83 research outputs found
Gazelle: A Low Latency Framework for Secure Neural Network Inference
The growing popularity of cloud-based machine learning raises a natural
question about the privacy guarantees that can be provided in such a setting.
Our work tackles this problem in the context where a client wishes to classify
private images using a convolutional neural network (CNN) trained by a server.
Our goal is to build efficient protocols whereby the client can acquire the
classification result without revealing their input to the server, while
guaranteeing the privacy of the server's neural network.
To this end, we design Gazelle, a scalable and low-latency system for secure
neural network inference, using an intricate combination of homomorphic
encryption and traditional two-party computation techniques (such as garbled
circuits). Gazelle makes three contributions. First, we design the Gazelle
homomorphic encryption library which provides fast algorithms for basic
homomorphic operations such as SIMD (single instruction multiple data)
addition, SIMD multiplication and ciphertext permutation. Second, we implement
the Gazelle homomorphic linear algebra kernels which map neural network layers
to optimized homomorphic matrix-vector multiplication and convolution routines.
Third, we design optimized encryption switching protocols which seamlessly
convert between homomorphic and garbled circuit encodings to enable
implementation of complete neural network inference.
We evaluate our protocols on benchmark neural networks trained on the MNIST
and CIFAR-10 datasets and show that Gazelle outperforms the best existing
systems such as MiniONN (ACM CCS 2017) by 20 times and Chameleon (Crypto Eprint
2017/1164) by 30 times in online runtime. Similarly when compared with fully
homomorphic approaches like CryptoNets (ICML 2016) we demonstrate three orders
of magnitude faster online run-time
Gazelle: A Low Latency Framework for Secure Neural Network Inference
The growing popularity of cloud-based machine learning raises a natural
question about the privacy guarantees that can be provided in such a setting.
Our work tackles this problem in the context where a client wishes to classify
private images using a convolutional neural network (CNN) trained by a server.
Our goal is to build efficient protocols whereby the client can acquire the
classification result without revealing their input to the server, while
guaranteeing the privacy of the server's neural network.
To this end, we design Gazelle, a scalable and low-latency system for secure
neural network inference, using an intricate combination of homomorphic
encryption and traditional two-party computation techniques (such as garbled
circuits). Gazelle makes three contributions. First, we design the Gazelle
homomorphic encryption library which provides fast algorithms for basic
homomorphic operations such as SIMD (single instruction multiple data)
addition, SIMD multiplication and ciphertext permutation. Second, we implement
the Gazelle homomorphic linear algebra kernels which map neural network layers
to optimized homomorphic matrix-vector multiplication and convolution routines.
Third, we design optimized encryption switching protocols which seamlessly
convert between homomorphic and garbled circuit encodings to enable
implementation of complete neural network inference.
We evaluate our protocols on benchmark neural networks trained on the MNIST
and CIFAR-10 datasets and show that Gazelle outperforms the best existing
systems such as MiniONN (ACM CCS 2017) by 20 times and Chameleon (Crypto Eprint
2017/1164) by 30 times in online runtime. Similarly when compared with fully
homomorphic approaches like CryptoNets (ICML 2016) we demonstrate three orders
of magnitude faster online run-time
Integrating Homomorphic Encryption and Trusted Execution Technology for Autonomous and Confidential Model Refining in Cloud
With the popularity of cloud computing and machine learning, it has been a
trend to outsource machine learning processes (including model training and
model-based inference) to cloud. By the outsourcing, other than utilizing the
extensive and scalable resource offered by the cloud service provider, it will
also be attractive to users if the cloud servers can manage the machine
learning processes autonomously on behalf of the users. Such a feature will be
especially salient when the machine learning is expected to be a long-term
continuous process and the users are not always available to participate. Due
to security and privacy concerns, it is also desired that the autonomous
learning preserves the confidentiality of users' data and models involved.
