Ágnes Kiss,Masoud Naderpour,Jian Liu,N. Asokan,Thomas Schneider

DOI: https://doi.org/10.2478/popets-2019-0026

2019-01-01

Proceedings on Privacy Enhancing Technologies

Abstract:Abstract Decision trees and random forests are widely used classifiers in machine learning. Service providers often host classification models in a cloud service and provide an interface for clients to use the model remotely. While the model is sensitive information of the server, the input query and prediction results are sensitive information of the client. This motivates the need for private decision tree evaluation, where the service provider does not learn the client’s input and the client does not learn the model except for its size and the result. In this work, we identify the three phases of private decision tree evaluation protocols: feature selection, comparison, and path evaluation. We systematize constant-round protocols for each of these phases to identify the best available instantiations using the two main paradigms for secure computation: garbling techniques and homomorphic encryption. There is a natural tradeoff between runtime and communication considering these two paradigms: garbling techniques use fast symmetric-key operations but require a large amount of communication, while homomorphic encryption is computationally heavy but requires little communication. Our contributions are as follows: Firstly, we systematically review and analyse state-of-the-art protocols for the three phases of private decision tree evaluation. Our methodology allows us to identify novel combinations of these protocols that provide better tradeoffs than existing protocols. Thereafter, we empirically evaluate all combinations of these protocols by providing communication and runtime measures, and provide recommendations based on the identified concrete tradeoffs.

Wenjing Fang,Chaochao Chen,Jin Tan,Chaofan Yu,Yufei Lu,Li Wang,Lei Wang,Jun Zhou,Alex X

2020-01-01

Abstract:Gradient tree boosting (e.g. XGB) is one of the most widely usedmachine learning models in practice. How to build a secure XGB inface of data isolation problem becomes a hot research topic. However, existing works tend to leak intermediate information and thusraise potential privacy risk. In this paper, we propose a novel framework for two parties to build secure XGB with vertically partitioneddata. Specifically, we associate Homomorphic Encryption (HE) domain with Secret Sharing (SS) domain by providing the two-waytransformation primitives. The framework generally promotes theefficiency for privacy preserving machine learning and offers theflexibility to implement other machine learning models. Then weelaborate two secure XGB training algorithms as well as a corresponding prediction algorithm under the hybrid security domains.Next, we compare our proposed two training algorithms throughboth complexity analysis and experiments. Finally, we verify themodel performance on benchmark dataset and further apply ourwork to a real-world scenario.

Yifeng Zheng,Huayi Duan,Cong Wang,Ruochen Wang,Surya Nepal

DOI: https://doi.org/10.1109/tdsc.2020.3040012

2020-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Outsourcing machine learning inference services to the cloud is getting increasingly popular. However, this also entails privacy risks to the provider's proprietary model and the client's sensitive data. Focusing on inference with decision trees, this article proposes a framework for securely and efficiently outsourcing decision tree inference. Targeting both privacy and efficiency, we propose a customized protocol using only lightweight cryptography in the online execution of secure inference. We resort to additive secret sharing and tackle the problems in various components including secure input feature selection, decision node evaluation, and inference result generation. Our protocol requires no interaction from the provider and client during online secure inference, a distinct advantage over prior works for practical deployment as they all operate under the client-provider setting where synchronous and continuous interaction is required. Performance evaluation demonstrates our security design's efficiency, as well as substantial performance benefits for the client (up to four orders of magnitude in computation and 163 times in communication), as opposed to prior art in the non-outsourcing setting. To facilitate the practical usage for meeting more service demands, we also investigate the extensions for secure outsourced inference of random forests and categorical feature-based decision trees.

computer science, information systems, software engineering, hardware & architecture

Bangzhou Xin,Wei Yang,Shaowei Wang,Liusheng Huang

DOI: https://doi.org/10.1109/icassp.2019.8682219

2019-01-01

Abstract:As information security is increasingly valued, privacy preserving data mining has become a research hotspot in the field of big data and signal processing. We propose a new differentially private greedy decision forest algorithm called DPGDF to help improve the accuracy of privacy-preserving data mining Unlike previous algorithms that only employed greedy decision trees or random forests, our algorithm uses a combination of greedy trees and parallel combination theory to construct a greedy decision forest and coordinate privacy protection and prediction accuracy to achieve the best balance. Combined with smooth sensitivity, the introduction of noise is minimized, making the prediction accuracy of the algorithm notably better than the current state-of-the-art algorithms. Experiments on the UCI datasets show that the prediction accuracy of our algorithm is about 10% higher than that of those algorithms.

