Ryann Cartor,Rafael G. L. D'Oliveira,Salim El Rouayheb,Daniel Heinlein,David Karpuk,Alex Sprintson

2024-05-10

Abstract:We consider the problem of secure distributed matrix multiplication in which a user wishes to compute the product of two matrices with the assistance of honest but curious servers. We show how to construct polynomial schemes for the outer product partitioning which take advantage of the user's ability to precompute, and provide bounds for our technique. We show that precomputation allows for a reduction in the order of the time complexity for the cases where the number of colluding servers is a fixed percentage of the number of servers. Furthermore, with precomputation, any percentage (less than 100%) of collusions can be tolerated, compared to the upper limit of 50% for the case without precomputation.

Information Theory

Malihe Aliasgari,Osvaldo Simeone,Jörg Kliewer,Jorg Kliewer

DOI: https://doi.org/10.1109/tifs.2020.2972166

IF: 7.231

2020-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Large matrix multiplications are central to large-scale machine learning applications. These operations are often carried out on a distributed computing platform with a master server and multiple workers in the cloud operating in parallel. For such distributed platforms, it has been recently shown that coding over the input data matrices can reduce the computational delay, yielding a trade-off between recovery threshold, i.e., the number of workers required to recover the matrix product, and communication load, i.e., the total amount of data to be downloaded from the workers. In this paper, in addition to exact recovery requirements, we impose security and privacy constraints on the data matrices, and study the recovery threshold as a function of the communication load. We first assume that both matrices contain private information and that workers can collude to eavesdrop on the content of these data matrices. For this problem, we introduce a novel class of secure codes, referred to as secure generalized PolyDot (SGPD) codes, that generalize state-of-the-art non-secure codes for matrix multiplication. SGPD codes allow a flexible trade-off between recovery threshold and communication load for a fixed maximum number of colluding workers while providing perfect secrecy for the two data matrices. We then study a connection between secure matrix multiplication and private information retrieval. We specifically assume that one of the data matrices is taken from a public set known to all the workers. In this setup, the identity of the matrix of interest should be kept private from the workers. For this model, we present a variant of generalized PolyDot codes that can guarantee both secrecy of one matrix and privacy for the identity of the other matrix for the case of no colluding servers.

computer science, theory & methods,engineering, electrical & electronic

Lev Tauz,Lara Dolecek

2023-05-14

Abstract:In this paper, we present a novel variation of the coded matrix multiplication problem which we refer to as fully private grouped matrix multiplication (FPGMM). In FPGMM, a master wants to compute a group of matrix products between two matrix libraries that can be accessed by all workers while ensuring that any number of prescribed colluding workers learn nothing about which matrix products the master desires, nor the number of matrix products. We present an achievable scheme using a variant of Cross-Subspace Alignment (CSA) codes that offers flexibility in communication and computation cost. Additionally, we demonstrate how our scheme can outperform naive applications of schemes used in a related privacy focused coded matrix multiplication problem.

Information Theory,Cryptography and Security

Maximilian Egger,Marvin Xhemrishi,Antonia Wachter-Zeh,Rawad Bitar

DOI: https://doi.org/10.48550/arXiv.2306.15134

2023-06-27

Abstract:This paper considers the problem of outsourcing the multiplication of two private and sparse matrices to untrusted workers. Secret sharing schemes can be used to tolerate stragglers and guarantee information-theoretic privacy of the matrices. However, traditional secret sharing schemes destroy all sparsity in the offloaded computational tasks. Since exploiting the sparse nature of matrices was shown to speed up the multiplication process, preserving the sparsity of the input matrices in the computational tasks sent to the workers is desirable. It was recently shown that sparsity can be guaranteed at the expense of a weaker privacy guarantee. Sparse secret sharing schemes with only two output shares were constructed. In this work, we construct sparse secret sharing schemes that generalize Shamir's secret sharing schemes for a fixed threshold $t=2$ and an arbitrarily large number of shares. We design our schemes to provide the strongest privacy guarantee given a desired sparsity of the shares under some mild assumptions. We show that increasing the number of shares, i.e., increasing straggler tolerance, incurs a degradation of the privacy guarantee. However, this degradation is negligible when the number of shares is comparably small to the cardinality of the input alphabet.

