Bicoptor 2.0: Addressing Challenges in Probabilistic Truncation for Enhanced Privacy-Preserving Machine Learning

ACM

Aby3: A mixed protocol framework for machine learning

Payman Mohassel, Peter Rindal

Published: 2018

Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

Cryptflow2: Practical 2-party secure inference

Deevashwer Rathee, Mayank Rathee, Nishant Kumar, Nishanth Chandran, Divya Gupta, Aseem Rastogi, Rahul Sharma

Published: 2020

31st USENIX Security Symposium (USENIX Security 22)

Cheetah: Lean and fast secure {Two-Party} deep neural network inference

Z. Huang, W.-j. Lu, C. Hong, J. Ding

Published: 2022

Proc. Priv. Enhancing Technol.

Pika: Secure computation using function secret sharing over rings

S. Wagh

Published: 2022

Proceedings of the 2020 Workshop on Privacy-Preserving Machine Learning in Practice

Delphi: A cryptographic inference system for neural networks

Pratyush Mishra, Ryan Lehmkuhl, Akshayaram Srinivasan, Wenting Zheng, Raluca Ada Popa

Published: 2020

arxiv

被引用数 1

Proc. Priv. Enhancing Technol.

ARIANN: Low-Interaction Privacy-Preserving Deep Learning via Function Secret Sharing

Théo Ryffel, Pierre Tholoniat, David Pointcheval, Francis Bach

Published: 2020.6.8

We propose AriaNN, a low-interaction privacy-preserving framework for private neural network training and inference on sensitive data. Our semi-honest 2-party computation protocol (with a trusted dealer) leverages function secret sharing, a recent lightweight cryptographic protocol that allows us to achieve an efficient online phase. We design optimized primitives for the building blocks of neural networks such as ReLU, MaxPool and BatchNorm. For instance, we perform private comparison for ReLU operations with a single message of the size of the input during the online phase, and with preprocessing keys close to 4X smaller than previous work. Last, we propose an extension to support n-party private federated learning. We implement our framework as an extensible system on top of PyTorch that leverages CPU and GPU hardware acceleration for cryptographic and machine learning operations. We evaluate our end-to-end system for private inference between distant servers on standard neural networks such as AlexNet, VGG16 or ResNet18, and for private training on smaller networks like LeNet. We show that computation rather than communication is the main bottleneck and that using GPUs together with reduced key size is a promising solution to overcome this barrier.

アルゴリズム連合学習システムプライバシー評価

Proceedings on Privacy Enhancing Technologies

F: Honest-majority maliciously secure framework for private deep learning

S. Wagh, S. Tople, F. Benhamouda, E. Kushilevitz, P. Mittal, T. Rabin

Published: 2021

Proceedings on Privacy Enhancing Technologies

Flash: Fast and robust framework for privacy-preserving machine learning

Megha Byali, Harsh Chaudhari, Arpita Patra, Ajith Suresh

Published: 2020

arxiv

被引用数 1

Network and Distributed System Security Symposium (NDSS)

BLAZE: Blazing Fast Privacy-Preserving Machine Learning

Arpita Patra, Ajith Suresh

Published: 2020.5.19

Machine learning tools have illustrated their potential in many significant sectors such as healthcare and finance, to aide in deriving useful inferences. The sensitive and confidential nature of the data, in such sectors, raise natural concerns for the privacy of data. This motivated the area of Privacy-preserving Machine Learning (PPML) where privacy of the data is guaranteed. Typically, ML techniques require large computing power, which leads clients with limited infrastructure to rely on the method of Secure Outsourced Computation (SOC). In SOC setting, the computation is outsourced to a set of specialized and powerful cloud servers and the service is availed on a pay-per-use basis. In this work, we explore PPML techniques in the SOC setting for widely used ML algorithms-- Linear Regression, Logistic Regression, and Neural Networks. We propose BLAZE, a blazing fast PPML framework in the three server setting tolerating one malicious corruption over a ring (\Z{\ell}). BLAZE achieves the stronger security guarantee of fairness (all honest servers get the output whenever the corrupt server obtains the same). Leveraging an input-independent preprocessing phase, BLAZE has a fast input-dependent online phase relying on efficient PPML primitives such as: (i) A dot product protocol for which the communication in the online phase is independent of the vector size, the first of its kind in the three server setting; (ii) A method for truncation that shuns evaluating expensive circuit for Ripple Carry Adders (RCA) and achieves a constant round complexity. This improves over the truncation method of ABY3 (Mohassel et al., CCS 2018) that uses RCA and consumes a round complexity that is of the order of the depth of RCA. An extensive benchmarking of BLAZE for the aforementioned ML algorithms over a 64-bit ring in both WAN and LAN settings shows massive improvements over ABY3.

