Qian Wang,Minxin Du,Xiuying Chen,Yanjiao Chen,Pan Zhou,Xiaofeng Chen,Xinyi Huang

DOI: https://doi.org/10.1109/tkde.2018.2819673

IF: 9.235

2018-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Nowadays, machine learning is becoming a new paradigm for mining hidden knowledge in big data. The collection and manipulation of big data not only create considerable values, but also raise serious privacy concerns. To protect the huge amount of potentially sensitive data, a straightforward approach is to encrypt data with specialized cryptographic tools. However, it is challenging to utilize or operate on encrypted data, especially to perform machine learning algorithms. In this paper, we investigate the problem of training high quality word vectors over large-scale encrypted data (from distributed data owners) with the privacy-preserving collaborative neural network learning algorithms. We leverage and also design a suite of arithmetic primitives (e.g., multiplication, fixed-point representation, sigmoid function computation, etc.) on encrypted data, served as components of our construction. We theoretically analyze the security and efficiency of our proposed construction, and conduct extensive experiments on representative real-world datasets to verify its practicality and effectiveness.

Yingting Liu,Chaochao Chen,Longfei Zheng,Li Wang,Jun Zhou,Guiquan Liu,Shuang Yang

DOI: https://doi.org/10.48550/arxiv.2002.02091

2020-01-01

Abstract:In this paper, we present a general multiparty modeling paradigm with PrivacyPreserving Principal Component Analysis (PPPCA) for horizontally partitioneddata. PPPCA can accomplish multiparty cooperative execution of PCA under thepremise of keeping plaintext data locally. We also propose implementationsusing two techniques, i.e., homomorphic encryption and secret sharing. Theoutput of PPPCA can be sent directly to data consumer to build any machinelearning models. We conduct experiments on three UCI benchmark datasets and areal-world fraud detection dataset. Results show that the accuracy of the modelbuilt upon PPPCA is the same as the model with PCA that is built based oncentralized plaintext data.

Chen Chaochao,Li Liang,Fang Wenjing,Zhou Jun,Wang Li,Wang Lei,Yang Shuang,Liu Alex,Wang Hao

2020-01-01

Abstract: Nowadays, the utilization of the ever expanding amount of data has made a huge impact on web technologies while also causing various types of security concerns. On one hand, potential gains are highly anticipated if different organizations could somehow collaboratively share their data for technological improvements. On the other hand, data security concerns may arise for both data holders and data providers due to commercial or sociological concerns. To make a balance between technical improvements and security limitations, we implement secure and scalable protocols for multiple data holders to train linear regression and logistic regression models. We build our protocols based on the secret sharing scheme, which is scalable and efficient in applications. Moreover, our proposed paradigm can be generalized to any secure multiparty training scenarios where only matrix summation and matrix multiplications are used. We demonstrate our approach by experiments which shows the scalability and efficiency of our proposed protocols, and finally present its real-world applications.

Meng Shen,Jie Zhang,Liehuang Zhu,Ke Xu,Xiangyun Tang

DOI: https://doi.org/10.1109/tvt.2019.2957425

IF: 6.8

2020-01-01

IEEE Transactions on Vehicular Technology

Abstract:Machine learning (ML) techniques are expected to be used for specific applications in Vehicular Social Networks (VSNs). Support vector machine (SVM) is one of the typical ML methods and widely used for its high efficiency. Due to the limitation of data sources, the data collected by different entities usually contain attributes that are quite different. However, in some real-world scenarios, when training an SVM classifier, many entities face the same problem that they are lacking in data with adequate attributes. Thus multiple entities are required to share data to combine a dataset with diverse attributes and then jointly train a comprehensive classifier. However, data privacy concerns are raised because of data sharing. To sovle the problem, we propose a privacy-preserving SVM classifier training scheme over vertically-partitioned datasets posessed by multiple data providers. In our scheme, we utilize consortium blockchain and threshold homomorphic cryptosystem to establish a secure SVM classifier training platform without a trusted third-party. We keep lots of training operations locally over original data and necessary interactions between participants are protected by the threshold Paillier and consortium blockchain. Security analysis proves that our scheme can preserve the privacy of the original data and the training intermediate values. Extensive experiments indicate that our scheme has high efficiency and no accuracy loss.

