2,334 research outputs found
SoK: Privacy Preserving Machine Learning using Functional Encryption: Opportunities and Challenges
With the advent of functional encryption, new possibilities for computation
on encrypted data have arisen. Functional Encryption enables data owners to
grant third-party access to perform specified computations without disclosing
their inputs. It also provides computation results in plain, unlike Fully
Homomorphic Encryption. The ubiquitousness of machine learning has led to the
collection of massive private data in the cloud computing environment. This
raises potential privacy issues and the need for more private and secure
computing solutions. Numerous efforts have been made in privacy-preserving
machine learning (PPML) to address security and privacy concerns. There are
approaches based on fully homomorphic encryption (FHE), secure multiparty
computation (SMC), and, more recently, functional encryption (FE). However,
FE-based PPML is still in its infancy and has not yet gotten much attention
compared to FHE-based PPML approaches. In this paper, we provide a
systematization of PPML works based on FE summarizing state-of-the-art in the
literature. We focus on Inner-product-FE and Quadratic-FE-based machine
learning models for the PPML applications. We analyze the performance and
usability of the available FE libraries and their applications to PPML. We also
discuss potential directions for FE-based PPML approaches. To the best of our
knowledge, this is the first work to systematize FE-based PPML approaches
Functional encryption based approaches for practical privacy-preserving machine learning
Machine learning (ML) is increasingly being used in a wide variety of application domains. However, deploying ML solutions poses a significant challenge because of increasing privacy concerns, and requirements imposed by privacy-related regulations. To tackle serious privacy concerns in ML-based applications, significant recent research efforts have focused on developing privacy-preserving ML (PPML) approaches by integrating into ML pipeline existing anonymization mechanisms or emerging privacy protection approaches such as differential privacy, secure computation, and other architectural frameworks. While promising, existing secure computation based approaches, however, have significant computational efficiency issues and hence, are not practical.
In this dissertation, we address several challenges related to PPML and propose practical secure computation based approaches to solve them. We consider both two-tier cloud-based and three-tier hybrid cloud-edge based PPML architectures and address both emerging deep learning models and federated learning approaches. The proposed approaches enable us to outsource data or update a locally trained model in a privacy-preserving manner by employing computation over encrypted datasets or local models. Our proposed secure computation solutions are based on functional encryption (FE) techniques. Evaluation of the proposed approaches shows that they are efficient and more practical than existing approaches, and provide strong privacy guarantees. We also address issues related to the trustworthiness of various entities within the proposed PPML infrastructures. This includes a third-party authority (TPA) which plays a critical role in the proposed FE-based PPML solutions, and cloud service providers. To ensure that such entities can be trusted, we propose a transparency and accountability framework using blockchain. We show that the proposed transparency framework is effective and guarantees security properties. Experimental evaluation shows that the proposed framework is efficient
Privacy-Preserving Credit Scoring viaย Functional Encryption