Yingjie Li,Yan Feng,Quan Qian

DOI: https://doi.org/10.1016/j.jisa.2023.103468

IF: 4.96

2023-03-24

Journal of Information Security and Applications

Abstract:The big data era has led to an exponential increase in data usage, resulting in significantly advancements in data-driven domains and data mining. However, due to privacy and regulatory requirements, sharing data among various institutions is not always possible. Federated learning can help address this problem, but existing studies that combine differential privacy with tree models have shown significant accuracy loss. In this study, we propose a Federated Differential Privacy Gradient Boosting Decision Tree (FDPBoost) that protects the private datasets of different owners while improving model accuracy. We select sensitive features according to the secure feature set indicator, and use an exponential mechanism to protect sensitive features and assign significant weight to the Laplace mechanism to protect leaf node values. Additionally, a distributed two-level boosting framework is designed to allocate the privacy budget between intra-iteration and inter-iteration decision trees while protecting model communication. The FDPBoost is tested on five datasets sourced from the materials and medical domains. Our experiments reveal that FDPBoost achieves competitive accuracy with traditional federated gradient boosting decision trees while also exhibiting a significant reduction in error rate as compared to PPGBDT (Zhao et al.) and FV-tree (Gao et al.). Notably, FDPBoost's error rate on the tumor-diagnosis dataset is 30% lower than that of FV-tree.

computer science, information systems

Samuel Maddock,Graham Cormode,Tianhao Wang,Carsten Maple,Somesh Jha

DOI: https://doi.org/10.1145/3548606.3560687

2022-10-06

Abstract:There is great demand for scalable, secure, and efficient privacy-preserving machine learning models that can be trained over distributed data. While deep learning models typically achieve the best results in a centralized non-secure setting, different models can excel when privacy and communication constraints are imposed. Instead, tree-based approaches such as XGBoost have attracted much attention for their high performance and ease of use; in particular, they often achieve state-of-the-art results on tabular data. Consequently, several recent works have focused on translating Gradient Boosted Decision Tree (GBDT) models like XGBoost into federated settings, via cryptographic mechanisms such as Homomorphic Encryption (HE) and Secure Multi-Party Computation (MPC). However, these do not always provide formal privacy guarantees, or consider the full range of hyperparameters and implementation settings. In this work, we implement the GBDT model under Differential Privacy (DP). We propose a general framework that captures and extends existing approaches for differentially private decision trees. Our framework of methods is tailored to the federated setting, and we show that with a careful choice of techniques it is possible to achieve very high utility while maintaining strong levels of privacy.

Cryptography and Security,Machine Learning

Shuai Yuan,Hongwei Li,Xinyuan Qian,Wenbo Jiang,Guowen Xu

2024-09-28

Abstract:The expansive storage capacity and robust computational power of cloud servers have led to the widespread outsourcing of machine learning inference services to the cloud. While this practice offers significant operational benefits, it also poses substantial privacy risks, including the exposure of proprietary models and sensitive user data. In this paper, we introduce OnePath, a framework designed for secure and efficient decision tree inference in cloud environments. Unlike existing schemes that require traversing all internal nodes of a decision tree, our protocol securely identifies and processes only the nodes on the prediction path, maintaining data privacy under ciphertext throughout the inference process. This selective traversal enhances both security and efficiency. To further optimize privacy and performance, OnePath employs lightweight cryptographic techniques, such as functional encryption, during the online phase of secure inference. Notably, our protocol allows both providers and clients to perform secure inference without the need to remain online continuously, a critical advantage for real-world applications. We substantiate the security of our framework with formal proofs, demonstrating that OnePath robustly protects the privacy of decision tree classifiers and user data. Experimental results highlight the efficiency of our approach, with our scheme processing query data in mere microseconds on the tested dataset. Through OnePath, we provide a practical solution that balances the needs for security and efficiency in cloud-based decision tree inference, making it a promising option for a variety of applications.

