1. bookVolume 2021 (2021): Issue 4 (October 2021)
Zeitschriftendaten
License
Format
Zeitschrift
Erstveröffentlichung
16 Apr 2015
Erscheinungsweise
4 Hefte pro Jahr
Sprachen
Englisch
access type Open Access

SoK: Privacy-Preserving Computation Techniques for Deep Learning

Online veröffentlicht: 23 Jul 2021
Seitenbereich: 139 - 162
Eingereicht: 28 Feb 2021
Akzeptiert: 16 Jun 2021
Zeitschriftendaten
License
Format
Zeitschrift
Erstveröffentlichung
16 Apr 2015
Erscheinungsweise
4 Hefte pro Jahr
Sprachen
Englisch

[1] James B Heaton, Nick G Polson, and Jan Hendrik Witte. Deep learning for finance: deep portfolios. Applied Stochastic Models in Business and Industry, 33(1):3–12, 2017. Search in Google Scholar

[2] Daniel S Berman, Anna L Buczak, Jeffrey S Chavis, and Cherita L Corbett. A survey of deep learning methods for cyber security. Information, 10(4):122, 2019. Search in Google Scholar

[3] Eric J Topol. High-performance medicine: the convergence of human and artificial intelligence. Nature medicine, 25(1):44–56, 2019. Search in Google Scholar

[4] Nicolas Papernot, Patrick McDaniel, Arunesh Sinha, and Michael P Wellman. Sok: Security and privacy in machine learning. In 2018 IEEE European Symposium on Security and Privacy (EuroS&P), pages 399–414. IEEE, 2018. Search in Google Scholar

[5] François Chollet et al. Keras. https://github.com/fchollet/keras, 2015. Search in Google Scholar

[6] Martín Abadi, Ashish Agarwal, Paul Barham, Eugene Brevdo, Zhifeng Chen, Craig Citro, Greg S Corrado, Andy Davis, Jeffrey Dean, Matthieu Devin, et al. Tensorflow: Large-scale machine learning on heterogeneous distributed systems. arXiv preprint:1603.04467, 2016. Search in Google Scholar

[7] Adam Paszke, Sam Gross, Soumith Chintala, Gregory Chanan, Edward Yang, Zachary DeVito, Zeming Lin, Alban Desmaison, Luca Antiga, and Adam Lerer. Automatic differentiation in PyTorch. 2017. Search in Google Scholar

[8] M Sadegh Riazi, Bita Darvish Rouani, and Farinaz Koushanfar. Deep learning on private data. IEEE Security & Privacy, 17(6):54–63, 2019. Search in Google Scholar

[9] Harry Chandra Tanuwidjaja, Rakyong Choi, Seunggeun Baek, and Kwangjo Kim. Privacy-preserving deep learning on machine learning as a service—a comprehensive survey. IEEE Access, 8:167425–167447, 2020. Search in Google Scholar

[10] D Julkowska, CP Austin, CM Cutillo, D Gancberg, C Hager, J Halftermeyer, AH Jonker, LPL Lau, I Norstedt, A Rath, et al. The importance of international collaboration for rare diseases research: a european perspective. Gene therapy, 24(9):562–571, 2017. Search in Google Scholar

[11] Huili Chen, Siam Umar Hussain, Fabian Boemer, Emmanuel Stapf, Ahmad Reza Sadeghi, Farinaz Koushanfar, and Rosario Cammarota. Developing privacy-preserving ai systems: the lessons learned. In 2020 57th ACM/IEEE Design Automation Conference (DAC), pages 1–4. IEEE, 2020. Search in Google Scholar

[12] Battista Biggio and Fabio Roli. Wild patterns: Ten years after the rise of adversarial machine learning. Pattern Recognition, 84:317–331, 2018. Search in Google Scholar

[13] Ram Shankar Siva Kumar, Magnus Nyström, John Lambert, Andrew Marshall, Mario Goertzel, Andi Comissoneru, Matt Swann, and Sharon Xia. Adversarial machine learning-industry perspectives. In 2020 IEEE Security and Privacy Workshops (SPW), pages 69–75. IEEE, 2020. Search in Google Scholar