The majority of financial organizations managing confidential data are aware of security threats and leverage widely accepted solutions (e.g., storage encryption, transport-level encryption, intrusion detection systems) to prevent or detect attacks. Yet these hardening measures do little to face even worse threats posed on data-in-use. Solutions such as Homomorphic Encryption (HE) and hardware-assisted Trusted Execution Environment (TEE) are nowadays among the preferred approaches for mitigating this type of threats. However, given the high-performance overhead of HE, financial institutions โwhose processing rate requirements are stringentโ are more oriented towards TEE-based solutions. The X-Margin Inc. company, for example, offers secure financial computations by combining the Intel SGX TEE technology and HE-based Zero-Knowledge Proofs, which shield customersโ data-in-use even against malicious insiders, i.e., users having privileged access to the system. Despite such a solution offers strong security guarantees, it is constrained by having to trust Intel and by the SGX hardware extension availability. In this paper, we evaluate a new frontier for X-Margin, i.e., performing privacy-preserving credit risk scoring via an emerging cryptographic scheme: Functional Encryption (FE), which allows a user to only learn a function of the encrypted data. We describe how the X-Margin application can benefit from this innovative approach and โmost importantlyโ evaluate its performance impact
Functional Encryption์ ์ด์ฉํ ํ๋ผ์ด๋ฒ์ ๋ณดํธ ์จ๋ผ์ธ ํ๊ฒ ๊ด๊ณ ์์คํ
ํ์๋
ผ๋ฌธ(์์ฌ) -- ์์ธ๋ํ๊ต๋ํ์ : ๊ณต๊ณผ๋ํ ์ปดํจํฐ๊ณตํ๋ถ, 2023. 2. ๊ถํ๊ฒฝ.As interest in protecting user privacy began to surge, the online advertising industry, a multi-billion market, is also facing the same challenge. Currently, online ads are delivered through real-time bidding (RTB) and behavioral targeting of users. This is done by tracking users across websites to infer their interests and preferences and then used when selecting ads to present to the user. The user profile sent in the ad request contains data that infringes on user privacy and is delivered to various RTB ecosystem actors, not to mention the data stored by the bidders to increase their performance and profitability. I propose a framework named FAdE to preserve user privacy while enabling behavioral targeting and supporting the current RTB ecosystem by introducing minimal changes in the protocols and data structure. My design leverages the functional encryption (FE) scheme to preserve the user's privacy in behavioral targeted advertising. Specifically, I introduce a trusted third party (TTP) who is the key generator in my FE scheme. The user's profile originally used for behavioral targeting is now encrypted and cannot be decrypted by the participants of the RTB ecosystem. However, the demand-side platforms (DSPs) can submit their functions to the TTP and receive function keys. This function derives a metric, a user score, based on the user profile that can be used in their bidding algorithm. Decrypting the encrypted user profiles with the function keys results in the function's output with the user profile as its input. As a result, the user's privacy is preserved within the RTB ecosystem, while DSPs can still submit their bids through behavioral targeting. My evaluation showed that when using a user profile bit vector of length 2,000, it took less than 20ms to decrypt the encrypted user profile and derive the user score metric through the inner-product function. This is much smaller than my criteria of 50ms, which is based on the typical bidding timeframe (100โ1,000ms) used in the ad industry. Moreover, my result is smaller than the state-of-the-art privacy-preserving proposals using homomorphic encryption or multi-party computations. To demonstrate the potential for real-world deployment., I build a prototype implementation of my design that consists of a publisher's website, an ad exchange (ADX), the DSP, and the TTP.์ต๊ทผ ์ฌ์ฉ์ ๊ฐ์ธ ์ ๋ณด ๋ณดํธ์ ๋ํ ๊ด์ฌ์ด ๊ธ์ฆํ๋ฉด์ ์์ญ์ต ๊ท๋ชจ์ ์์ฅ์ธ ์จ๋ผ์ธ ๊ด๊ณ ์ฐ์
๋ ๊ฐ์ ๋ฌธ์ ์ ์ง๋ฉดํด ์๋ค. ํ์ฌ์ ์จ๋ผ์ธ ๊ด๊ณ ๋ Real-time Bidding (RTB)๊ณผ ์ฌ์ฉ์ ํ๊น ๊ด๊ณ (targeted advertising)๋ก ๋ํ๋๋ค. ์ด๋ ์น์ฌ์ดํธ์์ ์ฌ์ฉ์์ ์ ๋ณด๋ฅผ ๋ฐํ์ผ๋ก ๊ด์ฌ๊ณผ ์ ํธ๋๋ฅผ ์ถ์ ํ๊ณ ์ด๋ฅผ ์ด์ฉํด ์ฌ์ฉ์์๊ฒ ํ์ํ ์ ์ ํ ๊ด๊ณ ๋ฅผ ์
์ฐฐ, ์ ํํ๋ ๋ฐฉ์์ด๋ค. ๊ด๊ณ ์์ฒญ์ ์ํด ์ ์ก๋๋ user profile์๋ ์ฌ์ฉ์์ ๊ฐ์ธ ์ ๋ณด๋ฅผ ์นจํดํ๋ ๋ฐ์ดํฐ๊ฐ ํฌํจ๋์ด ์์ผ๋ฉฐ, RTB ์ํ๊ณ์ ์ฌ๋ฌ ์ฐธ์ฌ์์๊ฒ ์๋ ๊ทธ๋๋ก ์ ๋ฌ๋๋ ๋ฌธ์ ์ ์ด ์๋ค.
๋ณธ ์ฐ๊ตฌ๋ ์ฌ์ฉ์์ ๊ฐ์ธ ์ ๋ณด๋ฅผ ๋ณดํธํ๋ ๋์์ ๊ธฐ์กด์ ํ๋กํ ์ฝ ๋ฐ ๋ฐ์ดํฐ ๊ตฌ์กฐ์๋ ์ต์ํ์ ๋ณ๊ฒฝ์ ๋์
ํจ์ผ๋ก์จ ํ์ฌ์ RTB ์ํ๊ณ์์ ๊ณ์ํด์ ํ๊น ๊ด๊ณ ๊ฐ ๊ฐ๋ฅํ๋๋ก ์ง์ํ๋ FAdE๋ฅผ ์ ์ํ๋ค. ์ ์ํ๋ ๋์์ธ์ Functional Encryption (FE)๊ณผ ๊ทธ key ์์ฑ์์ธ Trusted Third Party (TTP)์ ๋์
์ ํตํด ๊ฐ์ธ์ ๋ณด ๋ณดํธ๊ฐ ๊ฐ๋ฅํ ํ๊น ๊ด๊ณ ๋ฅผ ์ ๊ณตํ๋ค.
