Ziyuan Liang,Qi'ao Jin,Zhiyong Wang,Zhaohui Chen,Zhen Gu,Yanheng Lu,Fan Zhang

DOI: https://doi.org/10.46586/tches.v2024.i2.819-843

2024-01-01

Abstract:Secure multi-party computation and homomorphic encryption are two primary security primitives in privacy-preserving machine learning, whose wide adoption is, nevertheless, constrained by the computation and network communication overheads. This paper proposes a hybrid Secret-sharing and Homomorphic encryption Architecture for Privacy-pERsevering machine learning (SHAPER). SHAPER protects sensitive data in encrypted or randomly shared domains instead of relying on a trusted third party. The proposed algorithm-protocol-hardware co-design methodology explores techniques such as plaintext Single Instruction Multiple Data (SIMD) and fine-grained scheduling, to minimize end-to-end latency in various network settings. SHAPER also supports secure domain computing acceleration and the conversion between mainstream privacy-preserving primitives, making it ready for general and distinctive data characteristics. SHAPER is evaluated by FPGA prototyping with a comprehensive hyper-parameter exploration, demonstrating a 94x speed-up over CPU clusters on large-scale logistic regression training tasks.

Fei Zheng

2020-01-01

Abstract:With the increasing demands for privacy protection, many privacy-preserving machine learning systems were proposed in recent years. However, most of them cannot be put into production due to their slow training and inference speed caused by the heavy cost of homomorphic encryption and secure multiparty computation(MPC) methods. To circumvent this, I proposed a privacy definition which is suitable for large amount of data in machine learning tasks. Based on that, I showed that random transformations like linear transformation and random permutation can well protect privacy. Merging random transformations and arithmetic sharing together, I designed a framework for private machine learning with high efficiency and low computation cost.

Zhaosen Shi,Zeyu Yang,Alzubair Hassan,Fagen Li,Xuyang Ding

DOI: https://doi.org/10.1007/s11235-022-00982-3

2022-12-09

Telecommunication Systems

Abstract:The performance of machine learning models largely depends on the amount of data. However, with the improvement of privacy awareness, data sharing has become more and more difficult. Federated learning provides a solution for joint machine learning, which alleviates this difficulty. Although it works by sharing parameters instead of data, privacy threats like inference attacks still exist owing to the exposed parameters or updates. In this paper, we propose a privacy preserving scheme for federated learning by combining the homomorphism of both secret sharing and encryption. Our scheme ensures the confidentiality of local parameters and tolerates collusion threats under a certain range. Our scheme also tolerates dropping of some clients, performs aggregation without sharing keys and has simple interaction process. Meantime, we use the automatic protocol tool ProVerif to verify its cryptographic functionality, analyze its theoretical complexity and compare them with similar schemes. We verify our scheme by experiment to show that it has less running time compared with some schemes.

telecommunications

Payman Mohassel,Yupeng Zhang

DOI: https://doi.org/10.1109/sp.2017.12

2017-05-01

Abstract:Machine learning is widely used in practice to produce predictive models for applications such as image processing, speech and text recognition. These models are more accurate when trained on large amount of data collected from different sources. However, the massive data collection raises privacy concerns. In this paper, we present new and efficient protocols for privacy preserving machine learning for linear regression, logistic regression and neural network training using the stochastic gradient descent method. Our protocols fall in the two-server model where data owners distribute their private data among two non-colluding servers who train various models on the joint data using secure two-party computation (2PC). We develop new techniques to support secure arithmetic operations on shared decimal numbers, and propose MPC-friendly alternatives to nonlinear functions such as sigmoid and softmax that are superior to prior work. We implement our system in C++. Our experiments validate that our protocols are several orders of magnitude faster than the state of the art implementations for privacy preserving linear and logistic regressions, and scale to millions of data samples with thousands of features. We also implement the first privacy preserving system for training neural networks.