[14] Monir Azraoui, Muhammad Bahram, Beyza Bozdemir, Sébastien Canard, Eleonora Ciceri, Orhan Ermis, Ramy Masalha, Marco Mosconi, Melek Önen, Marie Paindavoine, et al. Sok: Cryptography for neural networks. In IFIP International Summer School on Privacy and Identity Management, pages 63–81. Springer, 2019. Search in Google Scholar

[15] Georgios A Kaissis, Marcus R Makowski, Daniel Rückert, and Rickmer F Braren. Secure, privacy-preserving and federated machine learning in medical imaging. Nature Machine Intelligence, pages 1–7, 2020. Search in Google Scholar

[16] Ting Wang and Ling Liu. Output privacy in data mining. ACM Transactions on Database Systems, 36(1):1–34, 2011. Search in Google Scholar

[17] Reza Shokri, Marco Stronati, Congzheng Song, and Vitaly Shmatikov. Membership inference attacks against machine learning models. In 2017 IEEE Symposium on Security and Privacy (SP), pages 3–18. IEEE, 2017. Search in Google Scholar

[18] Matt Fredrikson, Somesh Jha, and Thomas Ristenpart. Model inversion attacks that exploit confidence information and basic countermeasures. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 1322–1333, 2015. Search in Google Scholar

[19] Florian Tramèr, Fan Zhang, Ari Juels, Michael K Reiter, and Thomas Ristenpart. Stealing machine learning models via prediction apis. In 25th {USENIX} Security Symposium ({USENIX} Security 16), pages 601–618, 2016. Search in Google Scholar

[20] Yehuda Lindell. Secure multiparty computation. Commun. ACM, 64(1):86–96, December 2020. Search in Google Scholar

[21] O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game. In Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing, STOC ’87, page 218–229, New York, NY, USA, 1987. Association for Computing Machinery. Search in Google Scholar

[22] Oded Goldreich, Silvio Micali, and Avi Wigderson. How to solve any protocol problem. In Proc. of STOC, 1987. Search in Google Scholar

[23] Cynthia Dwork, Aaron Roth, et al. The algorithmic foundations of differential privacy. Foundations and Trends in Theoretical Computer Science, 9(3-4):211–407, 2014. Search in Google Scholar

[24] Latanya Sweeney. k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, 10(05):557–570, 2002. Search in Google Scholar

[25] Ashwin Machanavajjhala, Daniel Kifer, Johannes Gehrke, and Muthuramakrishnan Venkitasubramaniam. l-diversity: Privacy beyond k-anonymity. ACM Transactions on Knowledge Discovery from Data (TKDD), 1(1):3–es, 2007. Search in Google Scholar

[26] Ninghui Li, Tiancheng Li, and Suresh Venkatasubramanian. t-closeness: Privacy beyond k-anonymity and l-diversity. In 2007 IEEE 23rd International Conference on Data Engineering, pages 106–115. IEEE, 2007. Search in Google Scholar

[27] Victor Costan and Srinivas Devadas. Intel sgx explained. IACR Cryptol. ePrint Arch., 2016(86):1–118, 2016. Search in Google Scholar

[28] David Kaplan, Jeremy Powell, and Tom Woller. Amd memory encryption. White paper, 2016. Search in Google Scholar

[29] Johannes Winter. Trusted computing building blocks for embedded linux-based arm trustzone platforms. In Proceedings of the 3rd ACM workshop on Scalable trusted computing, pages 21–30, 2008. Search in Google Scholar

[30] Tyler Hunt, Congzheng Song, Reza Shokri, Vitaly Shmatikov, and Emmett Witchel. Chiron: Privacy-preserving machine learning as a service. arXiv preprint:1803.05961, 2018. Search in Google Scholar

[31] Nick Hynes, Raymond Cheng, and Dawn Song. Efficient deep learning on multi-source private data. arXiv preprint:1807.06689, 2018. Search in Google Scholar

[32] Florian Tramer and Dan Boneh. Slalom: Fast, verifiable and private execution of neural networks in trusted hardware. arXiv preprint:1806.03287, 2018. Search in Google Scholar

[33] Ahmad Moghimi, Gorka Irazoqui, and Thomas Eisenbarth. Cachezoom: How sgx amplifies the power of cache attacks. In International Conference on Cryptographic Hardware and Embedded Systems, pages 69–90. Springer, 2017. Search in Google Scholar

