John Chiang

2024-08-14

Abstract:Privacy-preserving machine learning is one class of cryptographic methods that aim to analyze private and sensitive data while keeping privacy, such as homomorphic logistic regression training over large encrypted data. In this paper, we propose an efficient algorithm for logistic regression training on large encrypted data using Homomorphic Encryption (HE), which is the mini-batch version of recent methods using a faster gradient variant called $\texttt{quadratic gradient}$. It is claimed that $\texttt{quadratic gradient}$ can integrate curve information (Hessian matrix) into the gradient and therefore can effectively accelerate the first-order gradient (descent) algorithms. We also implement the full-batch version of their method when the encrypted dataset is so large that it has to be encrypted in the mini-batch manner. We compare our mini-batch algorithm with our full-batch implementation method on real financial data consisting of 422,108 samples with 200 freatures. %Our experiments show that Nesterov's accelerated gradient (NAG) Given the inefficiency of HEs, our results are inspiring and demonstrate that the logistic regression training on large encrypted dataset is of practical feasibility, marking a significant milestone in our understanding.

Cryptography and Security

John Chiang

DOI: https://doi.org/10.48550/arXiv.2201.10838

2024-09-22

Abstract:Training logistic regression over encrypted data has been a compelling approach in addressing security concerns for several years. In this paper, we introduce an efficient gradient variant, called $quadratic$ $gradient$, for privacy-preserving logistic regression training. We enhance Nesterov's Accelerated Gradient (NAG), Adaptive Gradient Algorithm (Adagrad) and Adam algorithms by incorporating their quadratic gradients and evaluate these improved algorithms on various datasets. Experimental results demonstrate that the enhanced algorithms achieve significantly improved convergence speed compared to traditional first-order gradient methods. Moreover, we applied the enhanced NAG method to implement homomorphic logistic regression training, achieving comparable results within just 4 iterations. There is a good chance that the quadratic gradient approach could integrate first-order gradient descent/ascent algorithms with the second-order Newton-Raphson methods, and that it could be applied to a wide range of numerical optimization problems.

Cryptography and Security,Machine Learning

Chaochao Chen,Jun Zhou,Li Wang,Xibin Wu,Wenjing Fang,Jin Tan,Lei Wang,Alex X. Liu,Hao Wang,Cheng Hong

DOI: https://doi.org/10.1145/3447548.3467210

2021-01-01

Abstract:Logistic Regression (LR) is the most widely used machine learning model in industry for its efficiency, robustness, and interpretability. Due to the problem of data isolation and the requirement of high model performance, many applications in industry call for building a secure and efficient LR model for multiple parties. Most existing work uses either Homomorphic Encryption (HE) or Secret Sharing (SS) to build secure LR. HE based methods can deal with high-dimensional sparse features, but they incur potential security risks. SS based methods have provable security, but they have efficiency issue under high-dimensional sparse features. In this paper, we first present CAESAR, which combines HE and SS to build secure large-scale sparse logistic regression model and achieves both efficiency and security. We then present the distributed implementation of CAESAR for scalability requirement. We have deployed CAESAR in a risk control task and conducted comprehensive experiments. Our experimental results show that CAESAR improves the state-of-the-art model by around 130 times.

Sergiu Carpov,Nicolas Gama,Mariya Georgieva,Juan Ramon Troncoso-Pastoriza

DOI: https://doi.org/10.1186/s12920-020-0723-0

2020-07-01

BMC Medical Genomics

Abstract:Abstract Background Privacy-preserving computations on genomic data, and more generally on medical data, is a critical path technology for innovative, life-saving research to positively and equally impact the global population. It enables medical research algorithms to be securely deployed in the cloud because operations on encrypted genomic databases are conducted without revealing any individual genomes. Methods for secure computation have shown significant performance improvements over the last several years. However, it is still challenging to apply them on large biomedical datasets. Methods The HE Track of iDash 2018 competition focused on solving an important problem in practical machine learning scenarios, where a data analyst that has trained a regression model (both linear and logistic) with a certain set of features, attempts to find all features in an encrypted database that will improve the quality of the model. Our solution is based on the hybrid framework Chimera that allows for switching between different families of fully homomorphic schemes, namely TFHE and HEAAN . Results Our solution is one of the finalist of Track 2 of iDash 2018 competition. Among the submitted solutions, ours is the only bootstrapped approach that can be applied for different sets of parameters without re-encrypting the genomic database, making it practical for real-world applications. Conclusions This is the first step towards the more general feature selection problem across large encrypted databases.

