FLASH: Fast and Robust Framework for Privacy-preserving Machine Learning

Abstract Privacy-preserving machine learning (PPML) via Secure Multi-party Computation (MPC) has gained momentum in the recent past. Assuming a minimal network of pair-wise private channels, we propose an efficient four-party PPML framework over rings ℤ2ℓ, FLASH, the first of its kind in the regime of PPML framework, that achieves the strongest security notion of Guaranteed Output Delivery (all parties obtain the output irrespective of adversary’s behaviour). The state of the art ML frameworks such as ABY3 by Mohassel et.al (ACM CCS’18) and SecureNN by Wagh et.al (PETS’19) operate in the setting of 3 parties with one malicious corruption but achieve the weaker security guarantee of abort. We demonstrate PPML with real-time efficiency, using the following custom-made tools that overcome the limitations of the aforementioned state-of-the-art– (a) dot product, which is independent of the vector size unlike the state-of-the-art ABY3, SecureNN and ASTRA by Chaudhari et.al (ACM CCSW’19), all of which have linear dependence on the vector size. (b) Truncation and MSB Extraction, which are constant round and free of circuits like Parallel Prefix Adder (PPA) and Ripple Carry Adder (RCA), unlike ABY3 which uses these circuits and has round complexity of the order of depth of these circuits. We then exhibit the application of our FLASH framework in the secure server-aided prediction of vital algorithms– Linear Regression, Logistic Regression, Deep Neural Networks, and Binarized Neural Networks. We substantiate our theoretical claims through improvement in benchmarks of the aforementioned algorithms when compared with the current best framework ABY3. All the protocols are implemented over a 64-bit ring in LAN and WAN. Our experiments demonstrate that, for MNIST dataset, the improvement (in terms of throughput) ranges from 24 × to 1390 × over LAN and WAN together.

[1]  Farinaz Koushanfar,et al.  XONN: XNOR-based Oblivious Deep Neural Network Inference , 2019, IACR Cryptol. ePrint Arch..

[2]  Xiao Wang,et al.  Secure Computation with Low Communication from Cross-checking , 2018, IACR Cryptol. ePrint Arch..

[3]  James Philbin,et al.  FaceNet: A unified embedding for face recognition and clustering , 2015, 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[4]  Carmit Hazay,et al.  Fast Actively Secure Five-Party Computation with Security Beyond Abort , 2019, IACR Cryptol. ePrint Arch..

[5]  Yehuda Lindell,et al.  Optimized Honest-Majority MPC for Malicious Adversaries — Breaking the 1 Billion-Gate Per Second Barrier , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[6]  Ran El-Yaniv,et al.  Binarized Neural Networks , 2016, ArXiv.

[7]  Avi Wigderson,et al.  Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation (Extended Abstract) , 1988, STOC.

[8]  Yehuda Lindell,et al.  High-Throughput Semi-Honest Secure Three-Party Computation with an Honest Majority , 2016, IACR Cryptol. ePrint Arch..

[9]  Arun Joseph,et al.  Fast Secure Computation for Small Population over the Internet , 2018, IACR Cryptol. ePrint Arch..

[10]  Michael Zohner,et al.  ABY - A Framework for Efficient Mixed-Protocol Secure Two-Party Computation , 2015, NDSS.

[11]  Yehuda Lindell Fast Cut-and-Choose-Based Protocols for Malicious and Covert Adversaries , 2015, Journal of Cryptology.

[12]  Amir Salman Avestimehr,et al.  CodedPrivateML: A Fast and Privacy-Preserving Framework for Distributed Machine Learning , 2019, IEEE Journal on Selected Areas in Information Theory.

[13]  Jian Liu,et al.  SoK: Modular and Efficient Private Decision Tree Evaluation , 2019, IACR Cryptol. ePrint Arch..

[14]  Dan Bogdanov,et al.  Sharemind: A Framework for Fast Privacy-Preserving Computations , 2008, ESORICS.

[15]  Peter Sebastian Nordholt,et al.  Minimising Communication in Honest-Majority MPC by Batchwise Multiplication Verification , 2018, IACR Cryptol. ePrint Arch..

[16]  Yuval Ishai,et al.  How to Prove a Secret: Zero-Knowledge Proofs on Distributed Data via Fully Linear PCPs , 2019, IACR Cryptol. ePrint Arch..

[17]  Ivan Damgård,et al.  Secure Multiparty Computation Goes Live , 2009, Financial Cryptography.