[34] Zhao-Hui Du, Zhiwei Ying, Zhenke Ma, Yufei Mai, Phoebe Wang, Jesse Liu, and Jesse Fang. Secure encrypted virtualization is unsecure. arXiv preprint:1712.05090, 2017. Search in Google Scholar

[35] Jakub Kone£n`y, H Brendan McMahan, Daniel Ramage, and Peter Richtárik. Federated optimization: Distributed machine learning for on-device intelligence. arXiv preprint:1610.02527, 2016. Search in Google Scholar

[36] Reza Shokri and Vitaly Shmatikov. Privacy-preserving deep learning. In Proceedings of the 22nd ACM SIGSAC conference on computer and communications security, pages 1310–1321, 2015. Search in Google Scholar

[37] Sinem Sav, Apostolos Pyrgelis, Juan R Troncoso-Pastoriza, David Froelicher, Jean-Philippe Bossuat, Joao Sa Sousa, and Jean-Pierre Hubaux. POSEIDON: Privacy-preserving federated neural network learning. arXiv preprint:2009.00349, 2020. Search in Google Scholar

[38] Tao Yu, Eugene Bagdasaryan, and Vitaly Shmatikov. Salvaging federated learning by local adaptation. arXiv preprint:2002.04758, 2020. Search in Google Scholar

[39] Peter Kairouz, H Brendan McMahan, Brendan Avent, Aurélien Bellet, Mehdi Bennis, Arjun Nitin Bhagoji, Keith Bonawitz, Zachary Charles, Graham Cormode, Rachel Cummings, et al. Advances and open problems in federated learning. arXiv preprint:1912.04977, 2019. Search in Google Scholar

[40] Keith Bonawitz, Hubert Eichner, Wolfgang Grieskamp, Dzmitry Huba, Alex Ingerman, Vladimir Ivanov, Chloe Kiddon, Jakub Kone£n`y, Stefano Mazzocchi, H Brendan McMahan, et al. Towards federated learning at scale: System design. arXiv preprint:1902.01046, 2019. Search in Google Scholar

[41] Martin Abadi, Andy Chu, Ian Goodfellow, H Brendan McMahan, Ilya Mironov, Kunal Talwar, and Li Zhang. Deep learning with differential privacy. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 308–318, 2016. Search in Google Scholar

[42] Nicolas Papernot, Martín Abadi, Ulfar Erlingsson, Ian Goodfellow, and Kunal Talwar. Semi-supervised knowledge transfer for deep learning from private training data. arXiv preprint:1610.05755, 2016. Search in Google Scholar

[43] Nicolas Papernot, Shuang Song, Ilya Mironov, Ananth Raghunathan, Kunal Talwar, and Úlfar Erlingsson. Scal-able private learning with PATE. arXiv preprint:1802.08908, 2018. Search in Google Scholar

[44] Ian Goodfellow, Jean Pouget-Abadie, Mehdi Mirza, Bing Xu, David Warde-Farley, Sherjil Ozair, Aaron Courville, and Yoshua Bengio. Generative adversarial nets. In Advances in neural information processing systems, pages 2672–2680, 2014. Search in Google Scholar

[45] James Jordon, Jinsung Yoon, and Mihaela van der Schaar. PATE-GAN: Generating synthetic data with differential privacy guarantees. In International Conference on Learning Representations, 2018. Search in Google Scholar

[46] Úlfar Erlingsson, Vasyl Pihur, and Aleksandra Korolova. Rappor: Randomized aggregatable privacy-preserving ordinal response. In Proceedings of the 2014 ACM SIGSAC conference on computer and communications security, pages 1054–1067, 2014. Search in Google Scholar

[47] Damien Desfontaines and Balázs Pejó. Sok: Differential privacies. CoRR, abs/1906.01337, 2019. Search in Google Scholar

[48] Ahmad-Reza Sadeghi and Thomas Schneider. Generalized universal circuits for secure evaluation of private functions with application to data classification. In International Conference on Information Security and Cryptology, pages 336–353. Springer, 2008. Search in Google Scholar

[49] Olga Ohrimenko, Felix Schuster, Cédric Fournet, Aastha Mehta, Sebastian Nowozin, Kapil Vaswani, and Manuel Costa. Oblivious multi-party machine learning on trusted processors. In 25th USENIX Security Symposium (USENIX Security 16), pages 619–636, 2016. Search in Google Scholar

