article will undergo copyediting, layout, and proof review before it is published in its final version. Please note that during production of the final copyedited article, errors may be discovered which could affect the content</i>. Purpose To evaluate the technical feasibility of implementing homomorphic encryption in deep learning models for privacy-preserving CT image analysis of renal masses. Materials and Methods A privacy-preserving deep learning system was developed through three sequential technical phases: a reference CNN model (Ref-CNN) based on ResNet architecture, modification for encryption compatibility (Approx-CNN) by replacing ReLU with polynomial approximation and max-pooling with averagepooling, and implementation of fully homomorphic encryption (HE-CNN). The CKKS encryption scheme was used for its capability to perform arithmetic operations on encrypted real numbers. Using 12,446 CT images from a public dataset (3,709 renal cysts, 5,077 normal kidneys, and 2,283 kidney tumors), we evaluated model performance using area under the receiver operating characteristic curve (AUC) and area under the precision-recall curve (AUPRC). Results All models demonstrated high diagnostic accuracy with AUC ranging from 0.89-0.99 and AUPRC from 0.67-0.99. The diagnostic performance trade-off was minimal from Ref-CNN to Approx-CNN (AUC: 0.99 to 0.97 for normal category), with no evidence of differences between models. However, encryption significantly increased storage and computational demands: a 256 × 256-pixel image expanded from 65KB to 32MB, requiring 50 minutes for CPU inference but only 90 seconds with GPU acceleration. Conclusion This technical development demonstrates that privacy-preserving deep learning inference using homomorphic encryption is feasible for renal mass classification on CT images, achieving comparable diagnostic performance while maintaining data privacy through end-to-end encryption. ©RSNA, 2025.