CrypTen: Secure Multi-Party Computation Meets Machine Learning

Secure multi-party computation (MPC) allows parties to perform computations on data while keeping that data private. This capability has great potential for machine-learning applications: it facilitates training of machine-learning models on private data sets owned by different parties, evaluation of one party’s private model using another party’s private data, etc. Although a range of studies implement machine-learning models via secure MPC, such implementations are not yet mainstream. Adoption of secure MPC is hampered by the absence of flexible software frameworks that “speak the language” of machine-learning researchers and engineers. To foster adoption of secure MPC in machine learning, we present CRYPTEN: a software framework that exposes popular secure MPC primitives via abstractions that are common in modern machine-learning frameworks, such as tensor computations, automatic differentiation, and modular neural networks. This paper describes the design of CRYPTEN and measure its performance on state-ofthe-art models for text classification, speech recognition, and image classification. Our benchmarks show that CRYPTEN’s GPU support and high-performance communication between (an arbitrary number of) parties allows it to perform efficient private evaluation of modern machine-learning models under a semi-honest threat model. For example, two parties using CRYPTEN can securely predict phonemes in speech recordings using Wav2Letter [18] faster than real-time. We hope that CRYPTEN will spur adoption of secure MPC in the machine-learning community.

[1]  Mayank Varia,et al.  Secure multi-party computation for analytics deployed as a lightweight web application , 2016 .

[2]  Sameer Wagh,et al.  SecureNN: Efficient and Private Neural Network Training , 2018, IACR Cryptol. ePrint Arch..

[3]  A. Householder The numerical treatment of a single nonlinear equation , 1970 .

[4]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[5]  Eyal Kushilevitz,et al.  Falcon: Honest-Majority Maliciously Secure Framework for Private Deep Learning , 2021, Proc. Priv. Enhancing Technol..

[6]  Sebastian Berndt,et al.  SNI-in-the-head: Protecting MPC-in-the-head Protocols against Side-channel Analysis , 2020, IACR Cryptol. ePrint Arch..

[7]  Payman Mohassel,et al.  SecureML: A System for Scalable Privacy-Preserving Machine Learning , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[8]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[9]  Anantha Chandrakasan,et al.  Gazelle: A Low Latency Framework for Secure Neural Network Inference , 2018, IACR Cryptol. ePrint Arch..

[10]  Marcel Keller,et al.  New Primitives for Actively-Secure MPC over Rings with Applications to Private Machine Learning , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[11]  S L Warner,et al.  Randomized response: a survey technique for eliminating evasive answer bias. , 1965, Journal of the American Statistical Association.

[12]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[13]  Yao Lu,et al.  Oblivious Neural Network Predictions via MiniONN Transformations , 2017, IACR Cryptol. ePrint Arch..

[14]  Peter Rindal,et al.  ABY3: A Mixed Protocol Framework for Machine Learning , 2018, IACR Cryptol. ePrint Arch..

[15]  Yehuda Lindell,et al.  From Keys to Databases - Real-World Applications of Secure Multi-Party Computation , 2018, IACR Cryptol. ePrint Arch..

[16]  David J. Wu,et al.  CryptGPU: Fast Privacy-Preserving Machine Learning on the GPU , 2021, 2021 IEEE Symposium on Security and Privacy (SP).

[17]  Xukai Zou,et al.  A Survey of Secure Multiparty Computation Protocols for Privacy Preserving Genetic Tests , 2016, 2016 IEEE First International Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE).

[18]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[19]  Waseem Asghar Khan,et al.  Higher-order iterative methods by using Householder's method for solving certain nonlinear equations , 2013 .

[20]  Gabriel Synnaeve,et al.  Wav2Letter: an End-to-End ConvNet-based Speech Recognition System , 2016, ArXiv.

[21]  Geoffrey E. Hinton,et al.  ImageNet classification with deep convolutional neural networks , 2012, Commun. ACM.

[22]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[23]  Ashish Agarwal,et al.  TensorFlow Eager: A Multi-Stage, Python-Embedded DSL for Machine Learning , 2019, SysML.

[24]  Peeter Laud,et al.  Combining Differential Privacy and Secure Multiparty Computation , 2015, ACSAC.

[25]  Blaine Nelson,et al.  Poisoning Attacks against Support Vector Machines , 2012, ICML.

[26]  Raluca Ada Popa,et al.  Delphi: A Cryptographic Inference System for Neural Networks , 2020, IACR Cryptol. ePrint Arch..

[27]  Yuval Ishai,et al.  Share Conversion, Pseudorandom Secret-Sharing and Applications to Secure Computation , 2005, TCC.

[28]  Yoshua Bengio,et al.  Gradient-based learning applied to document recognition , 1998, Proc. IEEE.

[29]  Lukasz Kaiser,et al.  Attention is All you Need , 2017, NIPS.

[30]  Mitsuru Ito,et al.  Secret sharing scheme realizing general access structure , 1989 .

[31]  Ajith Suresh,et al.  Trident: Efficient 4PC Framework for Privacy Preserving Machine Learning , 2019, IACR Cryptol. ePrint Arch..