[18]  Marcel Keller,et al.  Secure Evaluation of Quantized Neural Networks , 2019, IACR Cryptol. ePrint Arch..

[19]  Yuval Ishai,et al.  Extending Oblivious Transfers Efficiently , 2003, CRYPTO.

[20]  Matthew K. Franklin,et al.  Efficiency Tradeoffs for Malicious Two-Party Computation , 2006, Public Key Cryptography.

[21]  Anantha Chandrakasan,et al.  Gazelle: A Low Latency Framework for Secure Neural Network Inference , 2018, IACR Cryptol. ePrint Arch..

[22]  Sameer Wagh,et al.  SecureNN: Efficient and Private Neural Network Training , 2018, IACR Cryptol. ePrint Arch..

[23]  Yehuda Lindell,et al.  Fairness Versus Guaranteed Output Delivery in Secure Multiparty Computation , 2014, Journal of Cryptology.

[24]  Yehuda Lindell,et al.  DEMO: High-Throughput Secure Three-Party Computation of Kerberos Ticket Generation , 2016, CCS.

[25]  Payman Mohassel,et al.  SecureML: A System for Scalable Privacy-Preserving Machine Learning , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[26]  Marcel Keller,et al.  Practical Covertly Secure MPC for Dishonest Majority - Or: Breaking the SPDZ Limits , 2013, ESORICS.

[27]  Yehuda Lindell,et al.  Fast Large-Scale Honest-Majority MPC for Malicious Adversaries , 2018, Journal of Cryptology.

[28]  Farinaz Koushanfar,et al.  Chameleon: A Hybrid Secure Computation Framework for Machine Learning Applications , 2018, IACR Cryptol. ePrint Arch..

[29]  Frederik Vercauteren,et al.  EPIC: Efficient Private Image Classification (or: Learning from the Masters) , 2019, CT-RSA.

[30]  Peter Rindal,et al.  ABY3: A Mixed Protocol Framework for Machine Learning , 2018, IACR Cryptol. ePrint Arch..

[31]  Mark Simkin,et al.  Use your Brain! Arithmetic 3PC For Any Modulus with Active Security , 2019, IACR Cryptol. ePrint Arch..

[32]  Ye Zhang,et al.  Fast and Secure Three-party Computation: The Garbled Circuit Approach , 2015, IACR Cryptol. ePrint Arch..

[33]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[34]  Anat Paskin-Cherniavsky,et al.  Secure Computation with Minimal Interaction, Revisited , 2015, CRYPTO.

[35]  Yehuda Lindell,et al.  High-Throughput Secure Three-Party Computation for Malicious Adversaries and an Honest Majority , 2017, IACR Cryptol. ePrint Arch..

[36]  Ashish Choudhury,et al.  ASTRA: High Throughput 3PC over Rings with Application to Secure Prediction , 2019, IACR Cryptol. ePrint Arch..

[37]  Yehuda Lindell,et al.  An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries , 2007, Journal of Cryptology.

[38]  D. Rubinfeld,et al.  Hedonic housing prices and the demand for clean air , 1978 .

[39]  Arpita Patra,et al.  On the Exact Round Complexity of Secure Three-Party Computation , 2018, Journal of Cryptology.

[40]  Sebastian Thrun,et al.  Dermatologist-level classification of skin cancer with deep neural networks , 2017, Nature.

[41]  Benny Pinkas,et al.  FairplayMP: a system for secure multi-party computation , 2008, CCS.

[42]  Sameer Wagh,et al.  SecureNN: 3-Party Secure Computation for Neural Network Training , 2019, Proc. Priv. Enhancing Technol..

[43]  Harris Drucker,et al.  Comparison of learning algorithms for handwritten digit recognition , 1995 .

[44]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[45]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[46]  Stefan Katzenbeisser,et al.  Private Evaluation of Decision Trees using Sublinear Cost , 2019, Proc. Priv. Enhancing Technol..

[47]  Naoto Yanai,et al.  MOBIUS: Model-Oblivious Binarized Neural Networks , 2018, IEEE Access.

[48]  Claudio Orlandi,et al.  Cross and Clean: Amortized Garbled Circuits with Constant Overhead , 2016, TCC.

[49]  Richard Cleve,et al.  Limits on the security of coin flips when half the processors are faulty , 1986, STOC '86.

[50]  Mohammad Anagreh,et al.  Yet Another Compiler for Active Security or : Efficient MPC Over Arbitrary Rings , 2017 .