Last modified: 2018-07-07
Abstract
Machine Learning is a field of study that gives computers the ability to “learn†without being explicitly programmed (Sir Arthur Samuel). It has been widely used to analyze various kinds of data. Including the ones that are quite often confidential such as medical or financial data. Privacy is the trade-off if we wish others to analyze our confidential data.
Homomorphic Encryption can be used to overcome the problem described in the last paragraph. It gives a class of machine learning models the ability to take an encrypted input and produce encrypted output [1], so a person with a trained machine learning model will still be able to help people analyze their confidential data without having to know what the content of the data is. Furthermore, because the output is still in encrypted form, anyone else without the key will not be able to know the data analysis result, including the data analyst himself.
Gilad-Bachrach et al. have shown in their remarkable paper that it is possible to create a machine learning model that is accurate, secure, private, and have a high throughput [1]. They train a deep convolutional neural network model named Cryptonets with MNIST dataset. They use YASHE’ fully homomorphic encryption scheme [2] to encrypt the test set and evaluate the trained model with the encrypted test set. The model achieved 98.9 % accuracy.
In this work, we will also train a machine learning model with MNIST dataset [3], the “hello world†of Computer Vision. We will try to use a partially homomorphic encryption scheme instead of a fully homomorphic encryption scheme. The nature of partially homomorphic encryption only allows us to use either addition or multiplication of ciphertexts. We will use Paillier homomorphic encryption scheme [4] that supports addition of ciphertexts and additionally supports multiplication of a ciphertext with an unencrypted number (scalar multiplication in ciphertext space). By addition and scalar multiplication in hand, we can create a shallow neural networks model.
This paper will not cover the details of how to train a neural network and the security level of Paillier homomorphic encryption. We will be focusing on how to make use of the structure of a shallow neural network model so that it can take an input data encrypted by Paillier homomorphic encryption.
Our trained neural network model achieved 92.45% accuracy when evaluated on the encrypted test set. This shows that by just using partially homomorphic encryption and shallow neural networks we can preserve the privacy of data that is about to be analyzed by a machine learning model while still having a considerable accuracy.