Huajie Chen,Ali Burak Ünal,Mete Akgün,Nico Pfeifer

DOI: https://doi.org/10.1145/3375708.3380316

2020-03-12

Abstract:Machine learning methods are employed in many areas, such as medical data research, for their efficient and powerful data mining ability. However, submitting unprotected data to a third party, which attempts to train a machine learning model, may suffer from data leakage and privacy violation when the third party is compromised by an adversary. Hence, designing a protocol to execute encrypted computation is inevitably indispensable. In order to address this problem, we propose protocols based on secure multi-party computation to train a support vector machine model privately. Utilizing the semi-honest adversary model and oblivious transfer, the proposed protocols enable the training of a non-linear support vector machine on the combined data from various sources without sacrificing the privacy of individuals. The protocols are applied to train a support vector machine model with the radial basis function kernel on HIV sequence data to predict the efficacy of a certain antiviral drug, which only works if the viruses can only use the human CCR5 coreceptor for cell entry. Benchmarked on synthesized data with 10 data sources that consist of randomly generated integers, containing 100 labeled samples each, the protocol has consumed online time 2991.386/166.912 ms on average in arithmetic/boolean circuits, respectively. The cross-validation has reached 0.5819 F1-score on average on training data with the optimized parameters, which have reached 0.7058 F1-score afterwards on testing data set, which consists of protein sequence of CCR5 and its subtypes. The complete training and testing process on the real data, which contains in total 766 samples having 924 features after encoding, has consumed 43.75/15.84 seconds on average using arithmetic/boolean circuits, respectively, which shows the effectiveness and efficiency of our protocols compared to some of the existing studies in the literature.

Saerom Park,Junyoung Byun,Joohee Lee

DOI: https://doi.org/10.1145/3485447.3512252

2022-04-25

Abstract:Fair learning has received a lot of attention in recent years since machine learning models can be unfair in automated decision-making systems with respect to sensitive attributes such as gender, race, etc. However, to mitigate the discrimination on the sensitive attributes and train a fair model, most fair learning methods have required to get access to the sensitive attributes in training or validation phases. In this study, we propose a privacy-preserving training algorithm for a fair support vector machine classifier based on Homomorphic Encryption (HE), where the privacy of both sensitive information and model secrecy can be preserved. The expensive computational costs of HE can be significantly improved by protecting only the sensitive information, introducing refined formulation and low-rank approximation using shared eigenvectors. Through experiments on the synthetic and real-world data, we demonstrate the effectiveness of our algorithm in terms of accuracy and fairness and show that our method significantly outperforms other privacy-preserving solutions in terms of better trade-offs between accuracy and fairness. To the best of our knowledge, our algorithm is the first privacy-preserving fair learning algorithm using HE.

Payman Mohassel,Yupeng Zhang

DOI: https://doi.org/10.1109/sp.2017.12

2017-05-01

Abstract:Machine learning is widely used in practice to produce predictive models for applications such as image processing, speech and text recognition. These models are more accurate when trained on large amount of data collected from different sources. However, the massive data collection raises privacy concerns. In this paper, we present new and efficient protocols for privacy preserving machine learning for linear regression, logistic regression and neural network training using the stochastic gradient descent method. Our protocols fall in the two-server model where data owners distribute their private data among two non-colluding servers who train various models on the joint data using secure two-party computation (2PC). We develop new techniques to support secure arithmetic operations on shared decimal numbers, and propose MPC-friendly alternatives to nonlinear functions such as sigmoid and softmax that are superior to prior work. We implement our system in C++. Our experiments validate that our protocols are several orders of magnitude faster than the state of the art implementations for privacy preserving linear and logistic regressions, and scale to millions of data samples with thousands of features. We also implement the first privacy preserving system for training neural networks.

Hai Huang,Yongjian Wang,Haoran Zong

DOI: https://doi.org/10.1007/s10489-021-02727-2

IF: 5.3

2021-08-25

Applied Intelligence

Abstract:Support vector machine is one of the most extensively used machine learning algorithms. A typical application scenario of support vector machine classification is the client-server model where a client holding an image requests a server holding a support vector machine model to provide image classification services. However, applying support vector machine in the client-server model requires careful attention to maintain data privacy. In this paper, we will propose a privacy-preserving support vector machine classification scheme based on fully homomorphic encryption. Our scheme guarantees that the server cannot learn the user's image while providing classification service and the client eventually obtains the classification result without learning about the support vector machine model. We introduce several novel techniques to optimize our proposal. Specifically, we use the single instruction multiple data techniques to accelerate the linear component and the approximate method to compute the non-linear component. Our scheme significantly improves computational and communication performance compared to the state-of-the-art work. Experimental results show that our scheme takes only seconds to classify an encrypted image while the state-of-the-art work takes several hundred seconds.