Cryptography and Security

Jiaqi Zhao,Hui Zhu,Fengwei Wang,Rongxing Lu,Hui Li

DOI: https://doi.org/10.1016/j.ins.2023.119480

IF: 8.1

2023-08-12

Information Sciences

Abstract:Due to the excellent efficiency and high interpretability, coupled with the accuracy comparable to deep learning on tabular data, various tree-based models have been widely concerned and succeeded in many fields like medical diagnosis, credit evaluation, and fault detection. However, the model owner may face dilemmas such as compromised privacy and insufficient machine performance when providing tree-based inference services. Therefore, this paper proposes an efficient and privacy-preserving tree-based inference scheme, through which users can enjoy secure, high-accuracy, and transparent outsourcing inference services from one cloud. Specifically, by adopting additive homomorphic encryption as the underlying privacy-preserving technique, we design a suite of perturbation and recovery methods, processing cipher-based inference while masking the inference path. Meanwhile, without additional interactions, users can directly obtain high-accuracy results comparable to non-privacy inference, so the used privacy-preserving methods seem transparent to users. Moreover, through optimizing algorithm design and precalculating partial ciphertexts, the efficiency of our scheme is improved significantly. Formal security analysis demonstrates that our scheme achieves selective security under the honest-but-curious model. Extensive experimental evaluation shows the lossless accuracy, low complexity, and high efficiency of our scheme, which is practical to real-world scenes, especially for large-scale models.

computer science, information systems

Fuki Yamamoto,Seiichi Ozawa,Lihua Wang

DOI: https://doi.org/10.1109/access.2022.3169502

IF: 3.9

2022-01-01

IEEE Access

Abstract:Privacy protection has attracted increasing attention, and privacy concerns often prevent flexible data utilization. In most industries, data are distributed across multiple organizations due to privacy concerns. Federated learning (FL), which enables cross-organizational machine learning by communicating statistical information, is a state-of-the-art technology that is used to solve this problem. However, for gradient boosting decision tree (GBDT) in FL, balancing communication efficiency and security while maintaining sufficient accuracy remains an unresolved problem. In this paper, we propose an FL scheme for GBDT, i.e., efficient FL for GBDT (eFL-Boost), which minimizes accuracy loss, communication costs, and information leakage. The proposed scheme focuses on appropriate allocation of local computation (performed individually by each organization) and global computation (performed cooperatively by all organizations) when updating a model. It is known that tree structures incur high communication costs for global computation, whereas leaf weights do not require such costs and are expected to contribute relatively more to accuracy. Thus, in the proposed eFL-Boost, a tree structure is determined locally at one of the organizations, and leaf weights are calculated globally by aggregating the local gradients of all organizations. Specifically, eFL-Boost requires only three communications per update, and only statistical information that has low privacy risk is leaked to other organizations. Through performance evaluation on public data sets (ROC AUC, Log loss, and F1-score are used as metrics), the proposed eFL-Boost outperforms existing schemes that incur low communication costs and was comparable to a scheme that offers no privacy protection.

computer science, information systems,telecommunications,engineering, electrical & electronic

Kanthi Sarpatwar,Karthik Nandakumar,Nalini Ratha,James Rayfield,Karthikeyan Shanmugam,Sharath Pankanti,Roman Vaculin

DOI: https://doi.org/10.48550/arXiv.2103.03411

2021-03-05

Abstract:Data privacy concerns often prevent the use of cloud-based machine learning services for sensitive personal data. While homomorphic encryption (HE) offers a potential solution by enabling computations on encrypted data, the challenge is to obtain accurate machine learning models that work within the multiplicative depth constraints of a leveled HE scheme. Existing approaches for encrypted inference either make ad-hoc simplifications to a pre-trained model (e.g., replace hard comparisons in a decision tree with soft comparators) at the cost of accuracy or directly train a new depth-constrained model using the original training set. In this work, we propose a framework to transfer knowledge extracted by complex decision tree ensembles to shallow neural networks (referred to as DTNets) that are highly conducive to encrypted inference. Our approach minimizes the accuracy loss by searching for the best DTNet architecture that operates within the given depth constraints and training this DTNet using only synthetic data sampled from the training data distribution. Extensive experiments on real-world datasets demonstrate that these characteristics are critical in ensuring that DTNet accuracy approaches that of the original tree ensemble. Our system is highly scalable and can perform efficient inference on batched encrypted (134 bits of security) data with amortized time in milliseconds. This is approximately three orders of magnitude faster than the standard approach of applying soft comparison at the internal nodes of the ensemble trees.