genetics & heredity

Andrey Kim,Yongsoo Song,Miran Kim,Keewoo Lee,Jung Hee Cheon

DOI: https://doi.org/10.1186/s12920-018-0401-7

2018-10-11

Abstract:Background: Security concerns have been raised since big data became a prominent tool in data analysis. For instance, many machine learning algorithms aim to generate prediction models using training data which contain sensitive information about individuals. Cryptography community is considering secure computation as a solution for privacy protection. In particular, practical requirements have triggered research on the efficiency of cryptographic primitives. Methods: This paper presents a method to train a logistic regression model without information leakage. We apply the homomorphic encryption scheme of Cheon et al. (ASIACRYPT 2017) for an efficient arithmetic over real numbers, and devise a new encoding method to reduce storage of encrypted database. In addition, we adapt Nesterov's accelerated gradient method to reduce the number of iterations as well as the computational cost while maintaining the quality of an output classifier. Results: Our method shows a state-of-the-art performance of homomorphic encryption system in a real-world application. The submission based on this work was selected as the best solution of Track 3 at iDASH privacy and security competition 2017. For example, it took about six minutes to obtain a logistic regression model given the dataset consisting of 1579 samples, each of which has 18 features with a binary outcome variable. Conclusions: We present a practical solution for outsourcing analysis tools such as logistic regression analysis while preserving the data confidentiality.

John Chiang

2024-06-04

Abstract:In this paper, we present a practical solution to implement privacy-preserving CNN training based on mere Homomorphic Encryption (HE) technique. To our best knowledge, this is the first attempt successfully to crack this nut and no work ever before has achieved this goal. Several techniques combine to accomplish the task:: (1) with transfer learning, privacy-preserving CNN training can be reduced to homomorphic neural network training, or even multiclass logistic regression (MLR) training; (2) via a faster gradient variant called $\texttt{Quadratic Gradient}$, an enhanced gradient method for MLR with a state-of-the-art performance in convergence speed is applied in this work to achieve high performance; (3) we employ the thought of transformation in mathematics to transform approximating Softmax function in the encryption domain to the approximation of the Sigmoid function. A new type of loss function termed $\texttt{Squared Likelihood Error}$ has been developed alongside to align with this change.; and (4) we use a simple but flexible matrix-encoding method named $\texttt{Volley Revolver}$ to manage the data flow in the ciphertexts, which is the key factor to complete the whole homomorphic CNN training. The complete, runnable C++ code to implement our work can be found at: \href{<a class="link-external link-https" href="https://github.com/petitioner/HE.CNNtraining" rel="external noopener nofollow">this https URL</a>}{$\texttt{<a class="link-external link-https" href="https://github.com/petitioner/HE.CNNtraining" rel="external noopener nofollow">this https URL</a>}$}. We select $\texttt{REGNET\_X\_400MF}$ as our pre-trained model for transfer learning. We use the first 128 MNIST training images as training data and the whole MNIST testing dataset as the testing data. The client only needs to upload 6 ciphertexts to the cloud and it takes $\sim 21$ mins to perform 2 iterations on a cloud with 64 vCPUs, resulting in a precision of $21.49\%$.

Cryptography and Security,Computer Vision and Pattern Recognition,Machine Learning

Wenjing Fang,Chaochao Chen,Jin Tan,Chaofan Yu,Yufei Lu,Li Wang,Lei Wang,Jun Zhou,Alex X

2020-01-01

Abstract:Gradient tree boosting (e.g. XGB) is one of the most widely usedmachine learning models in practice. How to build a secure XGB inface of data isolation problem becomes a hot research topic. However, existing works tend to leak intermediate information and thusraise potential privacy risk. In this paper, we propose a novel framework for two parties to build secure XGB with vertically partitioneddata. Specifically, we associate Homomorphic Encryption (HE) domain with Secret Sharing (SS) domain by providing the two-waytransformation primitives. The framework generally promotes theefficiency for privacy preserving machine learning and offers theflexibility to implement other machine learning models. Then weelaborate two secure XGB training algorithms as well as a corresponding prediction algorithm under the hybrid security domains.Next, we compare our proposed two training algorithms throughboth complexity analysis and experiments. Finally, we verify themodel performance on benchmark dataset and further apply ourwork to a real-world scenario.

