EfficientUncondi,onallySecureComparisonandPrivacyPreservingMachineLearningClassifica,onProtocols

BernardoDavidRafaelDowsley

RajKaEAndersonC.A.Nascimento

Problem

performtheclassifica,on

Bothpar,eswanttoguaranteetheprivacyoftheirdata.

Considerhonest-but-curiousadversaries.

Classifiers

C(w,v)=argmax<v,wi>

Hyperplanedecisionclassifier:modelwconsistsofkvectorsw1,…,wk

NaïveBayesclassifier:classifica,onusingmaximumaposterioridecisionruleandthemodelconsistsoftheprobabilitythateachclasshappensandtheprobabilitythateachinputelementhappensinacertainclass

C(w,v)=argmax(logPr(C=ci)+ΣlogPr(Vj=Vj|C=ci))

Buildingblocks:argmax(comparison)andinner-product.

BuildingBlocks

Considerthetrustedini,alizermodel.

Efficientanduncondi,onallysecuresolu,onsforthebuildingblocks.

Uncondi,onallysecurecomparisonsprotocols(andsoargmax)canbedesignedusinguncondi,onallysecuremul,plica,onasabuildingblock.

Op,mizeuseofthemul,plica,onprotocol.

Efficientinner-productprotocolalreadyknown[DGMN11].

TrustedIni,alizerModel

dataUBdataUA

Trustedini,alizerpre-distributescorrelatedrandomnesstothepar,es.

Trustedini,alizerdoesnotlearntheinputsanddoesnotpar,cipateanymore.

Advantage:uncondi,onalsecuritycanbeachievedwithveryefficientprotocols.

Compu,ngUsingSecretShares

Foravaluex,AlicereceivesasharexAandBobasharexBsuchthatx=xA+xB.Let[x]denotethesecretsharingofx.

Use addi,vely secret sharing (over some finite field) for performing securecomputa,ons.

Givenshares[x],[y]itiseasytocomputesharescorrespondingtoz=x+y,z=x-y,ortoadda/mul,plybyaconstant.

Notsoeasytocomputesharesforz=xywithoutrevealingaddi,onalinforma,on.

Mul,plica,onTriples

random[s],[t],[u]suchthatu=st

compute[m]=[x]-[s]andopenm

compute[n]=[y]-[t]andopenn

[z]=n[s]+m[t]+[u]+mn

Duetotheblindingfactors,noinforma,onaboutx,yorzisleaked.

SecureComparison

Theinputsaregivenasbit-wisesecretsharings[xi]and[yi]inZqwithq>2l+2.

Forinputsofl-bits,ourprotocolonlyuseslinstancesofthesecuremul,plica,on.

Theoutputiseither[0]ify>xor[w]forarandomwinZq*ify<=x.

Thismodifiedformofoutputisgoodenoughforourapplica,ons.

SecureComparison

[z]forrandomnon-zerozandlmul,plica,ontriples

locallycompute[di]=[xi]-[yi]

locallycompute[ci]=[di]+1+Σlj=i+1[dj]2l-j+2

compute[w]=[z]Πli=1[ci]

SecureComparison

[z]forrandomnon-zerozandlmul,plica,ontriples

locallycompute[di]=[xi]-[yi]

locallycompute[ci]=[di]+1+Σlj=i+1[dj]2l-j+2

compute[w]=[z]Πli=1[ci]

Correctness:y>xifandonlyifthereisanisuchthatyi>xiandyj=xjforj=i+1,…,l.

di=-1anddj=0

ci=0

SecureArgmin

correlateddatanecessaryfortheunderlyingbuildingblocks

compareallorderedpairsvjandvitoget[wi,j]

compute[pi]=Πkj=1,j≠i[wi,j]

openpitoAlice.Ifpi≠0,sheaddsitotheoutput

Input:bit-wisesecretsharingsofvectorsv1,…,vk

NaïveBayesClassifier

obliviouslycomputetheconvertedlogPr(Vj=Vj|C=ci)

usesecureargmaxprotocol

logoftheprobabili,esareconvertedtofieldelements

C(w,v)=argmax(logPr(C=ci)+ΣlogPr(Vj=Vj|C=ci))

HyperplaneDecisionClassifier

securelycomputetheinner-products[DGMN11]

converttobit-wisesecretsharings[Veu15]

usesecureargmaxprotocol

C(w,v)=argmax<v,wi>

Recap

²  Possibletoobtainprivacy-preservingschemesforimportantmachinelearningclassifiersusingasbuildingblockscomparison,argmaxandinnerproducts.

²  Op,mizedsecurecomparisonprotocolthatfitsourapplica,ons.

²  Possible to eliminate the trusted ini,alizer at the cost of having some pre-computa,onbetweenthepar,esandlosingtheuncondi,onalsecurity.