computer science, artificial intelligence

Runze Wu,Baocang Wang,Zhen Zhao

DOI: https://doi.org/10.1007/s12083-024-01743-6

IF: 3.488

2024-06-16

Peer-to-Peer Networking and Applications

Abstract:The progress of machine learning has revealed its immense potential in emerging medical diagnosis application. This application enables medical users to access diagnosis service that utilizes machine learning models held by service providers. However, the protection of user data and models has emerged as a significant concern, leading to the proposal of numerous privacy-preserving medical diagnosis schemes. Unfortunately, many of these schemes rely on heavy cryptographic primitives like homomorphic encryption, resulting in lengthy diagnosis processes. To address this issue, we present a novel privacy-preserving medical diagnosis scheme that leverages Gaussian kernel-based support vector machine and employs the use of a lightweight primitive known as additive secret sharing. We design protocols for secure decision function computation and secure sign function computation, solving both two-class and multi-class medical diagnosis problems. Furthermore, our solution is generic and applicable to various scenarios that involve the Gaussian kernel-based support vector machine. To validate our scheme, we conduct evaluations on six real medical datasets. And the results demonstrate that our privacy-preserving medical diagnosis approach yields more accurate and efficient outcomes. Specifically, it achieves an accuracy of 99.09% on the dermatology dataset, surpassing the existing schemes using linear support vector machine. In addition, it takes 133ms on the breast cancer dataset, which is significantly faster than the schemes based on homomorphic encryption.

computer science, information systems,telecommunications

Ziyuan Liang,Qi'ao Jin,Zhiyong Wang,Zhaohui Chen,Zhen Gu,Yanheng Lu,Fan Zhang

DOI: https://doi.org/10.46586/tches.v2024.i2.819-843

2024-01-01

Abstract:Secure multi-party computation and homomorphic encryption are two primary security primitives in privacy-preserving machine learning, whose wide adoption is, nevertheless, constrained by the computation and network communication overheads. This paper proposes a hybrid Secret-sharing and Homomorphic encryption Architecture for Privacy-pERsevering machine learning (SHAPER). SHAPER protects sensitive data in encrypted or randomly shared domains instead of relying on a trusted third party. The proposed algorithm-protocol-hardware co-design methodology explores techniques such as plaintext Single Instruction Multiple Data (SIMD) and fine-grained scheduling, to minimize end-to-end latency in various network settings. SHAPER also supports secure domain computing acceleration and the conversion between mainstream privacy-preserving primitives, making it ready for general and distinctive data characteristics. SHAPER is evaluated by FPGA prototyping with a comprehensive hyper-parameter exploration, demonstrating a 94x speed-up over CPU clusters on large-scale logistic regression training tasks.

Taeho Jung,Xufei Mao,Xiang-Yang Li,Shao-Jie Tang,Wei Gong,Lan Zhang

DOI: https://doi.org/10.1109/infcom.2013.6567071

2013-01-01

Abstract:Much research has been conducted to securely outsource multiple parties' data aggregation to an untrusted aggregator without disclosing each individual's privately owned data, or to enable multiple parties to jointly aggregate their data while preserving privacy. However, those works either require secure pair-wise communication channels or suffer from high complexity. In this paper, we consider how an external aggregator or multiple parties can learn some algebraic statistics (e.g., sum, product) over participants' privately owned data while preserving the data privacy. We assume all channels are subject to eavesdropping attacks, and all the communications throughout the aggregation are open to others. We propose several protocols that successfully guarantee data privacy under this weak assumption while limiting both the communication and computation complexity of each participant to a small constant.

Chenfei Hu,Chuan Zhang,Dian Lei,Tong Wu,Ximeng Liu,Liehuang Zhu

DOI: https://doi.org/10.1109/TIFS.2023.3283104

2023-01-01

Abstract:With the proliferation of machine learning, the cloud server has been employed to collect massive data and train machine learning models. Several privacy-preserving machine learning schemes have been suggested recently to guarantee data and model privacy in the cloud. However, these schemes either mandate the involvement of the data owner in model training or utilize high-cost cryptographic techniques, resulting in excessive computational and communication overheads. Furthermore, none of the existing work considers the malicious behavior of the cloud server during model training. In this paper, we propose the first privacy-preserving and verifiable support vector machine training scheme by employing a two-cloud platform. Specifically, based on the homomorphic verification tag, we design a verification mechanism to enable verifiable machine learning training. Meanwhile, to improve the efficiency of model training, we combine homomorphic encryption and data perturbation to design an efficient multiplication operation for the encryption domain. A rigorous theoretical analysis demonstrates the security and reliability of our scheme. The experimental results indicate that our scheme can reduce computational and communication overheads by at least 43.94% and 99.58%, respectively, compared to state-of-the-art SVM training methods.

