Non-Interactive Private Decision Tree Evaluation

In this paper, we address the problem of privately evaluating a decision tree on private data. This scenario consists of a server holding a private decision tree model and a client interested in classifying its private attribute vector using the server’s private model. The goal of the computation is to obtain the classification while preserving the privacy of both—the decision tree and the client input. After the computation, the client learns the classification result and nothing else, and the server learns nothing. Existing privacy-preserving protocols that address this problem use or combine different generic secure multiparty computation approaches resulting in several interactions between the client and the server. Our goal is to design and implement a novel client-server protocol that delegates the complete tree evaluation to the server while preserving privacy and reducing the overhead. The idea is to use fully (somewhat) homomorphic encryption and evaluate the tree on ciphertexts encrypted under the client’s public key. However, since current somewhat homomorphic encryption schemes have high overhead, we combine efficient data representations with different algorithmic optimizations to keep the computational overhead and the communication cost low. As a result, we are able to provide the first non-interactive protocol, that allows the client to delegate the evaluation to the server by sending an encrypted input and receiving only the encryption of the result. Our scheme has only one round and evaluates a complete tree of depth 10 within seconds.

[1]  Jung Hee Cheon,et al.  Optimized Search-and-Compute Circuits and Their Application to Query Evaluation on Encrypted Data , 2016, IEEE Transactions on Information Forensics and Security.

[2]  Thomas Schneider,et al.  Valiant's Universal Circuit is Practical , 2016, EUROCRYPT.

[3]  Nigel P. Smart,et al.  Actively Secure Private Function Evaluation , 2014, ASIACRYPT.

[4]  Jun Sakuma,et al.  Non-interactive and Output Expressive Private Comparison from Homomorphic Encryption , 2018, AsiaCCS.

[5]  Yehuda Lindell,et al.  Efficient Secure Two-Party Protocols , 2010, Information Security and Cryptography.

[6]  Stefan Katzenbeisser,et al.  Secure Computation of the kth-Ranked Element in a Star Network , 2019, Financial Cryptography.

[7]  Vitaly Shmatikov,et al.  Privacy-preserving remote diagnostics , 2007, CCS '07.

[8]  Jeffrey F. Naughton,et al.  A Methodology for Formalizing Model-Inversion Attacks , 2016, 2016 IEEE 29th Computer Security Foundations Symposium (CSF).

[9]  Avi Wigderson,et al.  Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation (Extended Abstract) , 1988, STOC.

[10]  Ian H. Witten,et al.  Data mining: practical machine learning tools and techniques, 3rd Edition , 1999 .

[11]  Ivan Damgård,et al.  Efficient and Secure Comparison for On-Line Auctions , 2007, ACISP.

[12]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[13]  Stefan Katzenbeisser,et al.  HyCC: Compilation of Hybrid Protocols for Practical Secure Computation , 2018, CCS.

[14]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[15]  S. Rajsbaum Foundations of Cryptography , 2014 .

[16]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[17]  Stefan Katzenbeisser,et al.  Private Evaluation of Decision Trees using Sublinear Cost , 2019, Proc. Priv. Enhancing Technol..

[18]  Amit Sahai,et al.  Homomorphic Encryption Standard , 2019, IACR Cryptol. ePrint Arch..

[19]  Wen-Guey Tzeng,et al.  An Efficient Solution to the Millionaires' Problem Based on Homomorphic Encryption , 2005, ACNS.

[20]  Berk Sunar,et al.  cuHE: A Homomorphic Encryption Accelerator Library , 2015, IACR Cryptol. ePrint Arch..

[21]  Ahmad-Reza Sadeghi,et al.  Secure Evaluation of Private Linear Branching Programs with Medical Applications , 2009, ESORICS.

[22]  Marcel Keller,et al.  MASCOT: Faster Malicious Arithmetic Secure Computation with Oblivious Transfer , 2016, IACR Cryptol. ePrint Arch..

[23]  Nicolas Gama,et al.  Faster Packed Homomorphic Operations and Efficient Circuit Bootstrapping for TFHE , 2017, ASIACRYPT.

[24]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[25]  Marcel Keller,et al.  Practical Covertly Secure MPC for Dishonest Majority - Or: Breaking the SPDZ Limits , 2013, ESORICS.

[26]  Donald Beaver,et al.  Commodity-based cryptography (extended abstract) , 1997, STOC '97.

[27]  Somesh Jha,et al.  Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures , 2015, CCS.

[28]  Anderson C. A. Nascimento,et al.  Efficient and Private Scoring of Decision Trees, Support Vector Machines and Logistic Regression Models Based on Pre-Computation , 2019, IEEE Transactions on Dependable and Secure Computing.

[29]  Sherman S. M. Chow,et al.  Privacy-Preserving Decision Trees Evaluation via Linear Functions , 2017, ESORICS.

[30]  Nicolas Gama,et al.  Improving TFHE: faster packed homomorphic operations and efficient circuit bootstrapping , 2017, IACR Cryptol. ePrint Arch..

[31]  Nicolas Gama,et al.  TFHE: Fast Fully Homomorphic Encryption Over the Torus , 2019, Journal of Cryptology.

[32]  Fan Zhang,et al.  Stealing Machine Learning Models via Prediction APIs , 2016, USENIX Security Symposium.

[33]  Nicolas Gama,et al.  Faster Fully Homomorphic Encryption: Bootstrapping in Less Than 0.1 Seconds , 2016, ASIACRYPT.

[34]  Ivan Damgård,et al.  Multiparty Computation from Threshold Homomorphic Encryption , 2000, EUROCRYPT.

[35]  Jian Liu,et al.  SoK: Modular and Efficient Private Decision Tree Evaluation , 2019, IACR Cryptol. ePrint Arch..

[36]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[37]  Yehuda Lindell,et al.  Efficient Secure Two-Party Protocols: Techniques and Constructions , 2010 .

[38]  Shai Halevi,et al.  Algorithms in HElib , 2014, CRYPTO.

[39]  Stefan Katzenbeisser,et al.  CBMC-GC: An ANSI C Compiler for Secure Two-Party Computations , 2014, CC.

[40]  Kartik Nayak,et al.  ObliVM: A Programming Framework for Secure Computation , 2015, 2015 IEEE Symposium on Security and Privacy.

[41]  Frederik Vercauteren,et al.  Fully homomorphic SIMD operations , 2012, Designs, Codes and Cryptography.

[42]  Jung Hee Cheon,et al.  Homomorphic Computation of Edit Distance , 2015, IACR Cryptol. ePrint Arch..

[43]  Marc Joye,et al.  Private yet Efficient Decision Tree Evaluation , 2018, DBSec.

[44]  Vladimir Kolesnikov,et al.  A Practical Universal Circuit Construction and Secure Evaluation of Private Functions , 2008, Financial Cryptography.

[45]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[46]  Shafi Goldwasser,et al.  Machine Learning Classification over Encrypted Data , 2015, NDSS.

[47]  Jung Hee Cheon,et al.  Search-and-compute on Encrypted Data , 2015, IACR Cryptol. ePrint Arch..

[48]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[49]  Michael Naehrig,et al.  Privately Evaluating Decision Trees and Random Forests , 2016, IACR Cryptol. ePrint Arch..

[50]  Craig Gentry,et al.  Fully Homomorphic Encryption without Bootstrapping , 2011, IACR Cryptol. ePrint Arch..

[51]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..