๋ณธ ๋์์ธ์์๋, ๊ธฐ์กด ํ๊น ๊ด๊ณ ๋ฅผ ์ํด ์ฌ์ฉ๋๋ user profile์ ์ํธํ(encrypt)ํ์ฌ ์ ๋ฌํ๋ฏ๋ก ๋ค๋ฅธ RTB ํ๊ฒฝ์ ์ฐธ์ฌ์๊ฐ ํด๋
(decrypt)ํ ์ ์๋ค. Demand Side Platform (DSP)์ ๊ด๊ณ ์์ฒญ์ ๋ํ ์
์ฐฐ ์ฌ๋ถ์ ์
์ฐฐ๊ฐ๊ฒฉ์ ๊ฒฐ์ ํ๊ธฐ ์ํด ์ํธํ๋ ์ ์ ๋ฐ์ดํฐ(encrypted user data, ciphertext)๋ฅผ ์ฌ์ฉํ๋ค. DSP๋ ์ฌ์ ์ ์ฌ์ฉ์์ ์ ์๋ฅผ ์ฐ์ฐํ๊ธฐ ์ํ function์ ์์ฑํ๊ณ ์ด๋ฅผ TTP์ ์ ์ถํ์ฌ function key๋ฅผ ํ๋ํ๋ค. ์ด function key๋ฅผ ์ด์ฉํด ์ํธํ๋ ์ ์ ๋ฐ์ดํฐ๋ฅผ ํด๋
(decrypt) ํ๋ฉด DSP์ ๋ด๋ถ ์
์ฐฐ ์๊ณ ๋ฆฌ์ฆ์ ๋ฉํธ๋ฆญ(metric)์ผ๋ก ํ์ฉํ ์ ์๋ user score๋ฅผ ์ป๊ฒ ๋๊ณ ์ด๋ฅผ ์
์ฐฐ ๊ฒฐ์ ์ ํ์ฉํ๊ฒ ๋๋ค. ๊ฒฐ๊ณผ์ ์ผ๋ก RTB ํ๊ฒฝ ๋ด์์ ์ฌ์ฉ์์ ๊ฐ์ธ์ ๋ณด๋ ๋ณดํธํ๋ฉด์ DSP๋ ์ฌ์ฉ์์ ์จ๊ฒจ์ง ์ ๋ณด๋ฅผ ๊ธฐ๋ฐ์ผ๋ก ํ๊น ๊ด๊ณ ์
์ฐฐ์ ์ฐธ์ฌํ ์ ์๋ค.
๋ง์ง๋ง์ผ๋ก, FAdE ๋์์ธ์ ์ค์ ํ์ฉ ๊ฐ๋ฅ์ฑ์ ๋ํ ๋ถ์์ ์งํํ๋ค. user profile์ ์ถฉ๋ถํ ๊ธธ์ด๋ก ํ์ธ๋ 2,000 ๊ธธ์ด์ 0๊ณผ 1๋ก ์ด๋ฃจ์ด์ง ๋ฒกํฐ (bit vector) ํํ๋ก ์์ฑํ๋ค. ์ด user profile vector๋ฅผ FE๋ก ์ํธํ(encrypt)ํ ํ, weight vector์ ํด๋นํ๋ ์์์ function๊ณผ ๋ฒกํฐ ๋ด์ (Inner product) ์ฐ์ฐ์ ์์๋๋ ์๊ฐ์ ์ธก์ ํ์์ ๋, user score๋ฅผ ๋์ถํ๋ ๋ฐ 20ms ๋ฏธ๋ง์ด ์์๋๋ ๊ฒ์ ํ์ธํ๋ค. ์ด๋ ๊ด๊ณ ์
๊ณ์์ ์ผ๋ฐ์ ์ผ๋ก ์ฌ์ฉ๋๋ ์
์ฐฐ ์ ํ ์๊ฐ(100-1,000ms)์ ๋ฐํ์ผ๋ก ์ ์ํ ๋ณธ ์ฐ๊ตฌ์ ์์ฒด ๊ธฐ์ค 50ms ๋ณด๋ค ์ถฉ๋ถํ ์์ ๊ฐ์ ํด๋นํ๋ค. ์ด ๊ฒฐ๊ณผ๋ ๋ํ ์ํธํ(Homomorphic Encryption) ๋๋ Multi-Party Computation(MPC) ๋ฑ์ ์ฌ์ฉํ๋ ์จ๋ผ์ธ ๊ด๊ณ ์์์ ๋ค๋ฅธ ๊ฐ์ธ์ ๋ณด ๋ณดํธ ์ ์๋ณด๋ค ์ฑ๋ฅ ์์ ์ด์ ์ ๊ฐ๋๋ค. ๋ํ ์ ์ ๋์์ธ์ ํ์ฉํด ํ๊น๊ด๊ณ ๊ฐ ์ค์ ๋ก ๊ฐ๋ฅํจ์ ํ์ธํ๊ธฐ ์ํด Publisher ์น์ฌ์ดํธ, Ad Exchange(ADX), 3๊ฐ์ DSP ๊ทธ๋ฆฌ๊ณ TTP๋ก ๊ตฌ์ฑ๋ ์ ์ ๋์์ธ์ ํ๋กํ ํ์
๊ตฌํ์ ์ ์ํ๋ค.
