CryptoSPN: Privacy-preserving Sum-Product Network Inference

• URL: http://arxiv.org/abs/2002.00801v1
• Date: Mon, 3 Feb 2020 14:49:18 GMT
• Title: CryptoSPN: Privacy-preserving Sum-Product Network Inference
• Authors: Amos Treiber and Alejandro Molina and Christian Weinert and Thomas Schneider and Kristian Kersting
• Abstract summary: We present a framework for privacy-preserving inference of sum-product networks (SPNs) CryptoSPN achieves highly efficient and accurate inference in the order of seconds for medium-sized SPNs.
• Score: 84.88362774693914
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: AI algorithms, and machine learning (ML) techniques in particular, are increasingly important to individuals' lives, but have caused a range of privacy concerns addressed by, e.g., the European GDPR. Using cryptographic techniques, it is possible to perform inference tasks remotely on sensitive client data in a privacy-preserving way: the server learns nothing about the input data and the model predictions, while the client learns nothing about the ML model (which is often considered intellectual property and might contain traces of sensitive data). While such privacy-preserving solutions are relatively efficient, they are mostly targeted at neural networks, can degrade the predictive accuracy, and usually reveal the network's topology. Furthermore, existing solutions are not readily accessible to ML experts, as prototype implementations are not well-integrated into ML frameworks and require extensive cryptographic knowledge. In this paper, we present CryptoSPN, a framework for privacy-preserving inference of sum-product networks (SPNs). SPNs are a tractable probabilistic graphical model that allows a range of exact inference queries in linear time. Specifically, we show how to efficiently perform SPN inference via secure multi-party computation (SMPC) without accuracy degradation while hiding sensitive client and training information with provable security guarantees. Next to foundations, CryptoSPN encompasses tools to easily transform existing SPNs into privacy-preserving executables. Our empirical results demonstrate that CryptoSPN achieves highly efficient and accurate inference in the order of seconds for medium-sized SPNs.

Related papers

• PrivacyMind: Large Language Models Can Be Contextual Privacy Protection Learners [81.571305826793]
  We introduce Contextual Privacy Protection Language Models (PrivacyMind) Our work offers a theoretical analysis for model design and benchmarks various techniques. In particular, instruction tuning with both positive and negative examples stands out as a promising method.
  arXiv  Detail & Related papers  (2023-10-03T22:37:01Z)
• Just Fine-tune Twice: Selective Differential Privacy for Large Language Models [69.66654761324702]
  We propose a simple yet effective just-fine-tune-twice privacy mechanism to achieve SDP for large Transformer-based language models. Experiments show that our models achieve strong performance while staying robust to the canary insertion attack.
  arXiv  Detail & Related papers  (2022-04-15T22:36:55Z)
• Comparative Analysis of Interval Reachability for Robust Implicit and Feedforward Neural Networks [64.23331120621118]
  We use interval reachability analysis to obtain robustness guarantees for implicit neural networks (INNs) INNs are a class of implicit learning models that use implicit equations as layers. We show that our approach performs at least as well as, and generally better than, applying state-of-the-art interval bound propagation methods to INNs.
  arXiv  Detail & Related papers  (2022-04-01T03:31:27Z)
• Sphynx: ReLU-Efficient Network Design for Private Inference [49.73927340643812]
  We focus on private inference (PI), where the goal is to perform inference on a user's data sample using a service provider's model. Existing PI methods for deep networks enable cryptographically secure inference with little drop in functionality. This paper presents Sphynx, a ReLU-efficient network design method based on micro-search strategies for convolutional cell design.
  arXiv  Detail & Related papers  (2021-06-17T18:11:10Z)
• Efficient CNN Building Blocks for Encrypted Data [6.955451042536852]
  Homomorphic Encryption (FHE) is a promising technique to enable machine learning and inferencing. We show that operational parameters of the chosen FHE scheme have a major impact on the design of the machine learning model. Our empirical study shows that choice of aforementioned design parameters result in significant trade-offs between accuracy, security level, and computational time.
  arXiv  Detail & Related papers  (2021-01-30T21:47:23Z)
• NN-EMD: Efficiently Training Neural Networks using Encrypted Multi-Sourced Datasets [7.067870969078555]
  Training a machine learning model over an encrypted dataset is an existing promising approach to address the privacy-preserving machine learning task. We propose a novel framework, NN-EMD, to train a deep neural network (DNN) model over multiple datasets collected from multiple sources. We evaluate our framework for performance with regards to the training time and model accuracy on the MNIST datasets.
  arXiv  Detail & Related papers  (2020-12-18T23:01:20Z)
• Towards Scalable and Privacy-Preserving Deep Neural Network via Algorithmic-Cryptographic Co-design [28.789702559193675]
  We propose SPNN - a Scalable and Privacy-preserving deep Neural Network learning framework. From cryptographic perspective, we propose using two types of cryptographic techniques, i.e., secret sharing and homomorphic encryption. Experimental results conducted on real-world datasets demonstrate the superiority of SPNN.
  arXiv  Detail & Related papers  (2020-12-17T02:26:16Z)
• Privacy-Preserving XGBoost Inference [0.6345523830122165]
  A major barrier to adoption is the sensitive nature of predictive queries. One central goal of privacy-preserving machine learning (PPML) is to enable users to submit encrypted queries to a remote ML service. We propose a privacy-preserving XGBoost prediction algorithm, which we have implemented and evaluated empirically on AWS SageMaker.
  arXiv  Detail & Related papers  (2020-11-09T21:46:07Z)
• Rectified Linear Postsynaptic Potential Function for Backpropagation in Deep Spiking Neural Networks [55.0627904986664]
  Spiking Neural Networks (SNNs) usetemporal spike patterns to represent and transmit information, which is not only biologically realistic but also suitable for ultra-low-power event-driven neuromorphic implementation. This paper investigates the contribution of spike timing dynamics to information encoding, synaptic plasticity and decision making, providing a new perspective to design of future DeepSNNs and neuromorphic hardware systems.
  arXiv  Detail & Related papers  (2020-03-26T11:13:07Z)
• Industrial Scale Privacy Preserving Deep Neural Network [23.690146141150407]
  We propose an industrial scale privacy preserving neural network learning paradigm, which is secure against semi-honest adversaries. We conduct experiments on real-world fraud detection dataset and financial distress prediction dataset.
  arXiv  Detail & Related papers  (2020-03-11T10:15:37Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.