Hence, in this paper, we aim to design a scheme that enables autonomous and
confidential model refining in cloud. Homomorphic encryption and trusted
execution environment technology can protect confidentiality for autonomous
computation, but each of them has their limitations respectively and they are
complementary to each other. Therefore, we further propose to integrate these
two techniques in the design of the model refining scheme. Through
implementation and experiments, we evaluate the feasibility of our proposed
scheme. The results indicate that, with our proposed scheme the cloud server
can autonomously refine an encrypted model with newly provided encrypted
training data to continuously improve its accuracy. Though the efficiency is
still significantly lower than the baseline scheme that refines plaintext-model
with plaintext-data, we expect that it can be improved by fully utilizing the
higher level of parallelism and the computational power of GPU at the cloud
server.Comment: IEEE INTERNATIONAL CONFERENCE ON CLOUD COMPUTING (CLOUD) 202
Towards Improved Homomorphic Encryption for Privacy-Preserving Deep Learning
Mención Internacional en el título de doctorDeep Learning (DL) has supposed a remarkable transformation for many fields, heralded
by some as a new technological revolution. The advent of large scale models has increased
the demands for data and computing platforms, for which cloud computing has become
the go-to solution. However, the permeability of DL and cloud computing are reduced
in privacy-enforcing areas that deal with sensitive data. These areas imperatively call for
privacy-enhancing technologies that enable responsible, ethical, and privacy-compliant
use of data in potentially hostile environments.
To this end, the cryptography community has addressed these concerns with what
is known as Privacy-Preserving Computation Techniques (PPCTs), a set of tools that
enable privacy-enhancing protocols where cleartext access to information is no longer
tenable. Of these techniques, Homomorphic Encryption (HE) stands out for its ability
to perform operations over encrypted data without compromising data confidentiality or
privacy. However, despite its promise, HE is still a relatively nascent solution with efficiency
and usability limitations. Improving the efficiency of HE has been a longstanding
challenge in the field of cryptography, and with improvements, the complexity of the
techniques has increased, especially for non-experts.
In this thesis, we address the problem of the complexity of HE when applied to DL.
We begin by systematizing existing knowledge in the field through an in-depth analysis
of state-of-the-art for privacy-preserving deep learning, identifying key trends, research
gaps, and issues associated with current approaches. One such identified gap lies in the
necessity for using vectorized algorithms with Packed Homomorphic Encryption (PaHE),
a state-of-the-art technique to reduce the overhead of HE in complex areas. This thesis
comprehensively analyzes existing algorithms and proposes new ones for using DL with
PaHE, presenting a formal analysis and usage guidelines for their implementation.
Parameter selection of HE schemes is another recurring challenge in the literature,
given that it plays a critical role in determining not only the security of the instantiation
but also the precision, performance, and degree of security of the scheme. To address
this challenge, this thesis proposes a novel system combining fuzzy logic with linear
programming tasks to produce secure parametrizations based on high-level user input
arguments without requiring low-level knowledge of the underlying primitives.
Finally, this thesis describes HEFactory, a symbolic execution compiler designed to
streamline the process of producing HE code and integrating it with Python. HEFactory
implements the previous proposals presented in this thesis in an easy-to-use tool. It provides
a unique architecture that layers the challenges associated with HE and produces
simplified operations interpretable by low-level HE libraries. HEFactory significantly reduces
the overall complexity to code DL applications using HE, resulting in an 80% length
reduction from expert-written code while maintaining equivalent accuracy and efficiency.El aprendizaje profundo ha supuesto una notable transformación para muchos campos
que algunos han calificado como una nueva revolución tecnológica. La aparición de modelos
masivos ha aumentado la demanda de datos y plataformas informáticas, para lo cual,
la computación en la nube se ha convertido en la solución a la que recurrir. Sin embargo,
la permeabilidad del aprendizaje profundo y la computación en la nube se reduce en los
ámbitos de la privacidad que manejan con datos sensibles. Estas áreas exigen imperativamente
el uso de tecnologías de mejora de la privacidad que permitan un uso responsable,
ético y respetuoso con la privacidad de los datos en entornos potencialmente hostiles.
Con este fin, la comunidad criptográfica ha abordado estas preocupaciones con las
denominadas técnicas de la preservación de la privacidad en el cómputo, un conjunto de
herramientas que permiten protocolos de mejora de la privacidad donde el acceso a la información
en texto claro ya no es sostenible. Entre estas técnicas, el cifrado homomórfico
destaca por su capacidad para realizar operaciones sobre datos cifrados sin comprometer
la confidencialidad o privacidad de la información. Sin embargo, a pesar de lo prometedor
de esta técnica, sigue siendo una solución relativamente incipiente con limitaciones
de eficiencia y usabilidad. La mejora de la eficiencia del cifrado homomórfico en la
criptografía ha sido todo un reto, y, con las mejoras, la complejidad de las técnicas ha
aumentado, especialmente para los usuarios no expertos.