Chengjin Liu,Zoe L Jiang,Xin Zhao,Qian Chen,Junbin Fang,Daojing He,Jun Zhang,Xuan Wang

DOI: https://doi.org/10.1109/infocomwkshps54753.2022.9797933

2022-01-01

Abstract:In the era of big data, data are often outsourced at cloud for storage and computation. As data has become a highly valuable resource, data holder needs retain full privacy and control over it. Privacy-preserving machine learning (PPML) aims at extracting data value while preserving its privacy. Homomorphic encryption (HE), as a privacy-preserving technique, is increasingly used in PPML schemes. However, since bootstrapping is required in Fully Homomorphic Encryption (FHE) after a certain number of homomorphic operations to ensure the correctness of decryption, FHE-based PPML may perform a large number of bootstrappings, which greatly reduces the efficiency. Besides, FHE only supports homomorphic addition and multiplication operations. Most of the existing solutions use Taylor theorem to convert nonlinear function into linear polynomial function with sacrifice of model accuracy. To solve the two problems above, we propose to simulate bootstrapping operation in training phase by a pair of decryption and re-encryption operations, which is further transferred to trusted hardware to avoid information leakage after decryption. With this idea, the performance can be enhanced greatly. In addition, all the calculations of activation function (nonlinear) can be executed in plaintext form directly. In this paper, we propose and implement an efficient and privacy-preserving logistic regression scheme based on Leveled FHE, and deploy the bootstrapping simulation and activation function on Raspberry Pi (a simulated trusted hardware). The scheme achieves practical usability demonstrated on standard UCI datasets.

Wei Xie,Yang Wang,Steven M. Boker,Donald E. Brown

DOI: https://doi.org/10.48550/arXiv.1611.01170

2016-11-04

Abstract:Safeguarding privacy in machine learning is highly desirable, especially in collaborative studies across many organizations. Privacy-preserving distributed machine learning (based on cryptography) is popular to solve the problem. However, existing cryptographic protocols still incur excess computational overhead. Here, we make a novel observation that this is partially due to naive adoption of mainstream numerical optimization (e.g., Newton method) and failing to tailor for secure computing. This work presents a contrasting perspective: customizing numerical optimization specifically for secure settings. We propose a seemingly less-favorable optimization method that can in fact significantly accelerate privacy-preserving logistic regression. Leveraging this new method, we propose two new secure protocols for conducting logistic regression in a privacy-preserving and distributed manner. Extensive theoretical and empirical evaluations prove the competitive performance of our two secure proposals while without compromising accuracy or privacy: with speedup up to 2.3x and 8.1x, respectively, over state-of-the-art; and even faster as data scales up. Such drastic speedup is on top of and in addition to performance improvements from existing (and future) state-of-the-art cryptography. Our work provides a new way towards efficient and practical privacy-preserving logistic regression for large-scale studies which are common for modern science.

Machine Learning,Cryptography and Security

Martine De Cock,Rafael Dowsley,Anderson C. A. Nascimento,Davis Railsback,Jianwei Shen,Ariel Todoki

DOI: https://doi.org/10.48550/arXiv.2002.05377

2020-03-03

Abstract:In this paper, we present a secure logistic regression training protocol and its implementation, with a new subprotocol to securely compute the activation function. To the best of our knowledge, we present the fastest existing secure Multi-Party Computation implementation for training logistic regression models on high dimensional genome data distributed across a local area network.