Kaihe Xu,Hao Yue,Linke Guo,Yuanxiong Guo,Yuguang Fang

DOI: https://doi.org/10.1109/icdcs.2015.40

2015-06-01

Abstract:Machine learning has played an increasing important role in big data systems due to its capability of efficiently discovering valuable knowledge and hidden information. Often times big data such as healthcare systems or financial systems may involve with multiple organizations who may have different privacy policy, and may not explicitly share their data publicly while joint data processing may be a must. Thus, how to share big data among distributed data processing entities while mitigating privacy concerns becomes a challenging problem. Traditional methods rely on cryptographic tools and/or randomization to preserve privacy. Unfortunately, this alone may be inadequate for the emerging big data systems because they are mainly designed for traditional small-scale data sets. In this paper, we propose a novel framework to achieve privacy-preserving machine learning where the training data are distributed and each shared data portion is of large volume. Specifically, we utilize the data locality property of Apache Hadoop architecture and only a limited number of cryptographic operations at the Reduce() procedures to achieve privacy-preservation. We show that the proposed scheme is secure in the semi-honest model and use extensive simulations to demonstrate its scalability and correctness.

Hongyang Yan,Li Hu,Xiaoyu Xiang,Zheli Liu,Xu Yuan

DOI: https://doi.org/10.1016/j.ins.2020.09.064

IF: 8.1

2021-02-01

Information Sciences

Abstract:<p>Collaborative learning and related techniques such as federated learning, allow multiple clients to train a model jointly while keeping their datasets at local. <em>Secure Aggregation</em> in most existing works focus on protecting model gradients from the server. However, an dishonest user could still easily get the privacy information from the other users. It remains a challenge to propose an effective solution to prevent information leakage against dishonest users.</p><p>To tackle this challenge, we propose a novel and effective privacy-preserving collaborative machine learning scheme, targeting at preventing information leakage agains adversaries. Specifically, we first propose a privacy-preserving network transformation method by utilizing Random-Permutation in Software Guard Extensions(SGX), which protects the model parameters from being inferred by a curious server and dishonest clients. Then, we apply Partial-Random Uploading mechanism to mitigate the information inference through visualizations. To further enhance the efficiency, we introduce network pruning operation and employ it to accelerate the convergence of training. We present the formal security analysis to demonstrate that our proposed scheme can preserve privacy while ensuring the convergence and accuracy of secure aggregation. We conduct experiments to show the performance of our solution in terms of accuracy and efficiency. The experimental results show that the proposed scheme is practical.</p>

computer science, information systems

Cong Shen,Wei Zhang,Tanping Zhou,Lingling Zhang

DOI: https://doi.org/10.3390/math12131993

IF: 2.4

2024-06-28

Mathematics

Abstract:Although federated learning is gaining prevalence in smart sensor networks, substantial risks to data privacy and security persist. An improper application of federated learning techniques can lead to critical privacy breaches. Practical and effective privacy-enhanced federated learning (PEPFL) is a widely used federated learning framework characterized by low communication overhead and efficient encryption and decryption processes. Initially, our analysis scrutinized security vulnerabilities within the PEPFL framework and identified an effective attack strategy. This strategy enables the server to derive private keys from content uploaded by participants, achieving a 100% success rate in extracting participants' private information. Moreover, when the number of participants does not exceed 300, the attack time does not surpass 3.72 s. Secondly, this paper proposes a federated learning model that integrates homomorphic encryption and secret sharing. By using secret sharing among participants instead of secure multi-party computation, the amount of effective information available to servers is reduced, thereby effectively preventing servers from inferring participants' private gradients. Finally, the scheme was validated through experiments, and it was found to significantly reduce the inherent collusion risks unique to the federated learning scenario. Moreover, even if some participants are unavailable, the reconstructable nature of secret sharing ensures that the decryption process can continue uninterrupted, allowing the remaining users to proceed with further training. Importantly, our proposed scheme exerts a negligible impact on the accuracy of model training.