[32]  Marcel Keller,et al.  MASCOT: Faster Malicious Arithmetic Secure Computation with Oblivious Transfer , 2016, IACR Cryptol. ePrint Arch..

[33]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[34]  Nishant Kumar,et al.  CrypTFlow: Secure TensorFlow Inference , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[35]  Vladimir Kolesnikov,et al.  A Pragmatic Introduction to Secure Multi-Party Computation , 2019, Found. Trends Priv. Secur..

[36]  Daniel Rueckert,et al.  A generic framework for privacy preserving deep learning , 2018, ArXiv.

[37]  Alexander Kolesnikov,et al.  MLP-Mixer: An all-MLP Architecture for Vision , 2021, NeurIPS.

[38]  Arpita Patra,et al.  BLAZE: Blazing Fast Privacy-Preserving Machine Learning , 2020, IACR Cryptol. ePrint Arch..

[39]  Ashish Choudhury,et al.  ASTRA: High Throughput 3PC over Rings with Application to Secure Prediction , 2019, IACR Cryptol. ePrint Arch..

[40]  Mark Tygert,et al.  Secure multiparty computations in floating-point arithmetic , 2020, Information and Inference: A Journal of the IMA.

[41]  Farinaz Koushanfar,et al.  XONN: XNOR-based Oblivious Deep Neural Network Inference , 2019, IACR Cryptol. ePrint Arch..

[42]  Farinaz Koushanfar,et al.  Chameleon: A Hybrid Secure Computation Framework for Machine Learning Applications , 2018, IACR Cryptol. ePrint Arch..

[43]  Yiming Yang,et al.  DARTS: Differentiable Architecture Search , 2018, ICLR.

[44]  Jian Sun,et al.  Deep Residual Learning for Image Recognition , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[45]  Yuan Yu,et al.  TensorFlow: A system for large-scale machine learning , 2016, OSDI.

[46]  Andrew Zisserman,et al.  Very Deep Convolutional Networks for Large-Scale Image Recognition , 2014, ICLR.

[47]  Yehuda Lindell,et al.  High-Throughput Semi-Honest Secure Three-Party Computation with an Honest Majority , 2016, IACR Cryptol. ePrint Arch..

[48]  Georg Heigold,et al.  An Image is Worth 16x16 Words: Transformers for Image Recognition at Scale , 2021, ICLR.

[49]  Yuval Ishai,et al.  Correlated Pseudorandom Functions from Variable-Density LPN , 2020, 2020 IEEE 61st Annual Symposium on Foundations of Computer Science (FOCS).

[50]  Arpita Patra,et al.  FLASH: Fast and Robust Framework for Privacy-preserving Machine Learning , 2020, IACR Cryptol. ePrint Arch..

[51]  Natalia Gimelshein,et al.  PyTorch: An Imperative Style, High-Performance Deep Learning Library , 2019, NeurIPS.

[52]  A. Proofs Improving the Gaussian Mechanism for Differential Privacy , 2018 .

[53]  Aseem Rastogi,et al.  EzPC: Programmable, Efficient, and Scalable Secure Two-Party Computation , 2018, IACR Cryptol. ePrint Arch..

[54]  D. Rueckert,et al.  A Systematic Comparison of Encrypted Machine Learning Solutions for Image Classification , 2020, PPMLP@CCS.

[55]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[56]  Sanjeev Khudanpur,et al.  Librispeech: An ASR corpus based on public domain audio books , 2015, 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[57]  Ian Goodfellow,et al.  Deep Learning with Differential Privacy , 2016, CCS.

[58]  Ilya Mironov,et al.  On significance of the least significant bits for differential privacy , 2012, CCS.

[59]  Been Kim,et al.  Towards A Rigorous Science of Interpretable Machine Learning , 2017, 1702.08608.

[60]  Dan Bogdanov,et al.  Sharemind: A Framework for Fast Privacy-Preserving Computations , 2008, ESORICS.

[61]  Geoffrey E. Hinton,et al.  Rectified Linear Units Improve Restricted Boltzmann Machines , 2010, ICML.

[62]  I. Damglurd Unconditionally secure constant-rounds multi-party computation for equality, comparison, bits and exponentiation , 2006 .

[63]  Quoc V. Le,et al.  Neural Architecture Search with Reinforcement Learning , 2016, ICLR.

[64]  Michael Zohner,et al.  ABY - A Framework for Efficient Mixed-Protocol Secure Two-Party Computation , 2015, NDSS.

[65]  Octavian Catrina,et al.  Improved Primitives for Secure Multiparty Integer Computation , 2010, SCN.

[66]  Brett Hemenway,et al.  SoK: General Purpose Compilers for Secure Multi-Party Computation , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[67]  Thomas Steinke,et al.  The Discrete Gaussian for Differential Privacy , 2020, NeurIPS.

[68]  Irving S. Reed,et al.  Information theory and privacy in data banks , 1973, AFIPS National Computer Conference.

[69]  Donald Beaver,et al.  Efficient Multiparty Protocols Using Circuit Randomization , 1991, CRYPTO.