SoK: Privacy Preserving Machine Learning using Functional Encryption: Opportunities and Challenges

With the advent of functional encryption, new possibilities for computation on encrypted data have arisen. Functional Encryption enables data owners to grant third-party access to perform specified computations without disclosing their inputs. It also provides computation results in plain, unlike Fully Homomorphic Encryption. The ubiquitousness of machine learning has led to the collection of massive private data in the cloud computing environment. This raises potential privacy issues and the need for more private and secure computing solutions. Numerous efforts have been made in privacy-preserving machine learning (PPML) to address security and privacy concerns. There are approaches based on fully homomorphic encryption (FHE), secure multiparty computation (SMC), and, more recently, functional encryption (FE). However, FE-based PPML is still in its infancy and has not yet gotten much attention compared to FHE-based PPML approaches. In this paper, we provide a systematization of PPML works based on FE summarizing state-of-the-art in the literature. We focus on Inner-product-FE and Quadratic-FE-based machine learning models for the PPML applications. We analyze the performance and usability of the available FE libraries and their applications to PPML. We also discuss potential directions for FE-based PPML approaches. To the best of our knowledge, this is the first work to systematize FE-based PPML approaches

Functional encryption based approaches for practical privacy-preserving machine learning

Machine learning (ML) is increasingly being used in a wide variety of application domains. However, deploying ML solutions poses a significant challenge because of increasing privacy concerns, and requirements imposed by privacy-related regulations. To tackle serious privacy concerns in ML-based applications, significant recent research efforts have focused on developing privacy-preserving ML (PPML) approaches by integrating into ML pipeline existing anonymization mechanisms or emerging privacy protection approaches such as differential privacy, secure computation, and other architectural frameworks. While promising, existing secure computation based approaches, however, have significant computational efficiency issues and hence, are not practical. In this dissertation, we address several challenges related to PPML and propose practical secure computation based approaches to solve them. We consider both two-tier cloud-based and three-tier hybrid cloud-edge based PPML architectures and address both emerging deep learning models and federated learning approaches. The proposed approaches enable us to outsource data or update a locally trained model in a privacy-preserving manner by employing computation over encrypted datasets or local models. Our proposed secure computation solutions are based on functional encryption (FE) techniques. Evaluation of the proposed approaches shows that they are efficient and more practical than existing approaches, and provide strong privacy guarantees. We also address issues related to the trustworthiness of various entities within the proposed PPML infrastructures. This includes a third-party authority (TPA) which plays a critical role in the proposed FE-based PPML solutions, and cloud service providers. To ensure that such entities can be trusted, we propose a transparency and accountability framework using blockchain. We show that the proposed transparency framework is effective and guarantees security properties. Experimental evaluation shows that the proposed framework is efficient

Privacy-Preserving Credit Scoring via Functional Encryption

The majority of financial organizations managing confidential data are aware of security threats and leverage widely accepted solutions (e.g., storage encryption, transport-level encryption, intrusion detection systems) to prevent or detect attacks. Yet these hardening measures do little to face even worse threats posed on data-in-use. Solutions such as Homomorphic Encryption (HE) and hardware-assisted Trusted Execution Environment (TEE) are nowadays among the preferred approaches for mitigating this type of threats. However, given the high-performance overhead of HE, financial institutions —whose processing rate requirements are stringent— are more oriented towards TEE-based solutions. The X-Margin Inc. company, for example, offers secure financial computations by combining the Intel SGX TEE technology and HE-based Zero-Knowledge Proofs, which shield customers’ data-in-use even against malicious insiders, i.e., users having privileged access to the system. Despite such a solution offers strong security guarantees, it is constrained by having to trust Intel and by the SGX hardware extension availability. In this paper, we evaluate a new frontier for X-Margin, i.e., performing privacy-preserving credit risk scoring via an emerging cryptographic scheme: Functional Encryption (FE), which allows a user to only learn a function of the encrypted data. We describe how the X-Margin application can benefit from this innovative approach and —most importantly— evaluate its performance impact

