BLAZE: BLAZING FAST PRIVACY-PRESERVING MACHINE LEARNING ARPITA PATRA - - PowerPoint PPT Presentation

BLAZE: BLAZING FAST PRIVACY-PRESERVING MACHINE LEARNING

ARPITA PATRA AND AJITH SURESH

Ajith Suresh

CrIS Lab, IISc

https://www.csa.iisc.ac.in/~cris

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

Outline

q Secure Multi-party Computation (MPC) q MPC for small number of parties (3PC) q Our Efficient BLAZE Protocol (Results) q Privacy Preserving Machine Learning (PPML)

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

Secure Multi-party Computation (MPC) [Yao’82]

ü A set of parties with private inputs wish to compute some

joint function of their inputs.

ü Goals of MPC:

§

Correctness – Parties should correctly evaluate the function

• utput.

§

Privacy – Nothing more than the function output should be revealed

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

Secure Multi-party Computation (MPC) [Yao’82]

Trusted Third Party

ü A set of parties with private inputs wish to compute some

joint function of their inputs.

ü Goals of MPC:

§

Correctness – Parties should correctly evaluate the function

• utput.

§

Privacy – Nothing more than the function output should be revealed

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

Secure Multi-party Computation (MPC) [Yao’82]

Trusted Third Party

ü A set of parties with private inputs wish to compute some

joint function of their inputs.

ü Goals of MPC:

§

Correctness – Parties should correctly evaluate the function

• utput.

§

Privacy – Nothing more than the function output should be revealed

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

Secure Multi-party Computation (MPC) [Yao’82]

MPC

ü A set of parties with private inputs wish to compute some

joint function of their inputs.

ü Goals of MPC:

§

Correctness – Parties should correctly evaluate the function

• utput.

§

Privacy – Nothing more than the function output should be revealed

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

Secure Multi-party Computation (MPC) [Yao’82]

MPC

• Semi – honest:
• Follows the protocol but tries to learn more
• Malicious:
• Can arbitrarily deviate from the protocol

ADVERSARY

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

Secure Multi-party Computation (MPC) [Yao’82]

MPC

• Semi – honest:
• Follows the protocol but tries to learn more
• Malicious:
• Can arbitrarily deviate from the protocol

ADVERSARY

Malicious Corruption

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

MPC for small number of parties

Ø Efficiency and Simplicity [MRZ15,AFLNO16,FLNW17,CGMV17]

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

MPC for small number of parties

Ø Efficiency and Simplicity [MRZ15,AFLNO16,FLNW17,CGMV17] Ø Our focus: MPC with 3 parties

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

MPC for small number of parties

Ø Efficiency and Simplicity [MRZ15,AFLNO16,FLNW17,CGMV17] Ø Our focus: MPC with 3 parties Ø Corruption : honest majority

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

MPC for small number of parties

Ø Efficiency and Simplicity [MRZ15,AFLNO16,FLNW17,CGMV17] Ø Our focus: MPC with 3 parties Ø Corruption : honest majority

q Majority of the parties are honest q 3PC – at most 1 corruption

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

MPC for small number of parties

Ø Efficiency and Simplicity [MRZ15,AFLNO16,FLNW17,CGMV17] Ø Our focus: MPC with 3 parties Ø Corruption : honest majority Ø Outsourced Computation

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

MPC for small number of parties

Ø Efficiency and Simplicity [MRZ15,AFLNO16,FLNW17,CGMV17] Ø Our focus: MPC with 3 parties Ø Corruption : honest majority Ø Outsourced Computation Ø Pre-processing Model

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

MPC for small number of parties

Ø Efficiency and Simplicity [MRZ15,AFLNO16,FLNW17,CGMV17] Ø Our focus: MPC with 3 parties Ø Corruption : honest majority Ø Outsourced Computation Ø Pre-processing Model § Pre-processing phase