mathematics

Yuqi Zhang,Xiangyang Li,Qingcai Luo,Yang Wang,Yanzhao Shen

DOI: https://doi.org/10.1145/3625343.3625344

2023-01-01

Abstract:In recent years, Federal Learning has received much attention becourse it can train models by updating gradients without contacting users’ true data. However, adversaries also can track users’ privacy from the shared gradient. In this paper, we aim to solve three major issues during the process of federated learning: 1) how to protect users’ privacy during training; 2) How to verify the correctness of the aggregation results returned from the server; 3) How to reduce communication costs while ensuring training security. So we propose a verifiable aggregation scheme that can effectively verify the results of server aggregation. Specifically, we follow the classic double mask aggregation scheme, and use Paillier homomorphic encryption algorithm to implement the message authentication code with additive homomorphic property. Users can compare their local codes with server’s aggregation results to verify the correctness of the aggregation results and improve model’s accuracy. In our framework, we adopt a Top-k gradient selection scheme to reduce models’ communication and computing overhead. Experimental results indicate that our training framework is feasible and efficient.

Tianpei Lu,Bingsheng Zhang,Lichun Li,Kui Ren

2024-11-14

Abstract:With the increasing emphasis on privacy regulations, such as GDPR, protecting individual privacy and ensuring compliance have become critical concerns for both individuals and organizations. Privacy-preserving machine learning (PPML) is an innovative approach that allows for secure data analysis while safeguarding sensitive information. It enables organizations to extract valuable insights from data without compromising privacy. Secure multi-party computation (MPC) is a key tool in PPML, as it allows multiple parties to jointly compute functions without revealing their private inputs, making it essential in multi-server environments. We address the performance overhead of existing maliciously secure protocols, particularly in finite rings like $\mathbb{Z}_{2^\ell}$, by introducing an efficient protocol for secure linear function evaluation. We implement our maliciously secure MPC protocol on GPUs, significantly improving its efficiency and scalability. We extend the protocol to handle linear and non-linear layers, ensuring compatibility with a wide range of machine-learning models. Finally, we comprehensively evaluate machine learning models by integrating our protocol into the workflow, enabling secure and efficient inference across simple and complex models, such as convolutional neural networks (CNNs).

Cryptography and Security

Zhengqiang Ge,Zhipeng Zhou,Dong Guo,Qiang Li

DOI: https://doi.org/10.48550/arXiv.2104.04709

2021-04-10

Cryptography and Security

Abstract:Neural networks, with the capability to provide efficient predictive models, have been widely used in medical, financial, and other fields, bringing great convenience to our lives. However, the high accuracy of the model requires a large amount of data from multiple parties, raising public concerns about privacy. Privacy-preserving neural network based on multi-party computation is one of the current methods used to provide model training and inference under the premise of solving data privacy. In this study, we propose a new two-party privacy-preserving neural network training and inference framework in which privacy data is distributed to two non-colluding servers. We construct a preprocessing protocol for mask generation, support and realize secret sharing comparison on 2PC, and propose a new method to further reduce the communication rounds. Based on the comparison protocol, we construct building blocks such as division and exponential, and realize the process of training and inference that no longer needs to convert between different types of secret sharings and is entirely based on arithmetic secret sharing. Compared with the previous works, our work obtains higher accuracy, which is very close to that of plaintext training. While the accuracy has been improved, the runtime is reduced, considering the online phase, our work is 5x faster than SecureML, 4.32-5.75x faster than SecureNN, and is very close to the current optimal 3PC implementation, FALCON. For secure inference, as far as known knowledge is concerned, we should be the current optimal 2PC implementation, which is 4-358x faster than other works.

Runhua Xu,Nathalie Baracaldo,Yi Zhou,Ali Anwar,Heiko Ludwig

DOI: https://doi.org/10.1145/3338501.3357371

2019-12-12

Abstract:Federated learning has emerged as a promising approach for collaborative and privacy-preserving learning. Participants in a federated learning process cooperatively train a model by exchanging model parameters instead of the actual training data, which they might want to keep private. However, parameter interaction and the resulting model still might disclose information about the training data used. To address these privacy concerns, several approaches have been proposed based on differential privacy and secure multiparty computation (SMC), among others. They often result in large communication overhead and slow training time. In this paper, we propose HybridAlpha, an approach for privacy-preserving federated learning employing an SMC protocol based on functional encryption. This protocol is simple, efficient and resilient to participants dropping out. We evaluate our approach regarding the training time and data volume exchanged using a federated learning process to train a CNN on the MNIST data set. Evaluation against existing crypto-based SMC solutions shows that HybridAlpha can reduce the training time by 68% and data transfer volume by 92% on average while providing the same model performance and privacy guarantees as the existing solutions.