[50] Payman Mohassel and Yupeng Zhang. SecureML: A system for scalable privacy-preserving machine learning. In Proceedings of the IEEE Symposium on Security and Privacy, pages 19–38. IEEE, 2017. Search in Google Scholar

[51] Ronald L Rivest, Adi Shamir, and Leonard Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–126, 1978. Search in Google Scholar

[52] Taher ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE transactions on information theory, 31(4):469–472, 1985. Search in Google Scholar

[53] Pascal Paillier. Public-key cryptosystems based on composite degree residuosity classes. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), volume 1592, pages 223–238. Springer Verlag, 1999. Search in Google Scholar

[54] Oded Regev. On lattices, learning with errors, random linear codes, and cryptography. Journal of the ACM (JACM), 56(6):1–40, 2009. Search in Google Scholar

[55] Craig Gentry. A fully homomorphic encryption scheme. PhD thesis, Stanford University, 2009. crypto.stanford.edu/craig. Search in Google Scholar

[56] Zvika Brakerski, Craig Gentry, and Vinod Vaikuntanathan. (leveled) fully homomorphic encryption without bootstrapping. ACM Transactions on Computation Theory (TOCT), 6(3):1–36, 2014. Search in Google Scholar

[57] Léo Ducas and Daniele Micciancio. FHEW: bootstrapping homomorphic encryption in less than a second. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 617–640. Springer, 2015. Search in Google Scholar

[58] Junfeng Fan and Frederik Vercauteren. Somewhat practical fully homomorphic encryption. IACR Cryptol. ePrint Arch., 2012:144, 2012. Search in Google Scholar

[59] Zvika Brakerski, Craig Gentry, and Vinod Vaikuntanathan. (leveled) fully homomorphic encryption without bootstrapping. ACM Transactions on Computation Theory (TOCT), 6(3):1–36, 2014. Search in Google Scholar

[60] Craig Gentry, Amit Sahai, and Brent Waters. Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attribute-based. In Annual Cryptology Conference, pages 75–92. Springer, 2013. Search in Google Scholar

[61] Ilaria Chillotti, Nicolas Gama, Mariya Georgieva, and Malika Izabachene. Faster fully homomorphic encryption: Bootstrapping in less than 0.1 seconds. In international conference on the theory and application of cryptology and information security, pages 3–33. Springer, 2016. Search in Google Scholar

[62] Jung Hee Cheon, Andrey Kim, Miran Kim, and Yongsoo Song. Homomorphic encryption for arithmetic of approximate numbers. In International Conference on the Theory and Application of Cryptology and Information Security, pages 409–437. Springer, 2017. Search in Google Scholar

[63] Microsoft SEAL (release 3.6). https://github.com/Microsoft/SEAL, November 2020. Microsoft Research, Redmond, WA. Search in Google Scholar

[64] Shai Halevi and Victor Shoup. Algorithms in helib. Cryptology ePrint Archive, Report 2014/106, 2014. https://eprint.iacr.org/2014/106. Search in Google Scholar

[65] Yuriy Polyakov, Kurt Rohloff, and Gerard W Ryan. PALISADE lattice cryptography library user manual. Cybersecurity Research Center, New Jersey Institute of Technology (NJIT), Tech. Rep, 2017. Search in Google Scholar

[66] Ilaria Chillotti, Nicolas Gama, Mariya Georgieva, and Malika Izabachène. Tfhe: fast fully homomorphic encryption over the torus. Journal of Cryptology, 33(1):34–91, 2020. Search in Google Scholar

[67] David W Archer, José Manuel Calderón Trilla, Jason Dagit, Alex Malozemoff, Yuriy Polyakov, Kurt Rohloff, and Gerard Ryan. Ramparts: A programmer-friendly system for building homomorphic encryption applications. In Proceedings of the 7th ACM Workshop on Encrypted Computing & Applied Homomorphic Cryptography, pages 57–68, 2019. Search in Google Scholar

[68] Sergiu Carpov, Paul Dubrulle, and Renaud Sirdey. Armadillo: a compilation chain for privacy preserving applications. In Proceedings of the 3rd International Workshop on Security in Cloud Computing, pages 13–19, 2015. Search in Google Scholar

[69] Michael O Rabin. How to exchange secrets with oblivious transfer. IACR Cryptol. ePrint Arch., 2005(187), 2005. Search in Google Scholar