機械学習アルゴリズム MPCアルゴリズム計算効率

NDSS 2020

Trident: Efficient 4pc framework for privacy preserving machine learning

H. Chaudhari, R. Rachuri, A. Suresh

Published: 2020

USENIX Security 2022

Piranha: A GPU platform for secure computation

J. Watson, S. Wagh, R. A. Popa

Published: 2022

arxiv

被引用数 1

CryptGPU: Fast Privacy-Preserving Machine Learning on the GPU

Sijun Tan, Brian Knott, Yuan Tian, David J. Wu

Published: 2021.4.22

We introduce CryptGPU, a system for privacy-preserving machine learning that implements all operations on the GPU (graphics processing unit). Just as GPUs played a pivotal role in the success of modern deep learning, they are also essential for realizing scalable privacy-preserving deep learning. In this work, we start by introducing a new interface to losslessly embed cryptographic operations over secret-shared values (in a discrete domain) into floating-point operations that can be processed by highly-optimized CUDA kernels for linear algebra. We then identify a sequence of "GPU-friendly" cryptographic protocols to enable privacy-preserving evaluation of both linear and non-linear operations on the GPU. Our microbenchmarks indicate that our private GPU-based convolution protocol is over 150x faster than the analogous CPU-based protocol; for non-linear operations like the ReLU activation function, our GPU-based protocol is around 10x faster than its CPU analog. With CryptGPU, we support private inference and private training on convolutional neural networks with over 60 million parameters as well as handle large datasets like ImageNet. Compared to the previous state-of-the-art, when considering large models and datasets, our protocols achieve a 2x to 8x improvement in private inference and a 6x to 36x improvement for private training. Our work not only showcases the viability of performing secure multiparty computation (MPC) entirely on the GPU to enable fast privacy-preserving machine learning, but also highlights the importance of designing new MPC primitives that can take full advantage of the GPU's computing capabilities.

プライバシー保護モデル設計暗号化技術

CRYPTO 2020

Improved primitives for mpc over mixed arithmetic-binary circuits

D. Escudero, S. Ghosh, M. Keller, R. Rachuri, P. Scholl

Published: 2020

arxiv

被引用数 3

Bicoptor: Two-round Secure Three-party Non-linear Computation without Preprocessing for Privacy-preserving Machine Learning

Lijing Zhou, Ziyu Wang, Hongrui Cui, Qingrui Song, Yu Yu

Published: 2022.10.5

The overhead of non-linear functions dominates the performance of the secure multiparty computation (MPC) based privacy-preserving machine learning (PPML). This work introduces a family of novel secure three-party computation (3PC) protocols, Bicoptor, which improve the efficiency of evaluating non-linear functions. The basis of Bicoptor is a new sign determination protocol, which relies on a clever use of the truncation protocol proposed in SecureML (S\&P 2017). Our 3PC sign determination protocol only requires two communication rounds, and does not involve any preprocessing. Such sign determination protocol is well-suited for computing non-linear functions in PPML, e.g. the activation function ReLU, Maxpool, and their variants. We develop suitable protocols for these non-linear functions, which form a family of GPU-friendly protocols, Bicoptor. All Bicoptor protocols only require two communication rounds without preprocessing. We evaluate Bicoptor under a 3-party LAN network over a public cloud, and achieve more than 370,000 DReLU/ReLU or 41,000 Maxpool (find the maximum value of nine inputs) operations per second. Under the same settings and environment, our ReLU protocol has a one or even two orders of magnitude improvement to the state-of-the-art works, Falcon (PETS 2021) or Edabits (CRYPTO 2020), respectively without batch processing.

