1. bookVolume 2020 (2020): Issue 2 (April 2020)
Journal Details
First Published
16 Apr 2015
Publication timeframe
4 times per year
access type Open Access

FLASH: Fast and Robust Framework for Privacy-preserving Machine Learning

Published Online: 08 May 2020
Page range: 459 - 480
Received: 31 Aug 2019
Accepted: 16 Dec 2019
Journal Details
First Published
16 Apr 2015
Publication timeframe
4 times per year

Privacy-preserving machine learning (PPML) via Secure Multi-party Computation (MPC) has gained momentum in the recent past. Assuming a minimal network of pair-wise private channels, we propose an efficient four-party PPML framework over rings ℤ2ℓ, FLASH, the first of its kind in the regime of PPML framework, that achieves the strongest security notion of Guaranteed Output Delivery (all parties obtain the output irrespective of adversary’s behaviour). The state of the art ML frameworks such as ABY3 by Mohassel et.al (ACM CCS’18) and SecureNN by Wagh et.al (PETS’19) operate in the setting of 3 parties with one malicious corruption but achieve the weaker security guarantee of abort. We demonstrate PPML with real-time efficiency, using the following custom-made tools that overcome the limitations of the aforementioned state-of-the-art– (a) dot product, which is independent of the vector size unlike the state-of-the-art ABY3, SecureNN and ASTRA by Chaudhari et.al (ACM CCSW’19), all of which have linear dependence on the vector size. (b) Truncation and MSB Extraction, which are constant round and free of circuits like Parallel Prefix Adder (PPA) and Ripple Carry Adder (RCA), unlike ABY3 which uses these circuits and has round complexity of the order of depth of these circuits. We then exhibit the application of our FLASH framework in the secure server-aided prediction of vital algorithms– Linear Regression, Logistic Regression, Deep Neural Networks, and Binarized Neural Networks. We substantiate our theoretical claims through improvement in benchmarks of the aforementioned algorithms when compared with the current best framework ABY3. All the protocols are implemented over a 64-bit ring in LAN and WAN. Our experiments demonstrate that, for MNIST dataset, the improvement (in terms of throughput) ranges from 24 × to 1390 × over LAN and WAN together.


[1] A.Barak, D.Escudero, A.P.K.Dalskov, and M.Keller. Secure evaluation of quantized neural networks. IACR Cryptology ePrint Archive, 2019.Search in Google Scholar

[2] Á.Kiss, M.Naderpour, J.Liu, N. Asokan, and T.Schneider. Sok: Modular and efficient private decision tree evaluation. In PoPETs, 2018.Search in Google Scholar

[3] T. Araki, A. Barak, J. Furukawa, T. Lichter, Y. Lindell, A. Nof, K. Ohara, A. Watzman, and O. Weinstein. Optimized Honest-Majority MPC for Malicious Adversaries -Breaking the 1 Billion-Gate Per Second Barrier. In IEEE S&P, 2017.Search in Google Scholar

[4] T. Araki, A. Barak, J. Furukawa, Y. Lindell, A. Nof, and K. Ohara. DEMO: high-throughput secure three-party computation of kerberos ticket generation. In ACM CCS, 2016.Search in Google Scholar

[5] T. Araki, J. Furukawa, Y. Lindell, A. Nof, and K. Ohara. High-Throughput Semi-Honest Secure Three-Party Computation with an Honest Majority. In ACM CCS, 2016.Search in Google Scholar

[6] A.Tueno, F.Kerschbaum, and S.Katzenbeisser. Private evaluation of decision trees using sublinear cost. In PoPETs, 2019.Search in Google Scholar

[7] A. Ben-David, N. Nisan, and B. Pinkas. Fairplaymp: a system for secure multi-party computation. In ACM CCS, 2008.Search in Google Scholar

[8] M. Ben-Or, S. Goldwasser, and A. Wigderson. Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation (Extended Abstract). In ACM STOC, 1988.Search in Google Scholar

[9] D. Bogdanov, S. Laur, and J. Willemson. Sharemind: A framework for fast privacy-preserving computations. In ESORICS, 2008.Search in Google Scholar