[70] Moni Naor and Benny Pinkas. Oblivious transfer and polynomial evaluation. In Proceedings of the 31st ACM Symposium on Theory of Computing, pages 245–254, 1999. Search in Google Scholar

[71] A. C. Yao. How to generate and exchange secrets. In 27th Annual Symposium on Foundations of Computer Science, pages 162–167, 1986. Search in Google Scholar

[72] Benny Pinkas, Thomas Schneider, Nigel P Smart, and Stephen C Williams. Secure two-party computation is practical. In International conference on the theory and application of cryptology and information security, pages 250–267. Springer, 2009. Search in Google Scholar

[73] Samee Zahur, Mike Rosulek, and David Evans. Two halves make a whole. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 220–250. Springer, 2015. Search in Google Scholar

[74] Vladimir Kolesnikov and Thomas Schneider. Improved garbled circuit: Free XOR gates and applications. In International Colloquium on Automata, Languages, and Programming, pages 486–498. Springer, 2008. Search in Google Scholar

[75] Vladimir Kolesnikov, Payman Mohassel, and Mike Rosulek. FleXOR: Flexible garbling for xor gates that beats free-xor. In Annual Cryptology Conference, pages 440–457. Springer, 2014. Search in Google Scholar

[76] Moni Naor, Benny Pinkas, and Reuban Sumner. Privacy preserving auctions and mechanism design. In Proceedings of the 1st ACM conference on Electronic commerce, pages 129–139, 1999. Search in Google Scholar

[77] Donald Beaver, Silvio Micali, and Phillip Rogaway. The round complexity of secure protocols. In Proceedings of the twenty-second annual ACM symposium on Theory of computing, pages 503–513, 1990. Search in Google Scholar

[78] Shafi Goldwasser, Silvio Micali, and Charles Rackoff. The knowledge complexity of interactive proof systems. SIAM Journal on computing, 18(1):186–208, 1989. Search in Google Scholar

[79] Adi Shamir. How to share a secret. Communications of the ACM, 22(11):612–613, 1979. Search in Google Scholar

[80] Rosario Gennaro, Michael O Rabin, and Tal Rabin. Simplified vss and fast-track multiparty computations with applications to threshold cryptography. In Proceedings of the seventeenth annual ACM symposium on Principles of distributed computing, pages 101–111, 1998. Search in Google Scholar

[81] George Robert Blakley. Safeguarding cryptographic keys. In 1979 International Workshop on Managing Requirements Knowledge (MARK), pages 313–318. IEEE, 1979. Search in Google Scholar

[82] Donald Beaver. Efficient multiparty protocols using circuit randomization. In Annual International Cryptology Conference, pages 420–432. Springer, 1991. Search in Google Scholar

[83] Paul Feldman. A practical scheme for non-interactive verifiable secret sharing. In 28th Annual Symposium on Foundations of Computer Science, pages 427–438. IEEE, 1987. Search in Google Scholar

[84] Benny Chor, Shafi Goldwasser, Silvio Micali, and Baruch Awerbuch. Verifiable secret sharing and achieving simultaneity in the presence of faults. In 26th Annual Symposium on Foundations of Computer Science, pages 383–395. IEEE, 1985. Search in Google Scholar

[85] Oded Goldreich, Silvio Micali, and Avi Wigderson. Proofs that yield nothing but their validity or all languages in np have zero-knowledge proof systems. Journal of the ACM (JACM), 38(3):690–728, 1991. Search in Google Scholar

[86] Michael Ben-Or, Shafi Goldwasser, and Avi Wigderson. Completeness theorems for non-cryptographic fault-tolerant distributed computation. In Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, STOC ’88, page 1–10, New York, NY, USA, 1988. ACM. Search in Google Scholar

[87] Manuel Blum, Paul Feldman, and Silvio Micali. Noninteractive zero-knowledge and its applications. In Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, STOC ’88, page 103–112, New York, NY, USA, 1988. Association for Computing Machinery. Search in Google Scholar

[88] Paul Feldman and Silvio Micali. An optimal probabilistic algorithm for synchronous byzantine agreement. In International Colloquium on Automata, Languages, and Programming, pages 341–378. Springer, 1989. Search in Google Scholar