プライバシー保護手法 DNN IP保護手法通信効率

arxiv

被引用数 1

USENIX Security Symposium

Gazelle: A Low Latency Framework for Secure Neural Network Inference

Chiraag Juvekar, Vinod Vaikuntanathan, Anantha Chandrakasan

Published: 2018.1.17

暗号化技術安全な算術計算透かし技術

AsiaCCS 2018

Chameleon: A hybrid secure computation framework for machine learning applications

M. S. Riazi, C. Weinert, O. Tkachenko, E. M. Songhori, T. Schneider, F. Koushanfar

Published: 2018

USENIX Security Symposium

Aby2.0: Improved mixed-protocol secure two-party computation

A. Patra, T. Schneider, A. Suresh, H. Yalame

Published: 2021

IEEE Trans. Dependable Secur. Comput.

Optimizing privacy-preserving outsourced convolutional neural network predictions

M. Li, S. S. M. Chow, S. Hu, Y. Yan, C. Shen, Q. Wang

Published: 2022

Proceedings on Privacy Enhancing Technologies

Securenn: 3-party secure computation for neural network training

Sameer Wagh, Divya Gupta, Nishanth Chandran

Published: 2019

arxiv

被引用数 1

Cloud Computing Security Workshop (CCSW)

ASTRA: High Throughput 3PC over Rings with Application to Secure Prediction

Harsh Chaudhari, Ashish Choudhury, Arpita Patra, Ajith Suresh

Published: 2019.12.5

The concrete efficiency of secure computation has been the focus of many recent works. In this work, we present concretely-efficient protocols for secure $3$-party computation (3PC) over a ring of integers modulo $2^{\ell}$ tolerating one corruption, both with semi-honest and malicious security. Owing to the fact that computation over ring emulates computation over the real-world system architectures, secure computation over ring has gained momentum of late. Cast in the offline-online paradigm, our constructions present the most efficient online phase in concrete terms. In the semi-honest setting, our protocol requires communication of $2$ ring elements per multiplication gate during the {\it online} phase, attaining a per-party cost of {\em less than one element}. This is achieved for the first time in the regime of 3PC. In the {\it malicious} setting, our protocol requires communication of $4$ elements per multiplication gate during the online phase, beating the state-of-the-art protocol by $5$ elements. Realized with both the security notions of selective abort and fairness, the malicious protocol with fairness involves slightly more communication than its counterpart with abort security for the output gates {\em alone}. We apply our techniques from $3$PC in the regime of secure server-aided machine-learning (ML) inference for a range of prediction functions-- linear regression, linear SVM regression, logistic regression, and linear SVM classification. Our setting considers a model-owner with trained model parameters and a client with a query, with the latter willing to learn the prediction of her query based on the model parameters of the former. The inputs and computation are outsourced to a set of three non-colluding servers. Our constructions catering to both semi-honest and the malicious world, invariably perform better than the existing constructions.

プライバシー保護プロトコルプロトコルの脆弱性や攻撃シナリオに関する議論性能評価

S&P 2020

Cryptflow: Secure tensorflow inference

N. Kumar, M. Rathee, N. Chandran, D. Gupta, A. Rastogi, R. Sharma

Published: 2020

USENIX Security 2021

Fantastic four: Honest-majority four-party secure computation with malicious security

A. P. K. Dalskov, D. Escudero, M. Keller

Published: 2021

USENIX 2021

SWIFT: super-fast and robust privacy-preserving machine learning

N. Koti, M. Pancholi, A. Patra, A. Suresh

Published: 2021

FC 2021

Rabbit: Efficient comparison for secure multi-party computation

E. Makri, D. Rotaru, F. Vercauteren, S. Wagh

Published: 2021

Secure supply chain management

Published: 2009

Piranha source code

J.-L. Watson, S. Wagh, R. A. Popa

Published: 2021

SPAWC 2019

Towards hardware implementation of neural network-based communication algorithms

F. A. Aoudia, J. Hoydis

Published: 2019

Advances in Cryptology-CRYPTO’91: Proceedings 11. Springer

Efficient multiparty protocols using circuit randomization

D. Beaver

Published: 1992