Cryptography and Security,Artificial Intelligence,Machine Learning

Tianyi Li,Tongxin Li,Yu Ding,Yulong Zhang,Tao Wei,Xinhui Han

2019-01-01

Abstract:For data analysis services, the capability of preserving user privacy has become an eagerly demanded trait. However, most existing approaches are either unsound to close some major information leakage chanels or prohibitively expensive for practical deployment. We propose gbdt-rs , a secure and fast implementation of the gradient boosting decision tree algorithm, which is widely used in data mining and machine learning tasks. gbdt-rs is designed to fit traditional computing platforms as well as hardware-enforced trusted environments, i.e., Intel SGX secure enclaves. gbdt-rs is coded in the Rust programming language to exterminate memory errors, while its performance is barely sacrificed due to sophisticatedly optimized memory access patterns. Our experiments show that gbdt-rs can provide up to 10x speedup on inference tasks compared to XGBoost, a reputed C++ implementation of the same algorithm. In addition, gbdt-rs is highly auditable due to its relatively small code base.

Yifeng Zheng,Shuangqing Xu,Songlei Wang,Yansong Gao,Zhongyun Hua

2023-06-03

Abstract:Vertical federated learning (VFL) has recently emerged as an appealing distributed paradigm empowering multi-party collaboration for training high-quality models over vertically partitioned datasets. Gradient boosting has been popularly adopted in VFL, which builds an ensemble of weak learners (typically decision trees) to achieve promising prediction performance. Recently there have been growing interests in using decision table as an intriguing alternative weak learner in gradient boosting, due to its simpler structure, good interpretability, and promising performance. In the literature, there have been works on privacy-preserving VFL for gradient boosted decision trees, but no prior work has been devoted to the emerging case of decision tables. Training and inference on decision tables are different from that the case of generic decision trees, not to mention gradient boosting with decision tables in VFL. In light of this, we design, implement, and evaluate Privet, the first system framework enabling privacy-preserving VFL service for gradient boosted decision tables. Privet delicately builds on lightweight cryptography and allows an arbitrary number of participants holding vertically partitioned datasets to securely train gradient boosted decision tables. Extensive experiments over several real-world datasets and synthetic datasets demonstrate that Privet achieves promising performance, with utility comparable to plaintext centralized learning.

Cryptography and Security

Rasoul Akhavan Mahdavi,Haoyan Ni,Dimitry Linkov,Florian Kerschbaum

DOI: https://doi.org/10.48550/arXiv.2309.06496

2023-09-13

Abstract:As machine learning as a service continues gaining popularity, concerns about privacy and intellectual property arise. Users often hesitate to disclose their private information to obtain a service, while service providers aim to protect their proprietary models. Decision trees, a widely used machine learning model, are favoured for their simplicity, interpretability, and ease of training. In this context, Private Decision Tree Evaluation (PDTE) enables a server holding a private decision tree to provide predictions based on a client's private attributes. The protocol is such that the server learns nothing about the client's private attributes. Similarly, the client learns nothing about the server's model besides the prediction and some hyperparameters. In this paper, we propose two novel non-interactive PDTE protocols, XXCMP-PDTE and RCC-PDTE, based on two new non-interactive comparison protocols, XXCMP and RCC. Our evaluation of these comparison operators demonstrates that our proposed constructions can efficiently evaluate high-precision numbers. Specifically, RCC can compare 32-bit numbers in under 10 milliseconds. We assess our proposed PDTE protocols on decision trees trained over UCI datasets and compare our results with existing work in the field. Moreover, we evaluate synthetic decision trees to showcase scalability, revealing that RCC-PDTE can evaluate a decision tree with over 1000 nodes and 16 bits of precision in under 2 seconds. In contrast, the current state-of-the-art requires over 10 seconds to evaluate such a tree with only 11 bits of precision.