[89] Manuel Blum. Coin flipping by telephone a protocol for solving impossible problems. ACM SIGACT News, 15(1):23–27, 1983. Search in Google Scholar

[90] Ivan Damgård, Valerio Pastro, Nigel Smart, and Sarah Zakarias. Multiparty computation from somewhat homomorphic encryption. In Annual Cryptology Conference, pages 643–662. Springer, 2012. Search in Google Scholar

[91] Marcel Keller, Emmanuela Orsini, and Peter Scholl. Mascot: faster malicious arithmetic secure computation with oblivious transfer. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 830–842, 2016. Search in Google Scholar

[92] Marcel Keller, Valerio Pastro, and Dragos Rotaru. Over-drive: Making spdz great again. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 158–189. Springer, 2018. Search in Google Scholar

[93] Claus-Peter Schnorr. Efficient identification and signatures for smart cards. In Conference on the Theory and Application of Cryptology, pages 239–252. Springer, 1989. Search in Google Scholar

[94] Ebrahim M Songhori, Siam U Hussain, Ahmad-Reza Sadeghi, Thomas Schneider, and Farinaz Koushanfar. Tiny-garble: Highly compressed and scalable sequential garbled circuits. In 2015 IEEE Symposium on Security and Privacy, pages 411–428. IEEE, 2015. Search in Google Scholar

[95] Sameer Wagh, Divya Gupta, and Nishanth Chandran. SecureNN: Efficient and private neural network training. IACR Cryptol. ePrint Arch., 2018:442, 2018. Search in Google Scholar

[96] Chiraag Juvekar, Vinod Vaikuntanathan, and Anantha Chandrakasan. GAZELLE: A low latency framework for secure neural network inference. In 27th USENIX Security Symposium (USENIX Security 18), pages 1651–1669, 2018. Search in Google Scholar

[97] Christina Boura, Nicolas Gama, Mariya Georgieva, and Dimitar Jetchev. Chimera: Combining ring-lwe-based fully homomorphic encryption schemes. Journal of Mathematical Cryptology, 14(1):316–338, 2020. Search in Google Scholar

[98] Daniel Demmler, Thomas Schneider, and Michael Zohner. ABY-A framework for efficient mixed-protocol secure two-party computation. In NDSS, 2015. Search in Google Scholar

[99] Payman Mohassel and Peter Rindal. mixed protocol framework for machine learning. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pages 35–52, 2018. Search in Google Scholar

[100] M Sadegh Riazi, Christian Weinert, Oleksandr Tkachenko, Ebrahim M Songhori, Thomas Schneider, and Farinaz Koushanfar. Chameleon: A hybrid secure computation framework for machine learning applications. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pages 707–721, 2018. Search in Google Scholar

[101] Nishanth Chandran, Divya Gupta, Aseem Rastogi, Rahul Sharma, and Shardul Tripathi. EzPC: programmable, efficient, and scalable secure two-party computation for machine learning. ePrint Report, 1109, 2017. Search in Google Scholar

[102] Jaideep Vaidya and Chris Clifton. Privacy-preserving data mining: Why, how, and when. IEEE Security & Privacy, 2(6):19–27, 2004. Search in Google Scholar

[103] Wilko Henecka, Stefan K ögl, Ahmad-Reza Sadeghi, Thomas Schneider, and Immo Wehrenberg. TASTY: tool for automating secure two-party computations. In Proceedings of the 17th ACM conference on Computer and communications security, pages 451–462, 2010. Search in Google Scholar

[104] Thore Graepel, Kristin Lauter, and Michael Naehrig. ML confidential: Machine learning on encrypted data. In International Conference on Information Security and Cryptology, pages 1–21. Springer, 2012. Search in Google Scholar

[105] Jinhyun So, Basak Guler, A Salman Avestimehr, and Payman Mohassel. CodedPrivateML: A fast and privacy-preserving framework for distributed machine learning. arXiv preprint:1902.00641, 2019. Search in Google Scholar

[106] Pengtao Xie, Misha Bilenko, Tom Finley, Ran Gilad-Bachrach, Kristin Lauter, and Michael Naehrig. Crypto-nets: Neural networks over encrypted data. arXiv preprint:1412.6181, 2014. Search in Google Scholar

[107] Ran Gilad-Bachrach, Nathan Dowlin, Kim Laine, Kristin Lauter, Michael Naehrig, and John Wernsing. Cryptonets: Applying neural networks to encrypted data with high throughput and accuracy. In International Conference on Machine Learning, pages 201–210, 2016. Search in Google Scholar