Cryptography and Security,Machine Learning

Guowen Xu,Guanlin Li,Shangwei Guo,Tianwei Zhang,Hongwei Li

DOI: https://doi.org/10.48550/arXiv.2207.04604

2022-07-11

Abstract:Decentralized deep learning plays a key role in collaborative model training due to its attractive properties, including tolerating high network latency and less prone to single-point failures. Unfortunately, such a training mode is more vulnerable to data privacy leaks compared to other distributed training frameworks. Existing efforts exclusively use differential privacy as the cornerstone to alleviate the data privacy threat. However, it is still not clear whether differential privacy can provide a satisfactory utility-privacy trade-off for model training, due to its inherent contradictions. To address this problem, we propose D-MHE, the first secure and efficient decentralized training framework with lossless precision. Inspired by the latest developments in the homomorphic encryption technology, we design a multiparty version of Brakerski-Fan-Vercauteren (BFV), one of the most advanced cryptosystems, and use it to implement private gradient updates of users'local models. D-MHE can reduce the communication complexity of general Secure Multiparty Computation (MPC) tasks from quadratic to linear in the number of users, making it very suitable and scalable for large-scale decentralized learning systems. Moreover, D-MHE provides strict semantic security protection even if the majority of users are dishonest with collusion. We conduct extensive experiments on MNIST and CIFAR-10 datasets to demonstrate the superiority of D-MHE in terms of model accuracy, computation and communication cost compared with existing schemes.

Cryptography and Security

Ziyao Liu,Jiale Guo,Kwok-Yan Lam,Jun Zhao

DOI: https://doi.org/10.48550/arXiv.2203.17044

2022-03-31

Cryptography and Security

Abstract:With the increasing adoption of data-hungry machine learning algorithms, personal data privacy has emerged as one of the key concerns that could hinder the success of digital transformation. As such, Privacy-Preserving Machine Learning (PPML) has received much attention from both academia and industry. However, organizations are faced with the dilemma that, on the one hand, they are encouraged to share data to enhance ML performance, but on the other hand, they could potentially be breaching the relevant data privacy regulations. Practical PPML typically allows multiple participants to individually train their ML models, which are then aggregated to construct a global model in a privacy-preserving manner, e.g., based on multi-party computation or homomorphic encryption. Nevertheless, in most important applications of large-scale PPML, e.g., by aggregating clients' gradients to update a global model for federated learning, such as consumer behavior modeling of mobile application services, some participants are inevitably resource-constrained mobile devices, which may drop out of the PPML system due to their mobility nature. Therefore, the resilience of privacy-preserving aggregation has become an important problem to be tackled. In this paper, we propose a scalable privacy-preserving aggregation scheme that can tolerate dropout by participants at any time, and is secure against both semi-honest and active malicious adversaries by setting proper system parameters. By replacing communication-intensive building blocks with a seed homomorphic pseudo-random generator, and relying on the additive homomorphic property of Shamir secret sharing scheme, our scheme outperforms state-of-the-art schemes by up to 6.37$\times$ in runtime and provides a stronger dropout-resilience. The simplicity of our scheme makes it attractive both for implementation and for further improvements.

Chuhan Wu,Fangzhao Wu,Tao Qi,Yongfeng Huang,Xing Xie

DOI: https://doi.org/10.21203/rs.3.rs-1682972/v1

2022-01-01

Abstract:Abstract Privacy protection is critical for responsible artificial intelligence. Federated learning is a privacy-aware machine learning paradigm, which is often combined with differential privacy to guarantee privacy protection. Unfortunately, existing methods cannot achieve a satisfactory tradeoff between privacy and utility when the models are large, and their computation and communication costs are also huge. Here, we present a differentially private, efficient, and effective machine learning method named FedPrompt to learn big models in a federated way via prompt tuning. It only learns, perturbs, and exchanges the small prompt models injected into the big models. FedPrompt is validated on five datasets. The results show FedPrompt can achieve 0.5%~34.7% better performance than standard federated learning under same privacy budgets, meanwhile saving 99% of communication cost, 75% of memory, and 64% of training time. FedPrompt offers a new direction to efficiently and effectively distributed machine learning with privacy guarantees.