Zhaosen Shi,Zeyu Yang,Alzubair Hassan,Fagen Li,Xuyang Ding

DOI: https://doi.org/10.1007/s11235-022-00982-3

2022-12-09

Telecommunication Systems

Abstract:The performance of machine learning models largely depends on the amount of data. However, with the improvement of privacy awareness, data sharing has become more and more difficult. Federated learning provides a solution for joint machine learning, which alleviates this difficulty. Although it works by sharing parameters instead of data, privacy threats like inference attacks still exist owing to the exposed parameters or updates. In this paper, we propose a privacy preserving scheme for federated learning by combining the homomorphism of both secret sharing and encryption. Our scheme ensures the confidentiality of local parameters and tolerates collusion threats under a certain range. Our scheme also tolerates dropping of some clients, performs aggregation without sharing keys and has simple interaction process. Meantime, we use the automatic protocol tool ProVerif to verify its cryptographic functionality, analyze its theoretical complexity and compare them with similar schemes. We verify our scheme by experiment to show that it has less running time compared with some schemes.

telecommunications

Lie He,Sai Praneeth Karimireddy,Martin Jaggi

DOI: https://doi.org/10.48550/arXiv.2006.04747

2020-10-19

Abstract:Increasingly machine learning systems are being deployed to edge servers and devices (e.g. mobile phones) and trained in a collaborative manner. Such distributed/federated/decentralized training raises a number of concerns about the robustness, privacy, and security of the procedure. While extensive work has been done in tackling with robustness, privacy, or security individually, their combination has rarely been studied. In this paper, we propose a secure two-server protocol that offers both input privacy and Byzantine-robustness. In addition, this protocol is communication-efficient, fault-tolerant and enjoys local differential privacy.

Machine Learning,Cryptography and Security

Xiaopeng Yu,Wei Zhao,Dianhua Tang,Kai Liang

DOI: https://doi.org/10.1155/2022/5094830

IF: 1.968

2022-10-14

Security and Communication Networks

Abstract:Collaborative learning is an emerging distributed learning paradigm, which enables multiple parties to jointly train a shared machine learning (ML) model without causing the disclosure of the raw data of each party. As one of the fundamental collaborative learning algorithms, privacy-preserving collaborative logistic regression has recently gained attention from industry and academia, which utilizes cryptographic techniques to securely train joint logistic regression models across data from multiple parties. However, existing schemes have high communication and computational overhead, lose the ability to deal with high-dimensional sparse samples, cut down the accuracy of the model, or exist the risk of leaking private information. To overcome these issues, considering vertically distributed data, we propose a privacy-preserving vertical collaborative logistic regression ( P 2 VCLR) based on approximate homomorphic encryption (HE), which enables two parties to jointly train a shared model without a trusted third-party coordinator. Our scheme utilizes batching method in approximate HE to encrypt multiple data into a single ciphertext and enable a parallel processing through single instruction multiple data (SIMD) manner. We evaluate our scheme by using three publicly available datasets, the experimental results indicate that our scheme outperforms existing schemes in terms of training time and model performance.

computer science, information systems,telecommunications

Kaihe Xu,Hao Yue,Linke Guo,Yuanxiong Guo,Yuguang Fang

DOI: https://doi.org/10.1109/icdcs.2015.40

2015-06-01

Abstract:Machine learning has played an increasing important role in big data systems due to its capability of efficiently discovering valuable knowledge and hidden information. Often times big data such as healthcare systems or financial systems may involve with multiple organizations who may have different privacy policy, and may not explicitly share their data publicly while joint data processing may be a must. Thus, how to share big data among distributed data processing entities while mitigating privacy concerns becomes a challenging problem. Traditional methods rely on cryptographic tools and/or randomization to preserve privacy. Unfortunately, this alone may be inadequate for the emerging big data systems because they are mainly designed for traditional small-scale data sets. In this paper, we propose a novel framework to achieve privacy-preserving machine learning where the training data are distributed and each shared data portion is of large volume. Specifically, we utilize the data locality property of Apache Hadoop architecture and only a limited number of cryptographic operations at the Reduce() procedures to achieve privacy-preservation. We show that the proposed scheme is secure in the semi-honest model and use extensive simulations to demonstrate its scalability and correctness.

