An efficient approach for privacy preserving decentralized deep learning models based on secure multi-party computation

Abstract This paper aims to develop a new efficient framework named Secure Decentralized Training Framework (SDTF) for Privacy Preserving Deep Learning models. The main feature of the proposed framework is its capable of working on a decentralized network setting that does not need a trusted third-party server while simultaneously ensuring the privacy of local data with a low cost of communication bandwidth. Particularly, we first propose a so-called Efficient Secure Sum Protocol (ESSP) that enables a large group of parties to jointly calculate a sum of private inputs. ESSP can work not only with integer number but also with floating point number without any data conversion. We then propose a Secure Model Sharing Protocol that enables a group of parties securely train and share the local models to be aggregated into a global model. Secure Model Sharing Protocol exploits randomization techniques and ESSP to protect local models from any honest-but-curious party even n - 2 of n parties colluding. Eventually, these protocols are employed for collaborative training decentralized deep learning models. We conduct theoretical evaluation of privacy and communication cost as well as empirical experiments on balance class image datasets (MNIST) and an unbalance class text dataset (UCI SMS Spam). These experiments demonstrate the proposed approach can obtain high accuracy (i.e. 97% baseline accuracy in only 10 training rounds with MNIST, 100 training rounds with SMS Spam) and robust to the heterogeneity decentralized network, with non-IID and unbalance data distributions. We also show a reduction in required rounds of training to achieve the accuracy baseline by 5 × as compared to Downpour SGD. It is shown that the proposed approach can achieve both the privacy at the level of cryptographic approaches and efficiency at the level of randomization techniques, while it also retains higher model’s utility than differential privacy approaches.

[1]  Abdelouahid Derhab,et al.  A review of privacy-preserving techniques for deep learning , 2020, Neurocomputing.

[2]  Byunghan Lee,et al.  Deep learning in bioinformatics , 2016, Briefings Bioinform..

[3]  Tiago A. Almeida,et al.  Towards SMS Spam Filtering: Results under a New Dataset , 2013 .

[4]  Li Shang,et al.  An algorithm for efficient privacy-preserving item-based collaborative filtering , 2016, Future Gener. Comput. Syst..

[5]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[6]  Shucheng Yu,et al.  Privacy Preserving Back-Propagation Learning Made Practical with Cloud Computing , 2012, SecureComm.

[7]  Toyoo Takata,et al.  A high collusion-resistant approach to distributed privacy-preserving data mining , 2007, Parallel and Distributed Computing and Networks.

[8]  Blaise Agüera y Arcas,et al.  Communication-Efficient Learning of Deep Networks from Decentralized Data , 2016, AISTATS.

[9]  Dejing Dou,et al.  Preserving differential privacy in convolutional deep belief networks , 2017, Machine Learning.

[10]  Geoffrey E. Hinton,et al.  Deep Learning , 2015, Nature.

[11]  Maryam Habibi,et al.  Deep learning with word embeddings improves biomedical named entity recognition , 2017, Bioinform..

[12]  Constance Morel,et al.  Privacy-Preserving Classification on Deep Neural Network , 2017, IACR Cryptol. ePrint Arch..

[13]  Laurence T. Yang,et al.  Privacy Preserving Deep Computation Model on Cloud for Big Data Feature Learning , 2016, IEEE Transactions on Computers.

[14]  Jian Sun,et al.  Deep Residual Learning for Image Recognition , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[15]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[16]  Margaret Lech,et al.  Evaluating deep learning architectures for Speech Emotion Recognition , 2017, Neural Networks.

[17]  Dejing Dou,et al.  Differential Privacy Preservation for Deep Auto-Encoders: an Application of Human Behavior Prediction , 2016, AAAI.

[18]  Guy N. Rothblum,et al.  Concentrated Differential Privacy , 2016, ArXiv.

[19]  Jin Li,et al.  Differentially private Naive Bayes learning over multiple data sources , 2018, Inf. Sci..

[20]  Yurong Liu,et al.  A survey of deep neural network architectures and their applications , 2017, Neurocomputing.

[21]  Jürgen Schmidhuber,et al.  Long Short-Term Memory , 1997, Neural Computation.

[22]  Ibrahim Khalil,et al.  A Practical Privacy-Preserving Recommender System , 2016, Data Science and Engineering.

[23]  Yue Zhang,et al.  DeepChain: Auditable and Privacy-Preserving Deep Learning with Blockchain-Based Incentive , 2019, IEEE Transactions on Dependable and Secure Computing.

[24]  Yoshua Bengio,et al.  Gradient-based learning applied to document recognition , 1998, Proc. IEEE.

[25]  Yi Tang,et al.  Privacy preservation for machine learning training and classification based on homomorphic encryption schemes , 2020, Inf. Sci..

[26]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[27]  Shiho Moriai,et al.  Privacy-Preserving Deep Learning via Additively Homomorphic Encryption , 2018, IEEE Transactions on Information Forensics and Security.

[28]  ZHU Youwen,et al.  Efficient Collusion-Resisting Secure Sum Protocol ∗ , 2011 .