Compare homomorphic encryption-based inference with encrypted inference using secure enclaves.

This question tests the fundamental trade-off between two approaches to privacy-preserving inference: computing on encrypted data versus executing inside a trusted hardware boundary. Homomorphic encryption lets you perform calculations directly on ciphertext, so the data never needs to be decrypted during the inference process. That means strong privacy guarantees because the service provider never sees plaintext inputs or results. The downside is performance: even optimized homomorphic schemes incur massive computational overhead, require much more memory and bandwidth, and often limit the complexity or depth of the model you can run, making real-time or large-scale inference impractical in many cases. Secure enclaves take a different approach. They provide protected execution by isolating the computation within a hardware-based trusted environment. Data and code inside the enclave are protected from other software on the same device, and memory encryption helps protect data at rest or during transit to the enclave. However, this model requires trusting the hardware and the platform supplier, and it comes with its own constraints, such as enclave memory size and potential side-channel vulnerabilities, plus the need for remote attestation to verify what’s running inside the enclave. So the best answer captures both the privacy guarantee and the practical trade-offs: homomorphic encryption enables computation on encrypted data without decryption but is often impractical due to performance; secure enclaves provide protected execution with encryption but require trusted hardware.