Fei Zheng,Chaochao Chen,Xiaolin Zheng,Mingjie Zhu

DOI: https://doi.org/10.1016/j.knosys.2022.108609

IF: 8.139

2022-01-01

Knowledge-Based Systems

Abstract:With the increasing demand for privacy protection, privacy-preserving machine learning has been drawing much attention from both academia and industry. However, most existing methods have their limitations in practical applications. On the one hand, although most cryptographic methods are provable secure, they bring heavy computation and communication. On the other hand, the security of many relatively efficient privacy-preserving techniques (e.g., federated learning and split learning) is being questioned, since they are non-provable secure. Inspired by previous work on privacy-preserving machine learning, we build a privacy-preserving machine learning framework by combining random permutation and arithmetic secret sharing via our compute-after-permutation technique. Our method is more efficient than existing cryptographic methods, since it can reduce the cost of element-wise function computation. Moreover, by adopting distance correlation as a metric for evaluating privacy leakage, we demonstrate that our method is more secure than previous non-provable secure methods. Overall, our proposal achieves a good balance between security and efficiency. Experimental results show that our method not only is up to 5 × faster and reduces up to 80% network traffic compared with state-of-the-art cryptographic methods, but also leaks less privacy during the training process compared with non-provable secure methods.

Qianjun Wei,Qiang Li,Zhipeng Zhou,ZhengQiang Ge,Yonggang Zhang

DOI: https://doi.org/10.1007/s12083-020-01017-x

2020-11-03

Abstract:The full application of machine learning has caused plenty of problems with privacy-preserving. Especially in multi-party machine learning, private data is often exposed in the aggregation,transmission, and communication phase, which leads to the problem of private data leakage. Existing works use secure multi-party computing (SMPC) or secret-sharing technology to ensure the privacy-preserving of multi-party machine learning. Nevertheless, it brings enormous cost and feasibility drawbacks. The partition method of datasets is one of the most critical factors affecting the performance of machine learning. Vertically partitioned data has the problems of incomplete feature information held by a single participant and complicated training process. Therefore, it has to be tackled urgently that how to efficiently and safely complete the multi-party training using vertically partitioned datasets. Moreover, training logistic regression models efficiently is one of the directions worth working on. In this paper, we propose a protocol using that can complete the logistic regression modeling of vertically partitioned data by asynchronous gradient sharing. At the same time, we use an efficient homomorphic encryption method to protect private data. The experiments show that our protocol can reduce the training time in the case of a small impact on the output results, and speedup can be over 10x. Meanwhile, it will ensure the security of the vertically partitioned dataset.

computer science, information systems,telecommunications

Yuandong Xie,Jingcheng Zhao,Bin Zhu,Jian Li,Ruidong Li,Kaiping Xue

DOI: https://doi.org/10.1109/globecom54140.2023.10437212

2023-01-01

Abstract:Cloud-based Support Vector Machine (SVM) is a powerful technique for decision-assistance service. However, training data and models of SVM contain sensitive information, outsourcing these data to clouds may lead to severe privacy leakage. To address the privacy issue of SVM, many works focus on outsourced privacy-preserving SVM training. However, these works cannot support training SVM with non-linear kernel. This limitation renders these methods impractical for real-world scenarios where datasets are usually non-linear. In this paper, we propose a privacy-preserving SVM training scheme with support to non-linear kernel. Specifically, we redesign a gradient descent for SVM with kernel, which supports efficient kernel SVM training. We design basic computation protocols using secret sharing to achieve privacy preservation in outsourced SVM training. Additionally, we construct an incremental learning approach to support continuous data inflow. This approach is capable of reducing computational overhead significantly in practical scenario. Security analysis and efficiency evaluation illustrate that our proposed scheme achieves superior accuracy and less computation overhead compared to existing works, while also preserving privacy of training data and trained SVM model.

Jing Liu,Jamie Cui,Cen Chen

DOI: https://doi.org/10.1145/3583780.3614998

2023-09-18

Abstract:Logistic regression is an algorithm widely used for binary classification in various real-world applications such as fraud detection, medical diagnosis, and recommendation systems. However, training a logistic regression model with data from different parties raises privacy concerns. Secure Multi-Party Computation (MPC) is a cryptographic tool that allows multiple parties to train a logistic regression model jointly without compromising privacy. The efficiency of the online training phase becomes crucial when dealing with large-scale data in practice. In this paper, we propose an online efficient protocol for privacy-preserving logistic regression based on Function Secret Sharing (FSS). Our protocols are designed in the two non-colluding servers setting and assume the existence of a third-party dealer who only poses correlated randomness to the computing parties. During the online phase, two servers jointly train a logistic regression model on their private data by utilizing pre-generated correlated randomness. Furthermore, we propose accurate and MPC-friendly alternatives to the sigmoid function and encapsulate the logistic regression training process into a function secret sharing gate. The online communication overhead significantly decreases compared with the traditional secure logistic regression training based on secret sharing. We provide both theoretical and experimental analyses to demonstrate the efficiency and effectiveness of our method.

Cryptography and Security