Cryptography and Security,Machine Learning

John Chiang

2024-07-31

Abstract:Privacy-preserving regression in machine learning is a crucial area of research, aimed at enabling the use of powerful machine learning techniques while protecting individuals' privacy. In this paper, we implement privacy-preserving regression training using data encrypted under a fully homomorphic encryption scheme. We first examine the common linear regression algorithm and propose a (simplified) fixed Hessian for linear regression training, which can be applied for any datasets even not normalized into the range $[0, 1]$. We also generalize this constant Hessian matrix to the ridge regression version, namely linear regression which includes a regularization term to penalize large coefficients. However, our main contribution is to develop a novel and efficient algorithm called LFFR for homomorphic regression using the logistic function, which could model more complex relations between input values and output prediction in comparison with linear regression. We also find a constant simplified Hessian to train our LFFR algorithm using the Newton-like method and compare it against to with our new fixed Hessian linear regression training over two real-world datasets. We suggest normalizing not only the data but also the target predictions even for the original linear regression used in a privacy-preserving manner, which is helpful to remain weights in a small range, say $[-5, +5]$ good for refreshing ciphertext setting parameters, and avoid tuning the regularization parameter $\lambda$ via cross validation. The linear regression with normalized predictions could be a viable alternative to ridge regression.

Machine Learning,Cryptography and Security

Qianjun Wei,Qiang Li,Zhipeng Zhou,ZhengQiang Ge,Yonggang Zhang

DOI: https://doi.org/10.1007/s12083-020-01017-x

2020-11-03

Abstract:The full application of machine learning has caused plenty of problems with privacy-preserving. Especially in multi-party machine learning, private data is often exposed in the aggregation,transmission, and communication phase, which leads to the problem of private data leakage. Existing works use secure multi-party computing (SMPC) or secret-sharing technology to ensure the privacy-preserving of multi-party machine learning. Nevertheless, it brings enormous cost and feasibility drawbacks. The partition method of datasets is one of the most critical factors affecting the performance of machine learning. Vertically partitioned data has the problems of incomplete feature information held by a single participant and complicated training process. Therefore, it has to be tackled urgently that how to efficiently and safely complete the multi-party training using vertically partitioned datasets. Moreover, training logistic regression models efficiently is one of the directions worth working on. In this paper, we propose a protocol using that can complete the logistic regression modeling of vertically partitioned data by asynchronous gradient sharing. At the same time, we use an efficient homomorphic encryption method to protect private data. The experiments show that our protocol can reduce the training time in the case of a small impact on the output results, and speedup can be over 10x. Meanwhile, it will ensure the security of the vertically partitioned dataset.

computer science, information systems,telecommunications

Guanhong Miao

DOI: https://doi.org/10.48550/arXiv.2202.02650

2022-07-20

Abstract:Internet of Things devices are expanding rapidly and generating huge amount of data. There is an increasing need to explore data collected from these devices. Collaborative learning provides a strategic solution for the Internet of Things settings but also raises public concern over data privacy. In recent years, large amount of privacy preserving techniques have been developed based on secure multi-party computation and differential privacy. A major challenge of collaborative learning is to balance disclosure risk and data utility while maintaining high computation efficiency. In this paper, we proposed privacy preserving logistic regression model using matrix encryption approach. The secure scheme is resilient to chosen plaintext attack, known plaintext attack, and collusion attack that could compromise any agencies in the collaborative learning. Encrypted model estimate is decrypted to provide true model results with no accuracy degradation. Verification phase is implemented to examine dishonest behavior among agencies. Experimental evaluations demonstrate fast convergence rate and high efficiency of proposed scheme.

Cryptography and Security,Machine Learning,Other Statistics

Xiaoxia Dong,Jie Chen,Kai Zhang,Haifeng Qian

DOI: https://doi.org/10.1109/access.2019.2962700

IF: 3.9

2020-01-01

IEEE Access

Abstract:The emerging development of cloud computing makes a trend that the cloud becomes a outsourced agglomeration for storing big data that generally contains numerous information. To mine the rich value involved in big data, the machine learning methodology is widespread employed due to its ability to adapt to data changes. However, the data mining process may involve the privacy issues of the users, hence they are reluctant to share their information. This is the reason why the outsourced data need to be dealt with securely, where data encryption is considered to be the most straightforward method to keep the privacy of data, but machine learning on the data in ciphertext domain is more complicated than the plaintext, since the relationship structure between data is no longer maintained, in such a way that we focus on the machine learning over encrypted big data. In this work, we study locally weighted linear regression (LWLR), a widely used classic machine learning algorithm in real-world, such as predict and find the best-fit curve through numerous data points. To tackle the privacy concerns in utilizing the LWLR algorithm, we present a system for privacy-preserving locally weighted linear regression, where the system not only protects the privacy of users but also encrypts the best-fit curve. Therefore, we use Paillier homomorphic encryption as the building modular to encrypt data and then apply the stochastic gradient descent in encrypted domain. After given a security analysis, we study how to let Paillier encryption deal with real numbers and implement the system in Python language with a couple of experiments on real-world data sets to evaluate the effectiveness, and show that it outperforms the state-of-the-art and occurs negligible errors compared with performing locally weighted linear regression in the clear.