Cryptography and Security

Hanxiao Chen,Hongwei Li,Yingzhe Wang,Meng Hao,Guowen Xu,Tianwei Zhang

DOI: https://doi.org/10.1109/tifs.2022.3231784

IF: 7.231

2023-01-07

IEEE Transactions on Information Forensics and Security

Abstract:Privacy-preserving decision trees (DTs) in vertical federated learning are one of the most effective tools to facilitate various privacy-critical applications in reality. However, the main bottleneck of current solutions is their huge overhead, mainly due to the adoption of communication-heavy bit decomposition to realize complex non-linear operations, such as comparison and division. In this paper, we present PriVDT, an efficient two-party framework for private vertical DT training and inference in the offline/online paradigm. Specifically, we customize several cryptographic building blocks based on an advanced primitive, Function Secret Sharing (FSS). First, we construct an optimized comparison protocol to improve the efficiency via reducing the invocation of FSS evaluations. Second, we devise an efficient and privacy-enhanced division protocol without revealing the range of divisors, which utilizes the above comparison protocol and more importantly new designed FSS-based secure range and digital decomposition protocols. Besides, we further reduce the overhead of linear operations by employing lightweight pseudorandom function-based Beaver's triple techniques. Building on the above efficient components, we implement the PriVDT framework and evaluate it on 5 real-world datasets on both LAN and WAN. Experimental results show that the end-to-end runtime of PriVDT outperforms the prior art by on LAN and on WAN. Moreover, PriVDT provides comparable accuracy to the non-private setting.

computer science, theory & methods,engineering, electrical & electronic

Andrew Law,Chester Leung,Rishabh Poddar,Raluca Ada Popa,Chenyu Shi,Octavian Sima,Chaofan Yu,Xingmeng Zhang,Wenting Zheng

DOI: https://doi.org/10.48550/arXiv.2010.02524

2020-10-06

Abstract:In recent years, gradient boosted decision tree learning has proven to be an effective method of training robust models. Moreover, collaborative learning among multiple parties has the potential to greatly benefit all parties involved, but organizations have also encountered obstacles in sharing sensitive data due to business, regulatory, and liability concerns. We propose Secure XGBoost, a privacy-preserving system that enables multiparty training and inference of XGBoost models. Secure XGBoost protects the privacy of each party's data as well as the integrity of the computation with the help of hardware enclaves. Crucially, Secure XGBoost augments the security of the enclaves using novel data-oblivious algorithms that prevent access side-channel attacks on enclaves induced via access pattern leakage.

Cryptography and Security

Jie Xu,Wei Zhang,Fei Wang

DOI: https://doi.org/10.1109/tpami.2021.3107796

IF: 23.6

2021-01-01

IEEE Transactions on Pattern Analysis and Machine Intelligence

Abstract:As deep learning models are usually massive and complex, distributed learning is essential for increasing training efficiency. Moreover, in many real-world application scenarios like healthcare, distributed learning can also keep the data local and protect privacy. Recently, the asynchronous decentralized parallel stochastic gradient descent (ADPSGD) algorithm has been proposed and demonstrated to be an efficient and practical strategy where there is no central server, so that each computing node only communicates with its neighbors. Although no raw data will be transmitted across different local nodes, there is still a risk of information leak during the communication process for malicious participants to make attacks. In this paper, we present a differentially private version of asynchronous decentralized parallel SGD framework, or A(DP)(2)SGD for short, which maintains communication efficiency of ADPSGD and prevents the inference from malicious participants. Specifically, Renyi differential privacy is used to provide tighter privacy analysis for our composite Gaussian mechanisms while the convergence rate is consistent with the non-private version. Theoretical analysis shows A(DP)(2)SGD also converges at the optimal O(1/root T) rate as SGD. Empirically, A(DP)(2)SGD achieves comparable model accuracy as the differentially private version of Synchronous SGD (SSGD) but runs much faster than SSGD in heterogeneous computing environments.

Tao Fan,Weijing Chen,Guoqiang Ma,Yan Kang,Lixin Fan,Qiang Yang

2024-06-19

Abstract:Gradient boosting decision tree (GBDT) is an ensemble machine learning algorithm, which is widely used in industry, due to its good performance and easy interpretation. Due to the problem of data isolation and the requirement of privacy, many works try to use vertical federated learning to train machine learning models collaboratively with privacy guarantees between different data owners. SecureBoost is one of the most popular vertical federated learning algorithms for GBDT. However, in order to achieve privacy preservation, SecureBoost involves complex training procedures and time-consuming cryptography operations. This causes SecureBoost to be slow to train and does not scale to large scale data. In this work, we propose SecureBoost+, a large-scale and high-performance vertical federated gradient boosting decision tree framework. SecureBoost+ is secure in the semi-honest model, which is the same as SecureBoost. SecureBoost+ can be scaled up to tens of millions of data samples easily. SecureBoost+ achieves high performance through several novel optimizations for SecureBoost, including ciphertext operation optimization, the introduction of new training mechanisms, and multi-classification training optimization. The experimental results show that SecureBoost+ is 6-35x faster than SecureBoost, but with the same accuracy and can be scaled up to tens of millions of data samples and thousands of feature dimensions.