Xia Zhang,Haitao Deng,Rui Wu,Jingjing Ren,Yongjun Ren

DOI: https://doi.org/10.1038/s41598-024-74377-6

IF: 4.6

2024-10-11

Scientific Reports

Abstract:In federated learning, secret sharing is a key technology to maintain the privacy of participants' local models. Moreover, with the rapid development of quantum computers, existing federated learning privacy protection schemes based on secret sharing will no longer be able to guarantee the data security of participants in the post-quantum era. In addition, existing privacy protection methods have the problem of high communication and computational overhead. Although the multi-stage secret sharing scheme proposed by Pilaram et al. is one of the effective solutions to the above problems, existing studies have proven the privacy leakage risk of this scheme. This paper firstly designs a new lattice-based multi-stage secret sharing scheme Improved-Pilaram to solve the security problem, which allows participants to use public vectors to reconstruct different secret values without changing the secret sharing. Based on Improved-Pilaram , this article proposes a post-quantum secure federated learning scheme PQSF . PQSF uses double masking technology to encrypt model parameters and achieves mask reconstruction through secret sharing. Since Improved-Pilaram is multi-stage, participants do not need to update their local secret shares frequently during training. Analysis and experimental results show that the PQSF proposed in this paper reduces the communication complexity between participants and reduces the computational overhead by about 20% compared with existing solutions.

multidisciplinary sciences

Maksim Tsikhanovich,Malik Magdon-Ismail,Muhammad Ishaq,Vassilis Zikas

DOI: https://doi.org/10.48550/arXiv.1901.07986

IF: 5.414

2019-01-23

Machine Learning

Abstract:Privacy is a major issue in learning from distributed data. Recently the cryptographic literature has provided several tools for this task. However, these tools either reduce the quality/accuracy of the learning algorithm---e.g., by adding noise---or they incur a high performance penalty and/or involve trusting external authorities. We propose a methodology for {\sl private distributed machine learning from light-weight cryptography} (in short, PD-ML-Lite). We apply our methodology to two major ML algorithms, namely non-negative matrix factorization (NMF) and singular value decomposition (SVD). Our resulting protocols are communication optimal, achieve the same accuracy as their non-private counterparts, and satisfy a notion of privacy---which we define---that is both intuitive and measurable. Our approach is to use lightweight cryptographic protocols (secure sum and normalized secure sum) to build learning algorithms rather than wrap complex learning algorithms in a heavy-cost MPC framework. We showcase our algorithms' utility and privacy on several applications: for NMF we consider topic modeling and recommender systems, and for SVD, principal component regression, and low rank approximation.

Jing Liu,Jamie Cui,Cen Chen

DOI: https://doi.org/10.1145/3583780.3614998

2023-09-18

Abstract:Logistic regression is an algorithm widely used for binary classification in various real-world applications such as fraud detection, medical diagnosis, and recommendation systems. However, training a logistic regression model with data from different parties raises privacy concerns. Secure Multi-Party Computation (MPC) is a cryptographic tool that allows multiple parties to train a logistic regression model jointly without compromising privacy. The efficiency of the online training phase becomes crucial when dealing with large-scale data in practice. In this paper, we propose an online efficient protocol for privacy-preserving logistic regression based on Function Secret Sharing (FSS). Our protocols are designed in the two non-colluding servers setting and assume the existence of a third-party dealer who only poses correlated randomness to the computing parties. During the online phase, two servers jointly train a logistic regression model on their private data by utilizing pre-generated correlated randomness. Furthermore, we propose accurate and MPC-friendly alternatives to the sigmoid function and encapsulate the logistic regression training process into a function secret sharing gate. The online communication overhead significantly decreases compared with the traditional secure logistic regression training based on secret sharing. We provide both theoretical and experimental analyses to demonstrate the efficiency and effectiveness of our method.

