Encrypted machine learning of molecular quantum properties
- URL: http://arxiv.org/abs/2212.04322v1
- Date: Mon, 5 Dec 2022 11:04:08 GMT
- Title: Encrypted machine learning of molecular quantum properties
- Authors: Jan Weinreich, Guido Falk von Rudorff, O. Anatole von Lilienfeld
- Abstract summary: Encrypting the prediction process can solve this problem by double-blind model evaluation.
We implement secure and computationally feasible encrypted machine learning models.
We find that encrypted predictions using kernel ridge regression models are a million times more expensive than without encryption.
- Score: 0.0
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Large machine learning models with improved predictions have become widely
available in the chemical sciences. Unfortunately, these models do not protect
the privacy necessary within commercial settings, prohibiting the use of
potentially extremely valuable data by others. Encrypting the prediction
process can solve this problem by double-blind model evaluation and prohibits
the extraction of training or query data. However, contemporary ML models based
on fully homomorphic encryption or federated learning are either too expensive
for practical use or have to trade higher speed for weaker security. We have
implemented secure and computationally feasible encrypted machine learning
models using oblivious transfer enabling and secure predictions of molecular
quantum properties across chemical compound space. However, we find that
encrypted predictions using kernel ridge regression models are a million times
more expensive than without encryption. This demonstrates a dire need for a
compact machine learning model architecture, including molecular representation
and kernel matrix size, that minimizes model evaluation costs.
Related papers
- Privacy Backdoors: Enhancing Membership Inference through Poisoning Pre-trained Models [112.48136829374741]
In this paper, we unveil a new vulnerability: the privacy backdoor attack.
When a victim fine-tunes a backdoored model, their training data will be leaked at a significantly higher rate than if they had fine-tuned a typical model.
Our findings highlight a critical privacy concern within the machine learning community and call for a reevaluation of safety protocols in the use of open-source pre-trained models.
arXiv Detail & Related papers (2024-04-01T16:50:54Z) - Learning in the Dark: Privacy-Preserving Machine Learning using Function Approximation [1.8907108368038215]
Learning in the Dark is a privacy-preserving machine learning model that can classify encrypted images with high accuracy.
It is capable of performing high accuracy predictions by performing computations directly on encrypted data.
arXiv Detail & Related papers (2023-09-15T06:45:58Z) - QuMoS: A Framework for Preserving Security of Quantum Machine Learning
Model [10.543277412560233]
Security has always been a critical issue in machine learning (ML) applications.
Model-stealing attack is one of the most fundamental but vitally important issues.
We propose a novel framework, namely QuMoS, to preserve model security.
arXiv Detail & Related papers (2023-04-23T01:17:43Z) - nanoLM: an Affordable LLM Pre-training Benchmark via Accurate Loss Prediction across Scales [65.01417261415833]
We present an approach to predict the pre-training loss based on our observations that Maximal Update Parametrization (muP) enables accurate fitting of scaling laws.
With around 14% of the one-time pre-training cost, we can accurately forecast the loss for models up to 52B.
Our goal with nanoLM is to empower researchers with limited resources to reach meaningful conclusions on large models.
arXiv Detail & Related papers (2023-04-14T00:45:01Z) - Implicit Geometry and Interaction Embeddings Improve Few-Shot Molecular
Property Prediction [53.06671763877109]
We develop molecular embeddings that encode complex molecular characteristics to improve the performance of few-shot molecular property prediction.
Our approach leverages large amounts of synthetic data, namely the results of molecular docking calculations.
On multiple molecular property prediction benchmarks, training from the embedding space substantially improves Multi-Task, MAML, and Prototypical Network few-shot learning performance.
arXiv Detail & Related papers (2023-02-04T01:32:40Z) - Partially Oblivious Neural Network Inference [4.843820624525483]
We show that for neural network models, like CNNs, some information leakage can be acceptable.
We experimentally demonstrate that in a CIFAR-10 network we can leak up to $80%$ of the model's weights with practically no security impact.
arXiv Detail & Related papers (2022-10-27T05:39:36Z) - Privacy-Preserving Chaotic Extreme Learning Machine with Fully
Homomorphic Encryption [5.010425616264462]
We propose a Chaotic Extreme Learning Machine and its encrypted form using Fully Homomorphic Encryption.
Our proposed method has performed either better or similar to the Traditional Extreme Learning Machine on most of the datasets.
arXiv Detail & Related papers (2022-08-04T11:29:52Z) - MOVE: Effective and Harmless Ownership Verification via Embedded
External Features [109.19238806106426]
We propose an effective and harmless model ownership verification (MOVE) to defend against different types of model stealing simultaneously.
We conduct the ownership verification by verifying whether a suspicious model contains the knowledge of defender-specified external features.
In particular, we develop our MOVE method under both white-box and black-box settings to provide comprehensive model protection.
arXiv Detail & Related papers (2022-08-04T02:22:29Z) - How to Robustify Black-Box ML Models? A Zeroth-Order Optimization
Perspective [74.47093382436823]
We address the problem of black-box defense: How to robustify a black-box model using just input queries and output feedback?
We propose a general notion of defensive operation that can be applied to black-box models, and design it through the lens of denoised smoothing (DS)
We empirically show that ZO-AE-DS can achieve improved accuracy, certified robustness, and query complexity over existing baselines.
arXiv Detail & Related papers (2022-03-27T03:23:32Z) - Defence against adversarial attacks using classical and quantum-enhanced
Boltzmann machines [64.62510681492994]
generative models attempt to learn the distribution underlying a dataset, making them inherently more robust to small perturbations.
We find improvements ranging from 5% to 72% against attacks with Boltzmann machines on the MNIST dataset.
arXiv Detail & Related papers (2020-12-21T19:00:03Z) - Privacy-Preserving Gaussian Process Regression -- A Modular Approach to
the Application of Homomorphic Encryption [4.1499725848998965]
Homomorphic encryption (FHE) allows data to be computed on whilst encrypted.
Some commonly used machine learning algorithms, such as Gaussian process regression, are poorly suited to FHE.
We show that a modular approach, which applies FHE to only the sensitive steps of a workflow that need protection, allows one party to make predictions on their data.
arXiv Detail & Related papers (2020-01-28T11:50:36Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.