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

MPC for small number of parties

Ø Efficiency and Simplicity [MRZ15,AFLNO16,FLNW17,CGMV17] Ø Our focus: MPC with 3 parties Ø Corruption : honest majority Ø Outsourced Computation Ø Pre-processing Model § Pre-processing phase

q Data-independent Computation q Relatively slow and expensive

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

MPC for small number of parties

Ø Efficiency and Simplicity [MRZ15,AFLNO16,FLNW17,CGMV17] Ø Our focus: MPC with 3 parties Ø Corruption : honest majority Ø Outsourced Computation Ø Pre-processing Model § Pre-processing phase § Online Phase

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

MPC for small number of parties

Ø Efficiency and Simplicity [MRZ15,AFLNO16,FLNW17,CGMV17] Ø Our focus: MPC with 3 parties Ø Corruption : honest majority Ø Outsourced Computation Ø Pre-processing Model § Pre-processing phase § Online Phase

q Minimized communication q Blazing fast

BLAZE PROTOCOL

AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC 26-02-2020

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

BLAZE Protocol

S0 S1 S2

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

BLAZE Protocol

S0 S1 S2

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

BLAZE Protocol

S0 S1 S2

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

BLAZE Protocol

S0 S1 S2

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

BLAZE Protocol

S0 S1 S2

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

BLAZE Protocol

S0 S1 S2

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

BLAZE Protocol

Communication Cost per Multiplication Gate (malicious)

https://eprint.iacr.org/2020/042 BLAZE :

!"#$: &. (

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

BLAZE Protocol

Ref Pre-processing

(#elements)

Online

(#elements)

Security

Araki et al’17 12 9 Abort

Communication Cost per Multiplication Gate (malicious)

https://eprint.iacr.org/2020/042 BLAZE :

!"#$: &. (

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

BLAZE Protocol

Ref Pre-processing

(#elements)

Online

(#elements)

Security

Araki et al’17 ASTRA 12 21 9 4 Abort Fair

Communication Cost per Multiplication Gate (malicious)

https://eprint.iacr.org/2020/042 BLAZE :

!"#$: &. (

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

BLAZE Protocol

Ref Pre-processing

(#elements)

Online

(#elements)

Security

Araki et al’17 ASTRA Boneh et al’19 12 21 9 4 3 Abort Fair Abort

Communication Cost per Multiplication Gate (malicious)

https://eprint.iacr.org/2020/042 BLAZE :

!"#$: &. (

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

BLAZE Protocol

Ref Pre-processing

(#elements)

Online

(#elements)

Security

Araki et al’17 ASTRA Boneh et al’19

BLAZE

12 21

3

9 4 3

3

Abort Fair Abort

Fair Communication Cost per Multiplication Gate (malicious)

https://eprint.iacr.org/2020/042 BLAZE :

!"#$: &. (

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

Privacy Preserving Machine Learning (PPML)

Alice (Model Owner) Model Parameters Bob (Client) Query Result ML Algorithm

Privacy ??

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

Privacy Preserving Machine Learning (PPML)

Alice (Model Owner) Model Parameters Bob (Client) Query Result ML Algorithm Query

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

Privacy Preserving Machine Learning (PPML)

Alice (Model Owner) Model Parameters Bob (Client) Query Result ML Algorithm Model Parameters

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

Solution ??

ML MPC

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

MPC MEETS ML

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

Privacy Preserving Machine Learning (PPML)

Alice (Model Owner) Model Parameters Bob (Client) Query Result ML Algorithm

Use MPC to achieve privacy

MPC

26-02-2020

AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

Alice (Model Owner) Bob (Client) MLaaS (3PC Servers) Model Parameters Query Result

SECURE OUTSOURCED SETTING (SOC)

ML ALGORITHMS CONSIDERED

Linear Regression Logistic Regression Neural Networks

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

Secure Dot Product

PPML using MPC: Hurdles to Clear

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

Secure Dot Product Secure Comparison PPML using MPC: Hurdles to Clear

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

Secure Dot Product Secure Comparison

Embedding Floating point Numbers

PPML using MPC: Hurdles to Clear

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

Secure Dot Product Secure Comparison

Embedding Floating point Numbers

Single bit to Arithmetic Value

PPML using MPC: Hurdles to Clear

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

Secure Dot Product Secure Comparison Embedding Floating point Numbers Single bit to Arithmetic Value Truncation

PPML using MPC: Hurdles to Clear

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

Secure Dot Product Secure Comparison

Embedding Floating point Numbers

Single bit to Arithmetic Value Truncation Non-linear Activation Functions

PPML using MPC: Hurdles to Clear

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

Secure Dot Product Secure Comparison

Embeddin g Floating point Numbers

Single bit to Arithmetic Value Truncation Non-linear Activation Functions and many more ...