[10] P. Bogetoft, D. L. Christensen, I. Damgård, M. Geisler, T. P. Jakobsen, M. Krøigaard, J. D. Nielsen, J. B. Nielsen, K. Nielsen, J. Pagter, M. I. Schwartzbach, and T. Toft. Secure Multiparty Computation Goes Live. In FC, 2009.Search in Google Scholar

[11] D. Boneh, E. Boyle, H. Corrigan-Gibbs, N. Gilboa, and Y. Ishai. How to prove a secret: Zero-knowledge proofs on distributed data via fully linear pcps. CRYPTO, 2019.Search in Google Scholar

[12] M. Byali, C. Hazay, A. Patra, and S. Singla. Fast actively secure five-party computation with security beyond abort. In ACM CCS, 2019.Search in Google Scholar

[13] M. Byali, A. Joseph, A. Patra, and D. Ravi. Fast secure computation for small population over the internet. ACM CCS, 2018.Search in Google Scholar

[14] H. Chaudhari, A. Choudhury, A. Patra, and A. Suresh. ASTRA: High-throughput 3PC over Rings with Application to Secure Prediction. In ACM CCSW, 2019.Search in Google Scholar

[15] K. Chida, D. Genkin, K. Hamada, D. Ikarashi, R. Kikuchi, Y. Lindell, and A. Nof. Fast large-scale honest-majority MPC for malicious adversaries. In CRYPTO, 2018.Search in Google Scholar

[16] R. Cleve. Limits on the security of coin flips when half the processors are faulty (extended abstract). In ACM STOC, 1986.Search in Google Scholar

[17] R. Cohen and Y. Lindell. Fairness versus guaranteed output delivery in secure multiparty computation. In ASIACRYPT, 2014.Search in Google Scholar

[18] Cryptography and Privacy Engineering Group at TU Darmstadt. ENCRYPTO Utils. https://github.com/encryptogroup/ENCRYPTO_utils, 2017.Search in Google Scholar

[19] I. Damgård, M. Keller, E. Larraia, V. Pastro, P. Scholl, and N. P. Smart. Practical covertly secure MPC for dishonest majority - or: Breaking the SPDZ limits. In ESORICS, 2013.Search in Google Scholar

[20] I. Damgård, C. Orlandi, and M. Simkin. Yet another compiler for active security or: Efficient MPC over arbitrary rings. CRYPTO, 2018.Search in Google Scholar

[21] I. Damgård, V. Pastro, N. P. Smart, and S. Zakarias. Multiparty Computation from Somewhat Homomorphic Encryption. In CRYPTO, 2012.Search in Google Scholar

[22] H. Darwood. Epicurious - recipes with rating and nutrition. 2017.Search in Google Scholar

[23] D. Demmler, T. Schneider, and M. Zohner. ABY - A Framework for Efficient Mixed-Protocol Secure Two-Party Computation. In NDSS, 2015.Search in Google Scholar

[24] H. Eerikson, C. Orlandi, P. Pullonen, J. Puura, and M. Simkin. Use your brain! arithmetic 3pc for any modulus with active security. IACR Cryptology ePrint Archive, 2019.Search in Google Scholar

[25] A. Esteva, B. Kuprel, R. A. Novoa, J. Ko, S. M. Swetter, H. M. Blau, and S. Thrun. Dermatologist-level classification of skin cancer with deep neural networks. Nature, 2017.Search in Google Scholar

[26] J. Furukawa, Y. Lindell, A. Nof, and O. Weinstein. High-Throughput Secure Three-Party Computation for Malicious Adversaries and an Honest Majority. In EUROCRYPT, 2017.Search in Google Scholar

[27] M. Geisler. Viff: Virtual ideal functionality framework, 2007.Search in Google Scholar

[28] O. Goldreich, S. Micali, and A. Wigderson. How to Play any Mental Game or A Completeness Theorem for Protocols with Honest Majority. In STOC, 1987.Search in Google Scholar

[29] S. D. Gordon, S. Ranellucci, and X. Wang. Secure computation with low communication from cross-checking. In ASIACRYPT, 2018.Search in Google Scholar

[30] D. Harrison and D. L Rubinfeld. Hedonic housing prices and the demand for clean air. Journal of Environmental Economics and Management, 1978.Search in Google Scholar