Functional Encryption을 이용한 프라이버시 보호 온라인 타겟 광고 시스템

학위논문(석사) -- 서울대학교대학원 : 공과대학 컴퓨터공학부, 2023. 2. 권태경.As interest in protecting user privacy began to surge, the online advertising industry, a multi-billion market, is also facing the same challenge. Currently, online ads are delivered through real-time bidding (RTB) and behavioral targeting of users. This is done by tracking users across websites to infer their interests and preferences and then used when selecting ads to present to the user. The user profile sent in the ad request contains data that infringes on user privacy and is delivered to various RTB ecosystem actors, not to mention the data stored by the bidders to increase their performance and profitability. I propose a framework named FAdE to preserve user privacy while enabling behavioral targeting and supporting the current RTB ecosystem by introducing minimal changes in the protocols and data structure. My design leverages the functional encryption (FE) scheme to preserve the user's privacy in behavioral targeted advertising. Specifically, I introduce a trusted third party (TTP) who is the key generator in my FE scheme. The user's profile originally used for behavioral targeting is now encrypted and cannot be decrypted by the participants of the RTB ecosystem. However, the demand-side platforms (DSPs) can submit their functions to the TTP and receive function keys. This function derives a metric, a user score, based on the user profile that can be used in their bidding algorithm. Decrypting the encrypted user profiles with the function keys results in the function's output with the user profile as its input. As a result, the user's privacy is preserved within the RTB ecosystem, while DSPs can still submit their bids through behavioral targeting. My evaluation showed that when using a user profile bit vector of length 2,000, it took less than 20ms to decrypt the encrypted user profile and derive the user score metric through the inner-product function. This is much smaller than my criteria of 50ms, which is based on the typical bidding timeframe (100–1,000ms) used in the ad industry. Moreover, my result is smaller than the state-of-the-art privacy-preserving proposals using homomorphic encryption or multi-party computations. To demonstrate the potential for real-world deployment., I build a prototype implementation of my design that consists of a publisher's website, an ad exchange (ADX), the DSP, and the TTP.최근 사용자 개인 정보 보호에 대한 관심이 급증하면서 수십억 규모의 시장인 온라인 광고 산업도 같은 문제에 직면해 있다. 현재의 온라인 광고는 Real-time Bidding (RTB)과 사용자 타깃 광고 (targeted advertising)로 대표된다. 이는 웹사이트에서 사용자의 정보를 바탕으로 관심과 선호도를 추정하고 이를 이용해 사용자에게 표시할 적절한 광고를 입찰, 선택하는 방식이다. 광고 요청을 위해 전송되는 user profile에는 사용자의 개인 정보를 침해하는 데이터가 포함되어 있으며, RTB 생태계의 여러 참여자에게 있는 그대로 전달되는 문제점이 있다. 본 연구는 사용자의 개인 정보를 보호하는 동시에 기존의 프로토콜 및 데이터 구조에는 최소한의 변경을 도입함으로써 현재의 RTB 생태계에서 계속해서 타깃 광고가 가능하도록 지원하는 FAdE를 제안한다. 제안하는 디자인은 Functional Encryption (FE)과 그 key 생성자인 Trusted Third Party (TTP)의 도입을 통해 개인정보 보호가 가능한 타깃 광고를 제공한다. 본 디자인에서는, 기존 타깃 광고를 위해 사용되던 user profile을 암호화(encrypt)하여 전달하므로 다른 RTB 환경의 참여자가 해독(decrypt)할 수 없다. Demand Side Platform (DSP)은 광고 요청에 대한 입찰 여부와 입찰가격을 결정하기 위해 암호화된 유저 데이터(encrypted user data, ciphertext)를 사용한다. DSP는 사전에 사용자의 점수를 연산하기 위한 function을 작성하고 이를 TTP에 제출하여 function key를 획득한다. 이 function key를 이용해 암호화된 유저 데이터를 해독(decrypt) 하면 DSP의 내부 입찰 알고리즘에 메트릭(metric)으로 활용할 수 있는 user score를 얻게 되고 이를 입찰 결정에 활용하게 된다. 결과적으로 RTB 환경 내에서 사용자의 개인정보는 보호하면서 DSP는 사용자의 숨겨진 정보를 기반으로 타깃 광고 입찰에 참여할 수 있다. 마지막으로, FAdE 디자인의 실제 활용 가능성에 대한 분석을 진행한다. user profile은 충분한 길이로 확인된 2,000 길이의 0과 1로 이루어진 벡터 (bit vector) 형태로 생성한다. 이 user profile vector를 FE로 암호화(encrypt)한 후, weight vector에 해당하는 임의의 function과 벡터 내적(Inner product) 연산에 소요되는 시간을 측정하였을 때, user score를 도출하는 데 20ms 미만이 소요되는 것을 확인한다. 이는 광고 업계에서 일반적으로 사용되는 입찰 제한 시간(100-1,000ms)을 바탕으로 정의한 본 연구의 자체 기준 50ms 보다 충분히 작은 값에 해당한다. 이 결과는 동형 암호화(Homomorphic Encryption) 또는 Multi-Party Computation(MPC) 등을 사용하는 온라인 광고에서의 다른 개인정보 보호 제안보다 성능 상의 이점을 갖는다. 또한 제안 디자인을 활용해 타깃광고가 실제로 가능함을 확인하기 위해 Publisher 웹사이트, Ad Exchange(ADX), 3개의 DSP 그리고 TTP로 구성된 제안 디자인의 프로토타입 구현을 제시한다. 본 연구에서 제안된 FAdE를 통해 사용자의 개인 정보는 보호하면서 기존과 같은 수준의 타깃 광고가 가능하고, 이를 수용 가능한 수준의 적은 오버헤드로 적용이 가능하였음을 확인하였다. 연구의 결과가 향후 실제 온라인 광고 생태계에서 사용자의 프라이버시 보호에 기여할 수 있을 것으로 기대한다.Chapter 1 Introduction 1 Chapter 2 Background 5 2.1 Online Advertising 5 2.1.1 RTB Ecosystem 6 2.1.2 OpenRTB 8 2.2 Functional Encryption 9 2.2.1 Overview of FE 10 2.2.2 Difference between FE and FHE 11 2.2.3 Information Leakage in Functional Encryption 12 2.2.4 Inner Product Functional Encryption (IPFE) 13 Chapter 3 Design 14 3.1 The approach to preserving privacy 15 3.1.1 Encrypted user profile using FE 15 3.2 Setup phase 18 3.2.1 TTP 18 3.2.2 User Browser 18 3.2.3 DSP 19 3.3 Bidding Phase 20 3.3.1 Browser (User) 21 3.3.2 DSP 21 Chapter 4 Evaluation 24 4.1 Criteria 24 4.1.1 Time 24 4.1.2 File size 25 4.2 Environment 26 4.2.1 Testbed 26 4.2.2 FE Library 26 4.3 Result 26 4.3.1 FAdE design 26 4.3.2 Extra test 30 4.4 Prototyping 33 Chapter 5 Related work 36 Chapter 6 Conculsion 40 Appendix A 48 A.1 Bid Request Sample (OpenRTB 2.5) 48 A.2 Functional Encryption Algorithm 50 국문초록 53석

