Practical, Label Private Deep Learning Training based on Secure Multiparty Computation and Differential Privacy

Secure Multiparty Computation (MPC) is an invaluable tool for training machine learning models when the training data cannot be directly accessed by the model trainer. Unfortunately, complex algorithms, such as deep learning models, have their computational complexities increased by orders of magnitude when performed using MPC protocols. In this contribution, we study how to efficiently train an important class of machine learning problems by using MPC where features are known by one of the computing parties and only the labels are private. We propose new protocols combining differential privacy (DP) and MPC in order to privately and efficiently train a deep learning model in such scenario. More specifically, we release differentially private information during the MPC computation to dramatically reduce the training time. All released information idoes not compromise the privacy of the labels at the individual level. Our protocols can have running times that are orders of magnitude better than a straightforward use of MPC at a moderate cost in model accuracy.

[1]  Zekeriya Erkin,et al.  Secure Comparison Protocols in the Semi-Honest Model , 2015, IEEE Journal of Selected Topics in Signal Processing.

[2]  Ian Goodfellow,et al.  Deep Learning with Differential Privacy , 2016, CCS.

[3]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[4]  Melissa Chase,et al.  Private Collaborative Neural Network Learning , 2017, IACR Cryptol. ePrint Arch..

[5]  Tomas Toft,et al.  Linear, Constant-Rounds Bit-Decomposition , 2009, ICISC.

[6]  Anderson C. A. Nascimento,et al.  Efficient and Private Scoring of Decision Trees, Support Vector Machines and Logistic Regression Models Based on Pre-Computation , 2019, IEEE Transactions on Dependable and Secure Computing.

[7]  Donald Beaver,et al.  One-Time Tables for Two-Party Computation , 1998, COCOON.

[8]  Jian Sun,et al.  Deep Residual Learning for Image Recognition , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[9]  Martine De Cock,et al.  Fast, Privacy Preserving Linear Regression over Distributed Datasets based on Pre-Distributed Data , 2015, AISec@CCS.

[10]  Marcel Keller,et al.  New Primitives for Actively-Secure MPC over Rings with Applications to Private Machine Learning , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[11]  Yehuda Lindell,et al.  The IPS Compiler: Optimizations, Variants and Concrete Efficiency , 2011, CRYPTO.

[12]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[13]  Mariana Raykova,et al.  Secure Computation for Machine Learning With SPDZ , 2019, ArXiv.

[14]  Shobha Venkataraman,et al.  CrypTen: Secure Multi-Party Computation Meets Machine Learning , 2021, NeurIPS.

[15]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[16]  Daniel Escudero,et al.  Secure training of decision trees with continuous attributes , 2020, IACR Cryptol. ePrint Arch..

[17]  Martine De Cock,et al.  Privacy-Preserving Classification of Personal Text Messages with Secure Multi-Party Computation: An Application to Hate-Speech Detection , 2019, IACR Cryptol. ePrint Arch..

[18]  Ninghui Li,et al.  Privacy at Scale: Local Dierential Privacy in Practice , 2018 .

[19]  Kamalika Chaudhuri,et al.  Sample Complexity Bounds for Differentially Private Learning , 2011, COLT.

[20]  C. Xing,et al.  Privacy-Preserving Deep Learning with SPDZ , 2019 .

[21]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[22]  Kannan Balasubramanian,et al.  Secure Multiparty Computation , 2011, Encyclopedia of Cryptography and Security.

[23]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[24]  Martine De Cock,et al.  High performance logistic regression for privacy-preserving genome analysis , 2020, BMC Medical Genomics.

[25]  Badih Ghazi,et al.  Deep Learning with Label Differential Privacy , 2021, NeurIPS.

[26]  Juan A. Garay,et al.  Practical and Secure Solutions for Integer Comparison , 2007, Public Key Cryptography.

[27]  Donald Beaver,et al.  Multiparty Computation with Faulty Majority , 1989, CRYPTO.

[28]  Di Wang,et al.  On Sparse Linear Regression in the Local Differential Privacy Model , 2019, IEEE Transactions on Information Theory.

[29]  Debmalya Biswas,et al.  Performance Comparison of Secure Comparison Protocols , 2009, 2009 20th International Workshop on Database and Expert Systems Application.