๋ณธ ์ฐ๊ตฌ์์ ์ ์๋ FAdE๋ฅผ ํตํด ์ฌ์ฉ์์ ๊ฐ์ธ ์ ๋ณด๋ ๋ณดํธํ๋ฉด์ ๊ธฐ์กด๊ณผ ๊ฐ์ ์์ค์ ํ๊น ๊ด๊ณ ๊ฐ ๊ฐ๋ฅํ๊ณ , ์ด๋ฅผ ์์ฉ ๊ฐ๋ฅํ ์์ค์ ์ ์ ์ค๋ฒํค๋๋ก ์ ์ฉ์ด ๊ฐ๋ฅํ์์์ ํ์ธํ์๋ค. ์ฐ๊ตฌ์ ๊ฒฐ๊ณผ๊ฐ ํฅํ ์ค์ ์จ๋ผ์ธ ๊ด๊ณ ์ํ๊ณ์์ ์ฌ์ฉ์์ ํ๋ผ์ด๋ฒ์ ๋ณดํธ์ ๊ธฐ์ฌํ ์ ์์ ๊ฒ์ผ๋ก ๊ธฐ๋ํ๋ค.Chapter 1 Introduction 1
Chapter 2 Background 5
2.1 Online Advertising 5
2.1.1 RTB Ecosystem 6
2.1.2 OpenRTB 8
2.2 Functional Encryption 9
2.2.1 Overview of FE 10
2.2.2 Difference between FE and FHE 11
2.2.3 Information Leakage in Functional Encryption 12
2.2.4 Inner Product Functional Encryption (IPFE) 13
Chapter 3 Design 14
3.1 The approach to preserving privacy 15
3.1.1 Encrypted user profile using FE 15
3.2 Setup phase 18
3.2.1 TTP 18
3.2.2 User Browser 18
3.2.3 DSP 19
3.3 Bidding Phase 20
3.3.1 Browser (User) 21
3.3.2 DSP 21
Chapter 4 Evaluation 24
4.1 Criteria 24
4.1.1 Time 24
4.1.2 File size 25
4.2 Environment 26
4.2.1 Testbed 26
4.2.2 FE Library 26
4.3 Result 26
4.3.1 FAdE design 26
4.3.2 Extra test 30
4.4 Prototyping 33
Chapter 5 Related work 36
Chapter 6 Conculsion 40
Appendix A 48
A.1 Bid Request Sample (OpenRTB 2.5) 48
A.2 Functional Encryption Algorithm 50
๊ตญ๋ฌธ์ด๋ก 53์
Conditionals in Homomorphic Encryption and Machine Learning Applications
Homomorphic encryption aims at allowing computations on encrypted data
without decryption other than that of the final result. This could provide an
elegant solution to the issue of privacy preservation in data-based
applications, such as those using machine learning, but several open issues
hamper this plan. In this work we assess the possibility for homomorphic
encryption to fully implement its program without relying on other techniques,
such as multiparty computation (SMPC), which may be impossible in many use
cases (for instance due to the high level of communication required). We
proceed in two steps: i) on the basis of the structured program theorem
(Bohm-Jacopini theorem) we identify the relevant minimal set of operations
homomorphic encryption must be able to perform to implement any algorithm; and
ii) we analyse the possibility to solve -- and propose an implementation for --
the most fundamentally relevant issue as it emerges from our analysis, that is,
the implementation of conditionals (requiring comparison and selection/jump
operations). We show how this issue clashes with the fundamental requirements
of homomorphic encryption and could represent a drawback for its use as a
complete solution for privacy preservation in data-based applications, in
particular machine learning ones. Our approach for comparisons is novel and
entirely embedded in homomorphic encryption, while previous studies relied on
other techniques, such as SMPC, demanding high level of communication among
parties, and decryption of intermediate results from data-owners. Our protocol
is also provably safe (sharing the same safety as the homomorphic encryption
schemes), differently from other techniques such as
Order-Preserving/Revealing-Encryption (OPE/ORE).Comment: 14 pages, 1 figure, corrected typos, added introductory pedagogical
section on polynomial approximatio
- โฆ