Conditionals in Homomorphic Encryption and Machine Learning Applications

Homomorphic encryption aims at allowing computations on encrypted data without decryption other than that of the final result. This could provide an elegant solution to the issue of privacy preservation in data-based applications, such as those using machine learning, but several open issues hamper this plan. In this work we assess the possibility for homomorphic encryption to fully implement its program without relying on other techniques, such as multiparty computation (SMPC), which may be impossible in many use cases (for instance due to the high level of communication required). We proceed in two steps: i) on the basis of the structured program theorem (Bohm-Jacopini theorem) we identify the relevant minimal set of operations homomorphic encryption must be able to perform to implement any algorithm; and ii) we analyse the possibility to solve -- and propose an implementation for -- the most fundamentally relevant issue as it emerges from our analysis, that is, the implementation of conditionals (requiring comparison and selection/jump operations). We show how this issue clashes with the fundamental requirements of homomorphic encryption and could represent a drawback for its use as a complete solution for privacy preservation in data-based applications, in particular machine learning ones. Our approach for comparisons is novel and entirely embedded in homomorphic encryption, while previous studies relied on other techniques, such as SMPC, demanding high level of communication among parties, and decryption of intermediate results from data-owners. Our protocol is also provably safe (sharing the same safety as the homomorphic encryption schemes), differently from other techniques such as Order-Preserving/Revealing-Encryption (OPE/ORE).Comment: 14 pages, 1 figure, corrected typos, added introductory pedagogical section on polynomial approximatio