Secure Inference for Vertically Partitioned Data Using Multiparty Homomorphic Encryption

Shuangyi Chen,Yue Ju,Zhongwen Zhu,Ashish Khisti
2024-07-22
Abstract:We propose a secure inference protocol for a distributed setting involving a single server node and multiple client nodes. We assume that the observed data vector is partitioned across multiple client nodes while the deep learning model is located at the server node. Each client node is required to encrypt its portion of the data vector and transmit the resulting ciphertext to the server node. The server node is required to collect the ciphertexts and perform inference in the encrypted domain. We demonstrate an application of multi-party homomorphic encryption (MPHE) to satisfy these requirements. We propose a packing scheme, that enables the server to form the ciphertext of the complete data by aggregating the ciphertext of data subsets encrypted using MPHE. While our proposed protocol builds upon prior horizontal federated training protocol~\cite{sav2020poseidon}, we focus on the inference for vertically partitioned data and avoid the transmission of (encrypted) model weights from the server node to the client nodes.
Cryptography and Security
What problem does this paper attempt to address?
This paper attempts to solve the problem of secure inference in the environment of vertically partitioned data. Specifically, the paper proposes a Multiparty Homomorphic Encryption (MPHE) protocol to ensure the privacy of data and models when performing neural network inference in a distributed environment. ### Main problems 1. **Data privacy protection**: When data is vertically partitioned and stored on multiple client nodes, how to ensure that this data is not leaked during the inference process. 2. **Model privacy protection**: The deep - learning model parameters on the server should not be exposed to client nodes. 3. **Security of multi - party collaboration**: In the presence of passive attackers, ensure the security of the inference process and the confidentiality of the results, even if up to \( N - 1 \) parties may collude. ### Solution overview The paper proposes an end - to - end multi - party secure inference protocol for vertically partitioned data. The main contributions include: 1. **New packing scheme (V - Pack)**: Through this scheme, the client can pre - process its subset of features and enable the server to form the ciphertext of a complete sample without knowing the identities of other clients. 2. **Inference in the encrypted domain**: All inference operations are performed in the encrypted domain, ensuring that intermediate results are not leaked. 3. **Decryption mechanism**: Use the target key pair for distributed decryption to ensure that only the coordinator can obtain the final inference result. ### Protocol process #### Setup phase 1. **Generate public key and target key pair**: - Each client generates a pair of homomorphic encryption public - private keys and sends the public key to the server. - The server aggregates the public keys of all clients, generates a common public key \( cpk \) and broadcasts it to all clients. - The coordinator generates a target key pair \((tpk, tsk)\) and sends the target public key \( tpk \) to all clients. #### Inference phase 1. **Secure aggregation and input concatenation**: - The client uses the V - Pack scheme to pre - process and encrypt its subset of features, and then sends the ciphertext to the server. - The server receives the ciphertext from the client and forms the ciphertext of the complete feature by simple addition. 2. **Inference and decryption**: - The server performs neural network inference in the encrypted domain to obtain the ciphertext \( cty \) of the prediction result. - The server sends \( cty \) to all clients, and each client uses \( MPHE.PubKeySwitch \) to generate an intermediate decryption result \( hi \) and sends it to the coordinator. - The coordinator uses the \( MPHE.Agg - Dec \) function and the target private key \( tsk \) to obtain the final prediction result \( y \). ### Privacy analysis Through multi - party homomorphic encryption and a carefully designed protocol, the following privacy goals are ensured: - Clients, servers, and coordinators cannot obtain data or model parameters of other clients. - Intermediate results always exist in the form of ciphertext and do not leak any information. - Only the coordinator can decrypt the final prediction result, ensuring end - to - end security. ### Experimental results The experiment evaluated the execution time, communication cost, and scalability of the protocol. The results show that although encrypted inference is slightly slower than plaintext inference, it provides stronger security guarantees. In addition, the setup phase of the protocol is one - time, and the time and communication cost of the subsequent inference process are relatively stable and controllable. In conclusion, the paper proposes a novel and effective multi - party secure inference protocol, which solves the privacy protection problem in the vertically partitioned data environment.