Information Theory,Distributed, Parallel, and Cluster Computing

Jinbao Zhu,Songze Li

DOI: https://doi.org/10.1109/jsait.2022.3181144

2022-06-01

IEEE Journal on Selected Areas in Information Theory

Abstract:We consider the problems of Private and Secure Matrix Multiplication (PSMM) and Fully Private Matrix Multiplication (FPMM), for which matrices privately selected by a master node are multiplied at distributed worker nodes without revealing the indices of the selected matrices, even when a certain number of workers collude with each other. We propose a novel systematic approach to solve PSMM and FPMM with colluding workers, which leverages solutions to a related Secure Matrix Multiplication (SMM) problem where the data (rather than the indices) of the multiplied matrices are kept private from colluding workers. Specifically, given an SMM strategy based on polynomial codes or Lagrange codes, one can exploit the special structure inspired by the matrix encoding function to design private coded queries for PSMM/FPMM, such that the algebraic structure of the computation result at each worker resembles that of the underlying SMM strategy. Adopting this systematic approach provides novel insights in private query designs for private matrix multiplication, substantially simplifying the processes of designing PSMM and FPMM strategies. Furthermore, the PSMM and FPMM strategies constructed following the proposed approach outperform the state-of-the-art strategies in one or more performance metrics including recovery threshold (minimal number of workers the master needs to wait for before correctly recovering the multiplication result), communication cost, and computation complexity, demonstrating a more flexible tradeoff in optimizing system efficiency.

M. Xhemrishi,Rawad Bitar,A. Wachter-Zeh

DOI: https://doi.org/10.48550/arXiv.2203.01728

2022-03-03

Abstract:We consider the problem of designing a coding scheme that allows both sparsity and privacy for distributed matrix-vector multiplication. Perfect information-theoretic privacy requires encoding the input sparse matrices into matrices distributed uniformly at random from the considered alphabet; thus destroying the sparsity. Computing matrix-vector multiplication for sparse matrices is known to be fast. Distributing the computation over the non-sparse encoded matrices maintains privacy, but introduces artificial computing delays. In this work, we relax the privacy constraint and show that a certain level of sparsity can be maintained in the encoded matrices. We consider the chief/worker setting while assuming the presence of two clusters of workers: one is completely untrusted in which all workers collude to eavesdrop on the input matrix and in which perfect privacy must be satisfied; the other is partly trusted, only up to z workers may collude and to which revealing small amount of information about the input matrix is allowed. We design a scheme that trades sparsity for privacy while achieving the desired constraints. We use cyclic task assignments of the encoded matrices to tolerate partial and full stragglers.

Computer Science,Mathematics

Grey Ballard,James Demmel,Olga Holtz,Benjamin Lipshitz,Oded Schwartz

DOI: https://doi.org/10.48550/arXiv.1202.3173

2012-02-14

Data Structures and Algorithms

Abstract:Parallel matrix multiplication is one of the most studied fundamental problems in distributed and high performance computing. We obtain a new parallel algorithm that is based on Strassen's fast matrix multiplication and minimizes communication. The algorithm outperforms all known parallel matrix multiplication algorithms, classical and Strassen-based, both asymptotically and in practice. A critical bottleneck in parallelizing Strassen's algorithm is the communication between the processors. Ballard, Demmel, Holtz, and Schwartz (SPAA'11) prove lower bounds on these communication costs, using expansion properties of the underlying computation graph. Our algorithm matches these lower bounds, and so is communication-optimal. It exhibits perfect strong scaling within the maximum possible range. Benchmarking our implementation on a Cray XT4, we obtain speedups over classical and Strassen-based algorithms ranging from 24% to 184% for a fixed matrix dimension n=94080, where the number of nodes ranges from 49 to 7203. Our parallelization approach generalizes to other fast matrix multiplication algorithms.

Jean-Guillaume Dumas,Clément Pernet,Alexandre Sedoglavic

2024-06-28

Abstract:We propose a non-commutative algorithm for multiplying 2x2 matrices using 7 coefficient products. This algorithm reaches simultaneously a better accuracy in practice compared to previously known such fast algorithms, and a time complexity bound with the best currently known leading term (obtained via alternate basis sparsification). To build this algorithm, we consider matrix and tensor norms bounds governing the stability and accuracy of numerical matrix multiplication. First, we reduce those bounds by minimizing a growth factor along the unique orbit of Strassen's 2x2-matrix multiplication tensor decomposition. Second, we develop heuristics for minimizing the number of operations required to realize a given bilinear formula, while further improving its accuracy. Third, we perform an alternate basis sparsification that improves on the time complexity constant and mostly preserves the overall accuracy.

Numerical Analysis,Symbolic Computation

Wei-Ting Chang,Ravi Tandon

DOI: https://doi.org/10.48550/arXiv.1806.00469

2018-06-02

Abstract:Matrix multiplication is one of the key operations in various engineering applications. Outsourcing large-scale matrix multiplication tasks to multiple distributed servers or cloud is desirable to speed up computation. However, security becomes an issue when these servers are untrustworthy. In this paper, we study the problem of secure distributed matrix multiplication from distributed untrustworthy servers. This problem falls in the category of secure function computation and has received significant attention in the cryptography community. However, the fundamental limits of information-theoretically secure matrix multiplication remain an open problem. We focus on information-theoretically secure distributed matrix multiplication with the goal of characterizing the minimum communication overhead. The capacity of secure matrix multiplication is defined as the maximum possible ratio of the desired information and the total communication received from $N$ distributed servers. In particular, we study the following two models where we want to multiply two matrices $A\in\mathbb{F}^{m\times n}$ and $B\in\mathbb{F}^{n\times p}$: $(a)$ one-sided secure matrix multiplication with $\ell$ colluding servers, in which $B$ is a public matrix available at all servers and $A$ is a private matrix. $(b)$ fully secure matrix multiplication with $\ell$ colluding servers, in which both $A$ and $B$ are private matrices. The goal is to securely multiply $A$ and $B$ when any $\ell$ servers can collude. For model $(a)$, we characterize the capacity as $C_{\text{one-sided}}^{(\ell)}=(N-\ell)/N$ by providing a secure matrix multiplication scheme and a matching converse. For model $(b)$, we propose a novel scheme that lower bounds the capacity, i.e., $C_{\text{fully}}^{(\ell)}\geq (\lceil \sqrt{N}-\ell \rceil)^2/(\lceil \sqrt{N}-\ell \rceil+\ell)^2$.

Information Theory,Cryptography and Security,Distributed, Parallel, and Cluster Computing

Shizhao Peng,Tianrui Liu,Tianle Tao,Derun Zhao,Hao Sheng,Haogang Zhu

2024-11-06

Abstract:Efficient multi-party secure matrix multiplication is crucial for privacy-preserving machine learning, but existing mixed-protocol frameworks often face challenges in balancing security, efficiency, and accuracy. This paper presents an efficient, verifiable and accurate secure three-party computing (EVA-S3PC) framework that addresses these challenges with elementary 2-party and 3-party matrix operations based on data obfuscation techniques. We propose basic protocols for secure matrix multiplication, inversion, and hybrid multiplication, ensuring privacy and result verifiability. Experimental results demonstrate that EVA-S3PC achieves up to 14 significant decimal digits of precision in Float64 calculations, while reducing communication overhead by up to $54.8\%$ compared to state of art methods. Furthermore, 3-party regression models trained using EVA-S3PC on vertically partitioned data achieve accuracy nearly identical to plaintext training, which illustrates its potential in scalable, efficient, and accurate solution for secure collaborative modeling across domains.

Cryptography and Security

Jinbao Zhu,Songze Li,Jie Li

DOI: https://doi.org/10.1109/tifs.2023.3249565

IF: 7.231

2023-03-08

IEEE Transactions on Information Forensics and Security

Abstract:We study two problems of private matrix multiplication, over a distributed computing system consisting of a master node, and multiple servers that collectively store a family of public matrices using Maximum-Distance-Separable (MDS) codes. In the first problem of Private and Secure Matrix Multiplication (PSMM) from colluding servers, the master intends to compute the product of its confidential matrix with a target matrix stored on the servers, without revealing any information about and the index of target matrix to some colluding servers. In the second problem of Fully Private Matrix Multiplication (FPMM) from colluding servers, the matrix is also selected from another family of public matrices stored at the servers in MDS form. In this case, the indices of the two target matrices should both be kept private from colluding servers. We develop novel strategies for the two PSMM and FPMM problems, which simultaneously guarantee information-theoretic data/index privacy and computation correctness. We compare the proposed PSMM strategy with a previous PSMM strategy with a weaker privacy guarantee (non-colluding servers), and demonstrate substantial improvements over the previous strategy in terms of communication and computation overheads. Moreover, compared with a baseline FPMM strategy that uses the idea of Private Information Retrieval (PIR) to directly retrieve the desired matrix multiplication, the proposed FPMM strategy significantly reduces storage overhead, but slightly incurs large communication and computation overheads.

computer science, theory & methods,engineering, electrical & electronic

Daniel Escudero,Eduardo Soria-Vazquez

DOI: https://doi.org/10.1007/978-3-030-84245-1_12

2021-01-01

Abstract:We construct the first efficient, unconditionally secure MPC protocol that only requires black-box access to a non-commutative ring R. Previous results in the same setting were efficient only either for a constant number of corruptions or when computing branching programs and formulas. Our techniques are based on a generalization of Shamir’s secret sharing to non-commutative rings, which we derive from the work on Reed Solomon codes by Quintin, Barbier and Chabot (IEEE Transactions on Information Theory, 2013). When the center of the ring contains a set A={α0,…,αn}documentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$A = {alpha _0, ldots , alpha _n}$$end{document} such that ∀i≠j,αi-αj∈R∗documentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$forall i e j, alpha _i ,-, alpha _j in R^*$$end{document}, the resulting secret sharing scheme is strongly multiplicative and we can generalize existing constructions over finite fields without much trouble.Most of our work is devoted to the case where the elements of A do not commute with all of R, but they just commute with each other. For such rings, the secret sharing scheme cannot be linear “on both sides” and furthermore it is not multiplicative. Nevertheless, we are still able to build MPC protocols with a concretely efficient online phase and black-box access to R. As an example we consider the ring Mm×m(Z/2kZ)documentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$mathcal {M}_{m imes m}(mathbb {Z}/2^kmathbb {Z})$$end{document}, for which when m>log(n+1)documentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$m > log (n+1)$$end{document}, we obtain protocols that require around ⌈log(n+1)⌉/2documentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$lceil log (n+1) ceil /2$$end{document} less communication and 2⌈log(n+1)⌉documentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$2lceil log (n+1) ceil $$end{document} less computation than the state of the art protocol based on Circuit Amortization Friendly Encodings (Dalskov, Lee and Soria-Vazquez, ASIACRYPT 2020).In this setting with a “less commutative” A, our black-box preprocessing phase has a less practical complexity of poly(n)documentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$mathsf {poly}(n)$$end{document}. We fix this by additionally providing specialized, concretely efficient preprocessing protocols for Mm×m(Z/2kZ)documentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$mathcal {M}_{m imes m}(mathbb {Z}/2^kmathbb {Z})$$end{document} that exploit the structure of the matrix ring.

David Karpuk,Razane Tajeddine

2024-01-05

Abstract:We present Modular Polynomial (MP) Codes for Secure Distributed Matrix Multiplication (SDMM). The construction is based on the observation that one can decode certain proper subsets of the coefficients of a polynomial with fewer evaluations than is necessary to interpolate the entire polynomial. We also present Generalized Gap Additive Secure Polynomial (GGASP) codes. Both MP and GGASP codes are shown experimentally to perform favorably in terms of recovery threshold when compared to other comparable polynomials codes for SDMM which use the grid partition. Both MP and GGASP codes achieve the recovery threshold of Entangled Polynomial Codes for robustness against stragglers, but MP codes can decode below this recovery threshold depending on the set of worker nodes which fails. The decoding complexity of MP codes is shown to be lower than other approaches in the literature, due to the user not being tasked with interpolating an entire polynomial.

Information Theory

Jie Li,Camilla Hollanti

DOI: https://doi.org/10.1109/tifs.2022.3147638

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:In this paper, we study the problem of private and secure distributed matrix multiplication (PSDMM), where a user having a private matrix $A$ and $N$ non-colluding servers sharing a library of $L$ ($L>1$ ) matrices $B^{(0)}, B^{(1)},ldots,B^{(L-1)}$ , for which the user wishes to compute $AB^{( heta)}$ for some $ heta in [0, L$ ) without revealing any information of the matrix $A$ to the servers, and keeping the index $ heta $ private to the servers. Previous work is limited to the case that the shared library (i.e., the matrices $B^{(0)}, B^{(1)},ldots,B^{(L-1)}$ ) is stored across the servers in a replicated form and schemes are very scarce in the literature, there is still much room for improvement. In this paper, we propose two PSDMM schemes, where one is limited to the case that the shared library is stored across the servers in a replicated form but has a better performance than state-of-the-art schemes in that it can achieve a smaller recovery threshold and download cost. The other one focuses on the case that the shared library is stored across the servers in an MDS-coded form, which requires less storage in the servers. The second PSDMM code does not subsume the first one even if the underlying MDS code is degraded to a repetition code as they are totally two different schemes.

computer science, theory & methods,engineering, electrical & electronic

Wen-Jie Liu,Zi-Xian Li

DOI: https://doi.org/10.1109/TCSI.2023.3295891

2023-09-23

Abstract:Secure two-party scalar product (S2SP) is a promising research area within secure multiparty computation (SMC), which can solve a range of SMC problems, such as intrusion detection, data analysis, and geometric computations. However, existing quantum S2SP protocols are not efficient enough, and the complexity is usually close to exponential level. In this paper, a novel secure two-party quantum scalar product (S2QSP) protocol based on Fourier entangled states is proposed to achieve higher efficiency. Firstly, the definition of unconditional security under malicious models is given. And then, an honesty verification method called Entanglement Bondage is proposed, which is used in conjunction with the modular summation gate to resist malicious attacks. The property of Fourier entangled states is used to calculate the scalar product with polynomial complexity. The unconditional security of our protocol is proved, which guarantees the privacy of all parties. In addition, we design a privacy-preserving quantum matrix multiplication protocol based on S2QSP protocol. By transforming matrix multiplication into a series of scalar product processes, the product of two private matrices is calculated without revealing any privacy. Finally, we show our protocol's feasibility in IBM Qiskit simulator.