En esta tesis, abordamos el problema de la complejidad del cifrado homomórfico
cuando se aplica al aprendizaje profundo. Comenzamos sistematizando el conocimiento
existente en el campo a través de un análisis exhaustivo del estado del arte para el aprendizaje
profundo que preserva la privacidad, identificando las tendencias clave, las lagunas
de investigación y los problemas asociados con los enfoques actuales. Una de las
lagunas identificadas radica en el uso de algoritmos vectorizados con cifrado homomórfico
empaquetado, que es una técnica del estado del arte que reduce el coste del cifrado
homomórfico en áreas complejas. Esta tesis analiza exhaustivamente los algoritmos existentes
y propone nuevos algoritmos para el uso de aprendizaje profundo utilizando cifrado
homomórfico empaquetado, presentando un análisis formal y unas pautas de uso para su
implementación.
La selección de parámetros de los esquemas del cifrado homomórfico es otro reto recurrente
en la literatura, dado que juega un papel crítico a la hora de determinar no sólo la
seguridad de la instanciación, sino también la precisión, el rendimiento y el grado de seguridad del esquema. Para abordar este reto, esta tesis propone un sistema innovador que
combina la lógica difusa con tareas de programación lineal para producir parametrizaciones
seguras basadas en argumentos de entrada de alto nivel sin requerir conocimientos
de bajo nivel de las primitivas subyacentes.
Por último, esta tesis propone HEFactory, un compilador de ejecución simbólica diseñado
para agilizar el proceso de producción de código de cifrado homomórfico e integrarlo
con Python. HEFactory es la culminación de las propuestas presentadas en esta
tesis, proporcionando una arquitectura única que estratifica los retos asociados con el
cifrado homomórfico, produciendo operaciones simplificadas que pueden ser interpretadas
por bibliotecas de bajo nivel. Este enfoque permite a HEFactory reducir significativamente
la longitud total del código, lo que supone una reducción del 80% en la
complejidad de programación de aplicaciones de aprendizaje profundo que usan cifrado
homomórfico en comparación con el código escrito por expertos, manteniendo una precisión
equivalente.Programa de Doctorado en Ciencia y Tecnología Informática por la Universidad Carlos III de MadridPresidenta: María Isabel González Vasco.- Secretario: David Arroyo Guardeño.- Vocal: Antonis Michala
Joint Linear and Nonlinear Computation with Data Encryption for Efficient Privacy-Preserving Deep Learning
Deep Learning (DL) has shown unrivalled performance in many applications such as image classification, speech recognition, anomalous detection, and business analytics. While end users and enterprises own enormous data, DL talents and computing power are mostly gathered in technology giants having cloud servers. Thus, data owners, i.e., the clients, are motivated to outsource their data, along with computationally-intensive tasks, to the server in order to leverage the server’s abundant computation resources and DL talents for developing cost-effective DL solutions. However, trust is required between the server and the client to finish the computation tasks (e.g., conducting inference for the newly-input data from the client, based on a well-trained model at the server) otherwise there could be the data breach (e.g., leaking data from the client or the proprietary model parameters from the server). Privacy-preserving DL takes data privacy into account where various data-encryption based techniques are adopted. However, the efficiency of linear and nonlinear computation for each DL layer remains a fundamental challenge in practice due to the intrinsic intractability and complexity of privacy-preserving primitives (e.g., Homomorphic Encryption (HE) and Garbled Circuits (GC)). As such, this dissertation targets deeply optimizing state-of-the-art frameworks as well as newly designing efficient modules by joint linear and nonlinear computation, with data encryption, to further boost the overall performance of privacy-preserving DL. Four contributions are made
Verifiable Encodings for Secure Homomorphic Analytics
Homomorphic encryption, which enables the execution of arithmetic operations
directly on ciphertexts, is a promising solution for protecting privacy of
cloud-delegated computations on sensitive data. However, the correctness of the
computation result is not ensured. We propose two error detection encodings and
build authenticators that enable practical client-verification of cloud-based
homomorphic computations under different trade-offs and without compromising on
the features of the encryption algorithm. Our authenticators operate on top of
trending ring learning with errors based fully homomorphic encryption schemes
over the integers. We implement our solution in VERITAS, a ready-to-use system
for verification of outsourced computations executed over encrypted data. We
show that contrary to prior work VERITAS supports verification of any
homomorphic operation and we demonstrate its practicality for various
applications, such as ride-hailing, genomic-data analysis, encrypted search,
and machine-learning training and inference.Comment: update authors, typos corrected, scheme update
- …