[KenoFischer]

Training is a lot tougher. Just doing one gradient update step isn't all that bad (although you may have to play with the loss function a bit, e.g. logit cross entropy is probably tough to evaluate). However, then you need to go and actually do all the steps and gradient updates, so you probably need some form of bootstrapping to be able to evaluate computations of that depth. Also, the use case is slightly less compelling. For training, you can probably get all the parties who have data to coordinate and evaluate an MPC more cheaply than you could with HE alone. I think it'll require a very compelling use case for somebody to go and think through what the best way to do it is and it'll probably depend on the specifics of the application (who has what data, and what are we willing to leak as we go along - e.g. it's a lot easier if you don't care about keeping the weights secret).

[Analog24]

There are definitely compelling use-cases and there are people working on it (though not me). Developing tools/systems to handle sensitive data in a secure way is extremely expensive and time consuming. If you can create data collection and model training pipelines that can operate effectively with just encrypted data then you greatly reduce the number of vulnerabilities (e.g. fewer employees need to actually see the sensitive data and fewer points of attack on the system itself).

There are certainly a number of factors to consider besides data security when evaluating the practicality of such an approach but I just wanted to confirm that it was technically possible before getting in to any of that. Thanks for your response and the post, I knew almost nothing about HE before today.