[31] W. Hickey. The ultimate halloween candy power ranking. 2017.Search in Google Scholar

[32] I. Hubara, M. Courbariaux, D. Soudry, R. El-Yaniv, and Y. Bengio. Binarized neural networks. In NIPS, 2016.Search in Google Scholar

[33] Y. Ishai, J. Kilian, K. Nissim, and E. Petrank. Extending Oblivious Transfers Efficiently. In CRYPTO, 2003.Search in Google Scholar

[34] Y. Ishai, R. Kumaresan, E. Kushilevitz, and A. Paskin-Cherniavsky. Secure computation with minimal interaction, revisited. In CRYPTO, 2015.Search in Google Scholar

[35] J.So, B.Guler, A.S.Avestimehr, and P.Mohassel. Coded-privateml: A fast and privacy-preserving framework for distributed machine learning. CoRR, 2019.Search in Google Scholar

[36] C. Juvekar, V. Vaikuntanathan, and A. Chandrakasan. GAZELLE: A low latency framework for secure neural network inference. In USENIX, 2018.Search in Google Scholar

[37] H. Kitai, J. P. Cruz, N. Yanai, N. Nishida, T. Oba, Y. Unagami, T. Teruya, N. Attrapadung, T. Matsuda, and G. Hanaoka. MOBIUS: model-oblivious binarized neural networks. CoRR, 2018.Search in Google Scholar

[38] Yann LeCun and Corinna Cortes. MNIST handwritten digit database. 2010.Search in Google Scholar

[39] Y. Lindell. Fast cut-and-choose-based protocols for malicious and covert adversaries. J. Cryptology, 2016.Search in Google Scholar

[40] Y. Lindell and B. Pinkas. An efficient protocol for secure two-party computation in the presence of malicious adversaries. In EUROCRYPT, 2007.Search in Google Scholar

[41] E. Makri, D. Rotaru, N. P. Smart, and F. Vercauteren. EPIC: efficient private image classification (or: Learning from the masters). CT-RSA, 2018.Search in Google Scholar

[42] P. Mohassel and M. K. Franklin. Efficiency tradeoffs for malicious two-party computation. In PKC, 2006.Search in Google Scholar

[43] P. Mohassel and P. Rindal. ABY3: A Mixed Protocol Framework for Machine Learning. In ACM CCS, 2018.Search in Google Scholar

[44] P. Mohassel, M. Rosulek, and Y. Zhang. Fast and Secure Three-party Computation: Garbled Circuit Approach. In CCS, 2015.Search in Google Scholar

[45] P. Mohassel and Y. Zhang. Secureml: A system for scalable privacy-preserving machine learning. In IEEE S&P, 2017.Search in Google Scholar

[46] M.S.Riazi, M.Samragh, H.Chen, K.Laine, K.E.Lauter, and F.Koushanfar. XONN: xnor-based oblivious deep neural network inference. 2019.Search in Google Scholar

[47] J. B. Nielsen and C. Orlandi. Cross and clean: Amortized garbled circuits with constant overhead. In TCC, 2016.Search in Google Scholar

[48] NOAA. Weather conditions in world war two. 2017.Search in Google Scholar

[49] P. S. Nordholt and M. Veeningen. Minimising Communication in Honest-Majority MPC by Batchwise Multiplication Verification. In ACNS, 2018.Search in Google Scholar

[50] A. Patra and D. Ravi. On the exact round complexity of secure three-party computation. CRYPTO, 2018.Search in Google Scholar

[51] M. S. Riazi, C. Weinert, O. Tkachenko, E. M. Songhori, T. Schneider, and F. Koushanfar. Chameleon: A hybrid secure computation framework for machine learning applications. In AsiaCCS, 2018.Search in Google Scholar

[52] F. Schroff, D. Kalenichenko, and J. Philbin. Facenet: A unified embedding for face recognition and clustering. In IEEE CVPR, 2015.Search in Google Scholar

[53] S. Wagh, D. Gupta, and N. Chandran. Securenn: Efficient and private neural network training. 19th Privacy Enhancing Technologies Symposium, 2019.Search in Google Scholar

[54] A. C. Yao. Protocols for Secure Computations. In FOCS, 1982.Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo