Presentation is loading. Please wait.

Presentation is loading. Please wait.

Helen: Maliciously Secure Coopetitive Learning for Linear Models

Published byHenryka Mróz Modified over 5 years ago

Similar presentations

Presentation on theme: "Helen: Maliciously Secure Coopetitive Learning for Linear Models"— Presentation transcript:

1 Helen: Maliciously Secure Coopetitive Learning for Linear Models
CS294 AI-Sys Presented by Dylan Dreyer April 10, 2019

2 Outline Motivation + Problem Statement Background + Threat Model
Overview of Helen + Key Features Results Discussion

3 Outline Motivation + Problem Statement Background + Threat Model
Overview of Helen + Key Features Results Discussion

4 Motivation #1 Model money laundering -> criminals move money back and forth cannot share customers’ data in plaintext

5 Motivation #2 Model

6 Problem “collaboratively train machine learning models on combined datasets for a common benefit” “organizations cannot share their sensitive data in plaintext due to privacy policies and regulations or due to business competition” Collaboration is beneficial higher quality models enable new applications

7 Outline Motivation + Problem Background + Threat Model
Overview of Helen + Key Features Results Discussion

8 Background on Coopetitive Learning
Coopetitive -> cooperative and competitive Secure multi-party computation (MPC) inefficient Previous works are limited unrealistic threat models limited to two parties General secure MPC is inefficient inefficient -> the paper implements SGD using SPDZ (maliciously secure MPC library that they also use for Helen), and notes that for 4 parties, 100K data points per party, 90 features -> 3 months to train. Previous works - homomorphic encryption, privacy preserving distributed computation threat model is unrealistic -> rely on outsourcing to non-colluding servers, assume a passive attacker that doesn’t deviate from the protocol, base confidentiality of their data on correct behavior of others limited because only involve two parties (SecureML), utilizes trusted hardware which opens up more avenues of vulnerability

9 Threat Model malicious setting - only trust yourself!
all other parties can misbehave/be malicious during protocol all parties agree on a functionality to compute confidentiality of final model not protected

10 Background on Crypto Building Blocks
threshold partially homomorphic encryption partially homomorphic ex. Paillier -> Enc(X) * Enc(Y) = Enc(X+Y) threshold need enough shares of secret key to decrypt zero knowledge proofs prove that a certain statement is true without revealing the prover’s secret secure multi party computation jointly compute a function over inputs while keeping inputs private SPDZ chosen over garbled circuits because matrix operations are more efficient Helen uses a threshold of all parties

11 Outline Motivation + Problem Background + Threat Model
Overview of Helen + Key Features Results Discussion

12 Overview of Helen platform for maliciously secure coopetitive learning
supports regularized linear models paper notes that these types of models are widely used few organizations, lots of data, smaller number of features

13 Key Features of Helen Overarching goal: Make expensive cryptographic computation independent of number of training samples Make all parties commit to input dataset and prove it Use ADMM (Alternating Direction Method of Multipliers)/LASSO use partially homomorphic encryption to encrypt global weights such that each party can compute in a decentralized manner 5 phases Agreement Phase Initialization Phase Input Preparation Phase Model Compute Phase Model Release Phase

14 Input Preparation Phase
Goal: broadcast encrypted summaries of data and commit Why? Malicious parties could use inconsistent data during protocol How? Encrypt data and attach various proofs of knowledge Naive method: commit on input dataset crypto computation scales linearly requires complex matrix inversions in MPC zero knowledge proof proves that party knows value of data commit to X_i and after this, any party cannot use different inputs for the rest of the algorithm each party stores the encrypted summaries from every other party -> paper notes this is viable due to summaries being much smaller than data

15 Input Preparation Phase
Goal: broadcast encrypted summaries of data and commit Why? Malicious parties could use inconsistent data during protocol How? Encrypt data and attach various proofs of knowledge Better method: Decompose A and b via SVD all of these matrices are dimension d, no longer n Each party broadcasts encrypted A, b, y*, V, Σ, ϴ along with proofs of knowledge

16 Input Preparation Phase
End of input preparation phase after this, any party cannot use different inputs for the rest of the algorithm each party stores the encrypted summaries from every other party -> paper notes this is viable due to summaries being much smaller than data

17 Model Compute Phase Goal: run ADMM algorithm iteratively and update encrypted global weights Why ADMM? efficient for linear models converges in few iterations (10) supports decentralized computation reduces number of expensive MPC syncs thus, efficient for cryptographic training SGD scales linearly with the number of samples

18 Model Compute Phase Goal: run ADMM iteratively to update encrypted global weights 1. Local optimization Each party calculates Enc(wik+1) also generate a proof of this 2. Coordination using MPC Parties use input summaries to verify Enc(wik+1) Convert weights to MPC Compute softmax via MPC Convert z back into encrypted form

19 Model Release Phase Goal: jointly decrypt and release model parameters (z) ciphertext to MPC conversion verify this conversion jointly decrypt model parameters (z)

20 Outline Motivation + Problem Background + Threat Model
Overview of Helen + Key Features Results Discussion

21 Results Evaluation of runtime of Helen’s different phases using a synthetic dataset SVD, although it operates on n, the number of features, is fast due to operating on plaintext data

22 Results used sklearn on plaintext data instead of SGD because does not compile on large instances maybe would have liked to see comparison of using same algorithm as Helen/using SGD

23 Results Helen vs. SGD baseline
Helen achieves orders of magnitude faster training time Helen input prep very slow to scale -> only part that scales is plaintext SVD calculation would have been nice to test against other baselines as well would have been nice to see error compared to SGD baseline

24 Outline Motivation + Problem Background + Threat Model
Overview of Helen + Key Features Results Discussion

25 Discussion Is there a need to extend to other types of models? Consequences of this? Trusted hardware (enclaves) is another popular approach to computing on sensitive data. Is it more viable? What happens when more parties get involved? Comparison vs. federated learning? Questions?

Download ppt "Helen: Maliciously Secure Coopetitive Learning for Linear Models"

Similar presentations

Secure Evaluation of Multivariate Polynomials

Secure Evaluation of Multivariate Polynomials
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Efficient Zero-Knowledge Proof Systems Jens Groth University College London.

Efficient Zero-Knowledge Proof Systems Jens Groth University College London.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.

Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
10/25/20061 Threshold Paillier Encryption Web Service A Master’s Project Proposal by Brett Wilson.

10/25/20061 Threshold Paillier Encryption Web Service A Master’s Project Proposal by Brett Wilson.
Secure Efficient Multiparty Computing of Multivariate Polynomials and Applications Dana Dachman-Soled, Tal Malkin, Mariana Raykova, Moti Yung.

Secure Efficient Multiparty Computing of Multivariate Polynomials and Applications Dana Dachman-Soled, Tal Malkin, Mariana Raykova, Moti Yung.
Cryptographic Technologies

Cryptographic Technologies
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Practical Private Computation of Vector Addition-Based Functions Yitao Duan and John Canny Computer Science Division University of California, Berkeley.

Practical Private Computation of Vector Addition-Based Functions Yitao Duan and John Canny Computer Science Division University of California, Berkeley.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2

Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2
Efficient and Robust Private Set Intersection and multiparty multivariate polynomials Dana Dachman-Soled 1, Tal Malkin 1, Mariana Raykova 1, Moti Yung.

Efficient and Robust Private Set Intersection and multiparty multivariate polynomials Dana Dachman-Soled 1, Tal Malkin 1, Mariana Raykova 1, Moti Yung.
Overview of Privacy Preserving Techniques.  This is a high-level summary of the state-of-the-art privacy preserving techniques and research areas  Focus.

Overview of Privacy Preserving Techniques.  This is a high-level summary of the state-of-the-art privacy preserving techniques and research areas  Focus.
Wai Kit Wong 1, Ben Kao 2, David W. Cheung 2, Rongbin Li 2, Siu Ming Yiu 2 1 Hang Seng Management College, Hong Kong 2 University of Hong Kong.

Wai Kit Wong 1, Ben Kao 2, David W. Cheung 2, Rongbin Li 2, Siu Ming Yiu 2 1 Hang Seng Management College, Hong Kong 2 University of Hong Kong.
Presented by: Sanketh Beerabbi University of Central Florida.

Presented by: Sanketh Beerabbi University of Central Florida.

Similar presentations

Ads by Google