Seungwan Hong,Yoolim A Choi,Daniel S Joo,Gamze Gürsoy

DOI: https://doi.org/10.1016/j.jbi.2024.104678

Abstract:Objective: Linear and logistic regression are widely used statistical techniques in population genetics for analyzing genetic data and uncovering patterns and associations in large genetic datasets, such as identifying genetic variations linked to specific diseases or traits. However, obtaining statistically significant results from these studies requires large amounts of sensitive genotype and phenotype information from thousands of patients, which raises privacy concerns. Although cryptographic techniques such as homomorphic encryption offers a potential solution to the privacy concerns as it allows computations on encrypted data, previous methods leveraging homomorphic encryption have not addressed the confidentiality of shared models, which can leak information about the training data. Methods: In this work, we present a secure model evaluation method for linear and logistic regression using homomorphic encryption for six prediction tasks, where input genotypes, output phenotypes, and model parameters are all encrypted. Results: Our method ensures no private information leakage during inference and achieves high accuracy (≥93% for all outcomes) with each inference taking less than ten seconds for ∼200 genomes. Conclusion: Our study demonstrates that it is possible to perform linear and logistic regression model evaluation while protecting patient confidentiality with theoretical security guarantees. Our implementation and test data are available at https://github.com/G2Lab/privateML/.

Jorge M. Cortés-Mendoza,Andrei Tchernykh,Mikhail G. Babenko,Luis Bernardo Pulido-Gaytan,Gleb I. Radchenko,Franck Leprévost,Xinheng Wang,Arutyun Avetisyan

DOI: https://doi.org/10.1007/978-3-030-64616-5_51

2020-01-01

Abstract:The security of data storage, transmission, and processing is emerging as an important consideration in many data analytics techniques and technologies. For instance, in machine learning, the datasets could contain sensitive information that cannot be protected by traditional encryption approaches. Homomorphic encryption schemes and secure multi-party computation are considered as a solution for privacy protection. In this paper, we propose a homomorphic Logistic Regression based on Residue Number System (LR-RNS) that provides security, parallel processing, scalability, error detection, and correction. We verify it using six known datasets from medicine (diabetes, cancer, drugs, etc.) and genomics. We provide experimental analysis with 30 configurations for each dataset to compare the performance and quality of our solution with the state of the art algorithms. For a fair comparison, we use the same 5-fold cross-validation technique. The results show that LR-RNS demonstrates similar accuracy and performance of the classification algorithm at various thresholds settings but with the reduction of training time from 85.9% to 96.1%.

Wenfa Li,Hongzhe Liu,Peng Yang,Wei Xie

DOI: https://doi.org/10.1371/journal.pone.0156479

IF: 3.7

2016-06-06

PLoS ONE

Abstract:As one of the most popular statistical and machine learning models, logistic regression with regularization has found wide adoption in biomedicine, social sciences, information technology, and so on. These domains often involve data of human subjects that are contingent upon strict privacy regulations. Concerns over data privacy make it increasingly difficult to coordinate and conduct large-scale collaborative studies, which typically rely on cross-institution data sharing and joint analysis. Our work here focuses on safeguarding regularized logistic regression, a widely-used statistical model while at the same time has not been investigated from a data security and privacy perspective. We consider a common use scenario of multi-institution collaborative studies, such as in the form of research consortia or networks as widely seen in genetics, epidemiology, social sciences, etc. To make our privacy-enhancing solution practical, we demonstrate a non-conventional and computationally efficient method leveraging distributing computing and strong cryptography to provide comprehensive protection over individual-level and summary data. Extensive empirical evaluations on several studies validate the privacy guarantee, efficiency and scalability of our proposal. We also discuss the practical implications of our solution for large-scale studies and applications from various disciplines, including genetic and biomedical studies, smart grid, network analysis, etc.