PPML using MPC: Hurdles to Clear

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

BLAZE Protocol

Ref Pre-processing

(#elements)

Online

(#elements)

Security

ABY3 12d 9d Abort

https://eprint.iacr.org/2020/042 BLAZE :

Communication Cost per Dot Product d – #elements in each vector !∎# = %

&'( )

*+ . -+

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

BLAZE Protocol

Ref Pre-processing

(#elements)

Online

(#elements)

Security

ABY3 ASTRA 12d 21d 9d 2d+2 Abort Fair

https://eprint.iacr.org/2020/042 BLAZE :

Communication Cost per Dot Product d – #elements in each vector !∎# = %

&'( )

*+ . -+

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

BLAZE Protocol

Ref Pre-processing

(#elements)

Online

(#elements)

Security

ABY3 ASTRA Boneh et al’19* 12d 21d 9d 2d+2 3d Abort Fair Abort

https://eprint.iacr.org/2020/042 BLAZE :

Communication Cost per Dot Product d – #elements in each vector !∎# = %

&'( )

*+ . -+

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

BLAZE Protocol

Ref Pre-processing

(#elements)

Online

(#elements)

Security

ABY3 ASTRA Boneh et al’19*

BLAZE

12d 21d

3d

9d 2d+2 3d

3

Abort Fair Abort

Fair

https://eprint.iacr.org/2020/042 BLAZE :

Communication Cost per Dot Product d – #elements in each vector !∎# = %

&'( )

*+ . -+

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

Summary of Our Benchmarking Results Algorithm

Improvement in terms of Online Throughput

• ver State-of-the-art protocols over WAN

Training Prediction

Linear Regression 333.22 x 194.86 x Logistic Regression 53.19 x 27.52 x Neural Networks

• 276.31x

*Throughput for Training - #iterations processed by servers / minute *Throughput for Prediction - #queries processed by servers / minute

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

Summary of Our Benchmarking Results

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

26-02-2020 AJITH SURESH | CRYPTOGRAPHY AND INFORMATION SECURITY LAB ,CSA, IISC

References

1.

Andrew Chi-Chih Yao. Protocols for secure computations (extended abstract). In FOCS, pages 160-164, 1982.

2.

• P. Mohassel, M. Rosulek, and Y. Zhang. Fast and Secure Three party Computation: Garbled Circuit Approach. In CCS, 2015.

3.

• T. Araki, A. Barak, J. Furukawa, T. Lichter, Y. Lindell, A. Nof, K. Ohara, A. Watzman, and O. Weinstein. Optimized Honest-

Majority MPC for Malicious Adversaries - Breaking the 1 Billion-Gate Per Second Barrier. In IEEE S&P , 2017.

4.

• J. Furukawa, Y. Lindell, A. Nof, and O. Weinstein. High-Throughput Secure Three-Party Computation for Malicious

Adversaries and an Honest Majority. In EUROCRYPT, 2017.

5.

• K. Chida, D. Genkin, K. Hamada, D. Ikarashi, R. Kikuchi, Y. Lindell, and A. Nof. Fast Large-Scale Honest-Majority MPC for

Malicious Adversaries. In CRYPTO, 2018.

6.

• P. Mohassel and P. Rindal, ABY3: A Mixed Protocol Framework for Machine Learning. In ACM CCS, 2018.

7.

• H. Chaudhari, A. Choudhury, A. Patra and A. Suresh. ASTRA: High-throughput 3PC over Rings with Application to Secure

Prediction, In ACM CCSW, 2019.

8.

• D. Boneh, E. Boyle, H. Corrigan{-}Gibbs, N. Gilboa and Y. Ishai. Zero-Knowledge Proofs on Secret-Shared Data via Fully

Linear PCPs. In CRYPTO, 2019.