Quantum Physics,Cryptography and Security,Emerging Technologies

Okko Makkonen,Camilla Hollanti

DOI: https://doi.org/10.48550/arXiv.2211.14213

2022-11-25

Information Theory

Abstract:The Gram matrix of a matrix $A$ is defined as $AA^T$ (or $A^T\!A$). Computing the Gram matrix is an important operation in many applications, such as linear regression with the least squares method, where the explicit solution formula includes the Gram matrix of the data matrix. Secure distributed matrix multiplication (SDMM) can be used to compute the product of two matrices using the help of worker servers. If a Gram matrix were computed using SDMM, the data matrix would need to be encoded twice, which causes an unnecessary overhead in the communication cost. We propose a new scheme for this purpose called secure distributed Gram matrix multiplication (SDGMM). It can leverage the advantages of computing a Gram matrix instead of a regular matrix product.

Arnaud Deza,Chang Liu,Pashootan Vaezipoor,Elias B. Khalil

2023-07-17

Abstract:It is known that the multiplication of an $N \times M$ matrix with an $M \times P$ matrix can be performed using fewer multiplications than what the naive $NMP$ approach suggests. The most famous instance of this is Strassen's algorithm for multiplying two $2\times 2$ matrices in 7 instead of 8 multiplications. This gives rise to the constraint satisfaction problem of fast matrix multiplication, where a set of $R < NMP$ multiplication terms must be chosen and combined such that they satisfy correctness constraints on the output matrix. Despite its highly combinatorial nature, this problem has not been exhaustively examined from that perspective, as evidenced for example by the recent deep reinforcement learning approach of AlphaTensor. In this work, we propose a simple yet novel Constraint Programming approach to find non-commutative algorithms for fast matrix multiplication or provide proof of infeasibility otherwise. We propose a set of symmetry-breaking constraints and valid inequalities that are particularly helpful in proving infeasibility. On the feasible side, we find that exploiting solver performance variability in conjunction with a sparsity-based problem decomposition enables finding solutions for larger (feasible) instances of fast matrix multiplication. Our experimental results using CP Optimizer demonstrate that we can find fast matrix multiplication algorithms for matrices up to $3\times 3$ in a short amount of time.

Artificial Intelligence,Data Structures and Algorithms,Combinatorics

Chengdong Tao,Adama Diene,Shaohua Tang,Jintai Ding

DOI: https://doi.org/10.1007/978-3-642-38616-9_16

2013-01-01

Abstract:There are several attempts to build asymmetric pubic key encryption schemes based on multivariate polynomials of degree two over a finite field. However, most of them are insecure. The common defect in many of them comes from the fact that certain quadratic forms associated with their central maps have low rank, which makes them vulnerable to the MinRank attack. We propose a new simple and efficient multivariate pubic key encryption scheme based on matrix multiplication, which does not have such a low rank property. The new scheme will be called Simple Matrix Scheme or ABC in short. We also propose some parameters for practical and secure implementation.

Tao Wang,Zhiping Shi,Juan Yang,Sha Liu

DOI: https://doi.org/10.3390/e26090743

IF: 2.738

2024-09-02

Entropy

Abstract:Secure distributed matrix multiplication (SDMM) schemes are crucial for distributed learning algorithms where extensive data computation is distributed across multiple servers. Inspired by the application of repairing Reed–Solomon (RS) codes in distributed storage and secret sharing, we propose SDMM schemes with reduced communication overhead through the use of trace polynomials. Specifically, these schemes are designed to address three critical concerns: (i) ensuring information-theoretic privacy against collusion among servers; (ii) providing security against Byzantine servers; and (iii) offering resiliency against stragglers to mitigate computing delays. To the best of our knowledge, security and resiliency are being considered for the first time within trace polynomial-based approaches. Furthermore, our schemes offer the advantage of reduced sub-packetization and a lower server-count requirement, which diminish the computational complexity and download cost for the user.

physics, multidisciplinary