New Primitives for Actively-Secure MPC over Rings with Applications to Private Machine Learning

Damgård, Ivan; Escudero, Daniel; Frederiksen, Tore Kasper; Keller, Marcel; Schöll, Peter; Volgushev, Nikolaj

doi:10.1109/sp.2019.00078

Cited by 93 publications

(89 citation statements)

References 43 publications

(100 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…This observation has been confirmed in practice [13]. For example, for replicated secret sharing, protocols over rings like Z/2 64 Z can provide up to 8× savings in runtime and memory usage with respect to the field counterpart for some specific applications like neural network evaluation, which are heavy in terms of comparisons [2].…”

Section: Introductionmentioning

confidence: 84%

Efficient Information-Theoretic Secure Multiparty Computation over $$\mathbb {Z}/p^k\mathbb {Z}$$ via Galois Rings

Abspoel

Cramer

Damgård

et al. 2019

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

At CRYPTO 2018, Cramer et al. introduced a secret-sharing based protocol called SPDZ 2 k that allows for secure multiparty computation (MPC) in the dishonest majority setting over the ring of integers modulo 2 k , thus solving a long-standing open question in MPC about secure computation over rings in this setting. In this paper we study this problem in the information-theoretic scenario. More specifically, we ask the following question: Can we obtain information-theoretic MPC protocols that work over rings with comparable efficiency to corresponding protocols over fields? We answer this question in the affirmative by presenting an efficient protocol for robust Secure Multiparty Computation over Z/p k Z (for any prime p and positive integer k) that is perfectly secure against active adversaries corrupting a fraction of at most 1/3 players, and a robust protocol that is statistically secure against an active adversary corrupting a fraction of at most 1/2 players.

show abstract

Section: Introductionmentioning

confidence: 84%

Efficient Information-Theoretic Secure Multiparty Computation over $$\mathbb {Z}/p^k\mathbb {Z}$$ via Galois Rings

Abspoel

Cramer

Damgård

et al. 2019

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…Secure inference of decision trees using MPC has been explored in various works (e.g., [8,11]), and we briefly discuss this in Appendix A.5.3.…”

Section: Related Workmentioning

confidence: 99%

“…For the conversion, the parties need to obtain shares of a random permutation. As in [18] active security we only need to check that the comparator gates that are secret-shared by each party are either 0 or 1, which can be done using standard techniques [11]. Shares of inverse permutation.…”

Section: Conversion To Permutation Networkmentioning

confidence: 99%

See 1 more Smart Citation

Secure training of decision trees with continuous attributes

Abspoel

Escudero

Volgushev

2020

Proceedings on Privacy Enhancing Technologies

Self Cite

View full text Add to dashboard Cite

We apply multiparty computation (MPC) techniques to show, given a database that is secret-shared among multiple mutually distrustful parties, how the parties may obliviously construct a decision tree based on the secret data. We consider data with continuous attributes (i.e., coming from a large domain), and develop a secure version of a learning algorithm similar to the C4.5 or CART algorithms. Previous MPC-based work only focused on decision tree learning with discrete attributes (De Hoogh et al. 2014). Our starting point is to apply an existing generic MPC protocol to a standard decision tree learning algorithm, which we then optimize in several ways. We exploit the fact that even if we allow the data to have continuous values, which a priori might require fixed or floating point representations, the output of the tree learning algorithm only depends on the relative ordering of the data. By obliviously sorting the data we reduce the number of comparisons needed per node to O(N log2N) from the naive O(N2), where N is the number of training records in the dataset, thus making the algorithm feasible for larger datasets. This does however introduce a problem when duplicate values occur in the dataset, but we manage to overcome this problem with a relatively cheap subprotocol. We show a procedure to convert a sorting network into a permutation network of smaller complexity, resulting in a round complexity of O(log N) per layer in the tree. We implement our algorithm in the MP-SPDZ framework and benchmark our implementation for both passive and active three-party computation using arithmetic modulo 264. We apply our implementation to a large scale medical dataset of ≈ 290 000 rows using random forests, and thus demonstrate practical feasibility of using MPC for privacy-preserving machine learning based on decision trees for large datasets.

show abstract

“…There has been a recent paradigm shift of designing MPC over rings, considering the fact that computer architectures use rings of size 32 or 64 bits. Designing and implementing MPC protocols over rings can leverage CPU optimizations and have been proven to have a significant impact on efficiency [21], [34], [37]- [39]. Furthermore, operating over rings avoids the need to overload basic operations such as addition and multiplication during implementation, or rely on an external library as compared to working over prime order fields.…”

Section: Introductionmentioning

confidence: 99%

BLAZE: Blazing Fast Privacy-Preserving Machine Learning

Patra¹,

Suresh²

2020

Proceedings 2020 Network and Distributed System Security Symposium

101

View full text Add to dashboard Cite

Proof: During the preprocessing phase, servers execute the preprocessing phase corresponding to n instances of Π mult protocol, resulting in a communication of 3n ring elements (Lemma C.8). In parallel, servers execute one instance of Π trgen protocol resulting in an additional communication of 2 ring elements (Lemma C.9).The online phase is similar to that of Π dotp protocol apart from servers P 1 , P 2 computing additive shares of z − r, where z = x y, which results in a communication of 2 ring elements. This is followed by servers P 1 , P 2 executing one instance of Π jsh protocol on the truncated value of z to generate its arithmetic sharing. This incurs a communication of 1 ring element. This is followed by servers locally adding their shares. Hence, the online phase requires 1 round and an amortized communication of 3 ring elements. 4) Activation Functions:Lemma C.11 (Communication). Protocol relu requires 5 rounds and an amortized communication of 12 +9p bits in the preprocessing phase and requires 3 rounds and an amortized communication of 7 + 3p + 1 bits in the online phase. Here p denotes the size of the larger field which is p = + 25 in this work.Proof: One instance of relu protocol involves the execution of one instance of Π bitext , Π bit2A , and Π mult . Hence the cost follows from Lemma C.6, Lemma C.7 and Lemma C.5.

show abstract

New Primitives for Actively-Secure MPC over Rings with Applications to Private Machine Learning

Cited by 93 publications

References 43 publications

Efficient Information-Theoretic Secure Multiparty Computation over $$\mathbb {Z}/p^k\mathbb {Z}$$ via Galois Rings

Efficient Information-Theoretic Secure Multiparty Computation over $$\mathbb {Z}/p^k\mathbb {Z}$$ via Galois Rings

Secure training of decision trees with continuous attributes

BLAZE: Blazing Fast Privacy-Preserving Machine Learning

Contact Info

Product

Resources

About