Cryptography and Security

Ehsan Hesamifard,Hassan Takabi,Mehdi Ghasemi,Rebecca N. Wright

DOI: https://doi.org/10.1515/popets-2018-0024

2018-04-28

Proceedings on Privacy Enhancing Technologies

Abstract:Abstract Machine learning algorithms based on deep Neural Networks (NN) have achieved remarkable results and are being extensively used in different domains. On the other hand, with increasing growth of cloud services, several Machine Learning as a Service (MLaaS) are offered where training and deploying machine learning models are performed on cloud providers’ infrastructure. However, machine learning algorithms require access to the raw data which is often privacy sensitive and can create potential security and privacy risks. To address this issue, we present CryptoDL, a framework that develops new techniques to provide solutions for applying deep neural network algorithms to encrypted data. In this paper, we provide the theoretical foundation for implementing deep neural network algorithms in encrypted domain and develop techniques to adopt neural networks within practical limitations of current homomorphic encryption schemes. We show that it is feasible and practical to train neural networks using encrypted data and to make encrypted predictions, and also return the predictions in an encrypted form. We demonstrate applicability of the proposed CryptoDL using a large number of datasets and evaluate its performance. The empirical results show that it provides accurate privacy-preserving training and classification.

Yu-Chi Chen,Jhe-Kai Yang,Hsin-Chan Yen,Pei-Wen Lin

DOI: https://doi.org/10.1109/tifs.2024.3436662

IF: 7.231

2024-08-20

IEEE Transactions on Information Forensics and Security

Abstract:With the prevalence of artificial intelligence, people collect data through numerous sensors and use machine learning to create models for intelligent services. However, data privacy and massive data issues are raised with the proliferation of devices. Although secret sharing can be the solution to providing privacy and performing efficient computations (than homomorphic encryption-based) in the privacy domain, sharing large amounts of data may impose a considerable storage burden on resource-restricted devices. Therefore, we aim to reduce the shares that participants need to hold and construct secure computation protocols that form privacy-preserving data utilization with multi-secret sharing. In this paper, we study the mechanism of persistent computation with multi-secret sharing for privacy protection, which avoids the requirements for participants to store extra information during secure computation. We present the mask techniques to convert secrets into protected data and upload them separately to non-colluding dual-cloud servers through multi-secret sharing. Then, we can locally evaluate the operation result shares by revealing a part of the protected data, where the true secret consistently remains secure as the other part stays in a shared state. Eventually, we outsource a dataset to the cloud, build a privacy-preserving multi-party kNN classification based on our scheme, and provide some experiments to demonstrate the feasibility and usability of storage size.

computer science, theory & methods,engineering, electrical & electronic

Xiao-Kai Cao,Chang-Dong Wang,Jian-Huang Lai,Qiong Huang,C. L. Philip Chen

DOI: https://doi.org/10.1109/tcyb.2023.3235496

IF: 11.8

2023-01-01

IEEE Transactions on Cybernetics

Abstract:Multiparty learning is an indispensable technique to improve the learning performance via integrating data from multiple parties. Unfortunately, directly integrating multiparty data could not meet the privacy-preserving requirements, which then induces the development of privacy-preserving machine learning (PPML), a key research task in multiparty learning. Despite this, the existing PPML methods generally cannot simultaneously meet multiple requirements, such as security, accuracy, efficiency, and application scope. To deal with the aforementioned problems, in this article, we present a new PPML method based on the secure multiparty interactive protocol, namely, the multiparty secure broad learning system (MSBLS) and derive its security analysis. To be specific, the proposed method employs the interactive protocol and random mapping to generate the mapped features of data, and then uses efficient broad learning to train the neural network classifier. To the best of our knowledge, this is the first attempt for privacy computing method that jointly combines secure multiparty computing and neural network. Theoretically, this method can ensure that the accuracy of the model will not be reduced due to encryption, and the calculation speed is very fast. Three classical datasets are adopted to verify our conclusion.

automation & control systems,computer science, cybernetics, artificial intelligence