Machine Learning,Artificial Intelligence

Raghav Malik,Vidush Singhal,Benjamin Gottfried,Milind Kulkarni

DOI: https://doi.org/10.1145/3453483.3454094

2021-04-20

Abstract:As the demand for machine learning-based inference increases in tandem with concerns about privacy, there is a growing recognition of the need for secure machine learning, in which secret models can be used to classify private data without the model or data being leaked. Fully Homomorphic Encryption (FHE) allows arbitrary computation to be done over encrypted data, providing an attractive approach to providing such secure inference. While such computation is often orders of magnitude slower than its plaintext counterpart, the ability of FHE cryptosystems to do \emph{ciphertext packing} -- that is, encrypting an entire vector of plaintexts such that operations are evaluated elementwise on the vector -- helps ameliorate this overhead, effectively creating a SIMD architecture where computation can be vectorized for more efficient evaluation. Most recent research in this area has targeted regular, easily vectorizable neural network models. Applying similar techniques to irregular ML models such as decision forests remains unexplored, due to their complex, hard-to-vectorize structures. In this paper we present COPSE, the first system that exploits ciphertext packing to perform decision-forest inference. COPSE consists of a staging compiler that automatically restructures and compiles decision forest models down to a new set of vectorizable primitives for secure inference. We find that COPSE's compiled models outperform the state of the art across a range of decision forest models, often by more than an order of magnitude, while still scaling well.

Cryptography and Security,Programming Languages

Zhihua Tian,Rui Zhang,Xiaoyang Hou,Jian Liu,Kui Ren

DOI: https://doi.org/10.48550/arXiv.2011.02796

2022-12-21

Abstract:Federated Learning (FL) has been an emerging trend in machine learning and artificial intelligence. It allows multiple participants to collaboratively train a better global model and offers a privacy-aware paradigm for model training since it does not require participants to release their original training data. However, existing FL solutions for vertically partitioned data or decision trees require heavy cryptographic operations. In this paper, we propose a framework named FederBoost for private federated learning of gradient boosting decision trees (GBDT). It supports running GBDT over both vertically and horizontally partitioned data. Vertical FederBoost does not require any cryptographic operation and horizontal FederBoost only requires lightweight secure aggregation. The key observation is that the whole training process of GBDT relies on the ordering of the data instead of the values. We fully implement FederBoost and evaluate its utility and efficiency through extensive experiments performed on three public datasets. Our experimental results show that both vertical and horizontal FederBoost achieve the same level of accuracy with centralized training, where all data are collected in a central server; and they are 4-5 orders of magnitude faster than the state-of-the-art solutions for federated decision tree training; hence offering practical solutions for industrial application.

Cryptography and Security

Qifan Wang,Shujie Cui,Lei Zhou,Ye Dong,Jianli Bai,Yun Sing Koh,Giovanni Russello

2024-08-14

Abstract:Decision tree (DT) is a widely used machine learning model due to its versatility, speed, and interpretability. However, for privacy-sensitive applications, outsourcing DT training and inference to cloud platforms raise concerns about data privacy. Researchers have developed privacy-preserving approaches for DT training and inference using cryptographic primitives, such as Secure Multi-Party Computation (MPC). While these approaches have shown progress, they still suffer from heavy computation and communication overheads. Few recent works employ Graphical Processing Units (GPU) to improve the performance of MPC-protected deep learning. This raises a natural question: \textit{can MPC-protected DT training and inference be accelerated by GPU?} We present GTree, the first scheme that uses GPU to accelerate MPC-protected secure DT training and inference. GTree is built across 3 parties who securely and jointly perform each step of DT training and inference with GPU. Each MPC protocol in GTree is designed in a GPU-friendly version. The performance evaluation shows that GTree achieves ${\thicksim}11{\times}$ and ${\thicksim}21{\times}$ improvements in training SPECT and Adult datasets, compared to the prior most efficient CPU-based work. For inference, GTree shows its superior efficiency when the DT has less than 10 levels, which is $126\times$ faster than the prior most efficient work when inferring $10^4$ instances with a tree of 7 levels. GTree also achieves a stronger security guarantee than prior solutions, which only leaks the tree depth and size of data samples while prior solutions also leak the tree structure. With \textit{oblivious array access}, the access pattern on GPU is also protected.

Cryptography and Security