multidisciplinary sciences

Jiaqi Zhao,Hui Zhu,Fengwei Wang,Rongxing Lu,Hui Li

DOI: https://doi.org/10.1109/globecom54140.2023.10437155

2023-01-01

Abstract:The explosive growth of data scales has recently drawn extensive attention to machine learning (ML) prediction services for achieving effective and efficient decision-making. However, the potential risk of model or data leakage, as well as vertically partitioned query data in real-world scenes, bring many challenges to ML prediction. Therefore, this paper proposes an efficient and privacy-preserving logistic regression prediction scheme, through which query institutions with vertically partitioned data can enjoy secure, fast, and high-accuracy prediction services from one cloud service provider. Specifically, we take the efficiency advantage of the trusted execution environments (TEE) technique under a semi-honest model, and design a series of masking and recovery methods based on homomorphic encryption to guarantee privacy inside and outside the enclave. Moreover, the ciphertext packing technique is integrated into our scheme for processing predictions parallelly, which further reduces communication and computational overhead. As a result, our scheme will not introduce additional strong security assumptions to TEE; meanwhile, it achieves a trade-off between security and efficiency. Based on the simulation-based paradigm, we formally prove the selective security of our scheme. Extensive experiments on real-world and synthetic datasets show that our prediction accuracy is comparable with plaintext prediction, and our scheme has at least a 30x running speedup compared to the existing representative schemes.

Adrià Gascón,Phillipp Schoppmann,Borja Balle,Mariana Raykova,Jack Doerner,Samee Zahur,David Evans

DOI: https://doi.org/10.1515/popets-2017-0053

2017-10-01

Proceedings on Privacy Enhancing Technologies

Abstract:Abstract We propose privacy-preserving protocols for computing linear regression models, in the setting where the training dataset is vertically distributed among several parties. Our main contribution is a hybrid multi-party computation protocol that combines Yao’s garbled circuits with tailored protocols for computing inner products. Like many machine learning tasks, building a linear regression model involves solving a system of linear equations. We conduct a comprehensive evaluation and comparison of different techniques for securely performing this task, including a new Conjugate Gradient Descent (CGD) algorithm. This algorithm is suitable for secure computation because it uses an efficient fixed-point representation of real numbers while maintaining accuracy and convergence rates comparable to what can be obtained with a classical solution using floating point numbers. Our technique improves on Nikolaenko et al.’s method for privacy-preserving ridge regression (S&P 2013), and can be used as a building block in other analyses. We implement a complete system and demonstrate that our approach is highly scalable, solving data analysis problems with one million records and one hundred features in less than one hour of total running time.

YANG Yuejia,HUA Bei,ZHONG Zhiwei,GAO Mi

DOI: https://doi.org/10.19678/j.issn.1000-3428.0064391

2023-01-01

Abstract:With the establishment and standardization of data exchange markets,a new demand in which multiparties collaboratively train a machine learning model has emerged. Federated learning enables multiple data owners to jointly train a model,with the requirement that the model is trained and shared by all participants. The existing federated learning frameworks can not be applied to scenarios in which the data owners and model demander have different requirements and the model is jointly trained but not shared. A collaborative computing scheme for privacy-preserving logistic regression based on homomorphic encryption is proposed,which is independent of any third-party computing platforms. The collaborative compuing scheme includes a multiparty collaborative computing framework that comprises multiple data owners,a model demander,a key generator,and an interactive collaborative computing process based on the framework. With this framework,a model can be collaboratively trained without the leakage of model information or data privacy. The security of the collaborative computing scheme is analyzed by establishing an attack model. Based on the advanced floating-point fully homomorphic encryption scheme called the Cheon-Kim-Kim-Song（CKKS）,a prototype system is implemented on a small computer cluster. This is optimized for calculations and communication,including the early termination of the training process and offloading the ciphertext homomorphic operations to the Graphics Processing Unit（GPU） to improve computational efficiency. The experimental results show that the computational optimizations can improve the system performance by approximately 50 times,and the prototype system can satisfy the practical requirements for small and medium-sized data sets.