[108] Edward Chou, Josh Beal, Daniel Levy, Serena Yeung, Albert Haque, and Li Fei-Fei. Faster cryptonets: Leveraging sparsity for real-world encrypted inference. arXiv preprint:1811.09953, 2018. Search in Google Scholar

[109] Ehsan Hesamifard, Hassan Takabi, and Mehdi Ghasemi. Cryptodl: Deep neural networks over encrypted data. arXiv preprint:1711.05189, 2017. Search in Google Scholar

[110] Amartya Sanyal, Matt Kusner, Adria Gascon, and Varun Kanade. TAPAS: Tricks to accelerate (encrypted) prediction as a service. In International Conference on Machine Learning, pages 4490–4499, 2018. Search in Google Scholar

[111] Nick Barlow and Oliver Strickson. SHEEP is a homomorphic encryption evaluation framework. https://github.com/alan-turing-institute/SHEEP, 2018. Search in Google Scholar

[112] Florian Bourse, Michele Minelli, Matthias Minihold, and Pascal Paillier. Fast homomorphic evaluation of deep discretized neural networks. In Annual International Cryptology Conference, pages 483–512. Springer, 2018. Search in Google Scholar

[113] Xiaoqian Jiang, Miran Kim, Kristin Lauter, and Yongsoo Song. Secure outsourced matrix computation and application to neural networks. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pages 1209–1222, 2018. Search in Google Scholar

[114] Jian Liu, Mika Juuti, Yao Lu, and Nadarajah Asokan. Oblivious neural network predictions via minionn transformations. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pages 619–631, 2017. Search in Google Scholar

[115] Bita Darvish Rouhani, M Sadegh Riazi, and Farinaz Koushanfar. Deepsecure: Scalable provably-secure deep learning. In Proceedings of the 55th Annual Design Automation Conference, pages 1–6, 2018. Search in Google Scholar

[116] M Sadegh Riazi, Mohammad Samragh, Hao Chen, Kim Laine, Kristin Lauter, and Farinaz Koushanfar. XONN: XNOR-based oblivious deep neural network inference. In 28th USENIX Security Symposium (USENIX Security 19), pages 1501–1518, 2019. Search in Google Scholar

[117] Anders Dalskov, Daniel Escudero, and Marcel Keller. Secure evaluation of quantized neural networks. Proceedings on Privacy Enhancing Technologies, 2020(4):355–375, 2020. Search in Google Scholar

[118] Goldreich Oded. Foundations of cryptography: Volume 2, basic applications, 2009. Search in Google Scholar

[119] Pratyush Mishra, Ryan Lehmkuhl, Akshayaram Srinivasan, Wenting Zheng, and Raluca Ada Popa. DELPHI: A cryp-tographic inference service for neural networks. In 29th USENIX Security Symposium (USENIX Security 20), 2020. Search in Google Scholar

[120] Roshan Dathathri, Olli Saarikivi, Hao Chen, Kim Laine, Kristin Lauter, Saeed Maleki, Madanlal Musuvathi, and Todd Mytkowicz. CHET: an optimizing compiler for fully-homomorphic neural-network inferencing. In Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 142–156, 2019. Search in Google Scholar

[121] Roshan Dathathri, Blagovesta Kostova, Olli Saarikivi, Wei Dai, Kim Laine, and Madan Musuvathi. Eva: an encrypted vector arithmetic language and compiler for efficient homomorphic computation. Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation, Jun 2020. Search in Google Scholar

[122] Fabian Boemer, Yixing Lao, Rosario Cammarota, and Casimir Wierzynski. nGraph-HE: a graph compiler for deep learning on homomorphically encrypted data. In Proceedings of the 16th ACM International Conference on Computing Frontiers, pages 3–13, 2019. Search in Google Scholar

[123] Fabian Boemer, Anamaria Costache, Rosario Cammarota, and Casimir Wierzynski. nGraph-HE2: A high-throughput framework for neural network inference on encrypted data. In Proceedings of the 7th ACM Workshop on Encrypted Computing & Applied Homomorphic Cryptography, pages 45–56, 2019. Search in Google Scholar

[124] Fabian Boemer, Rosario Cammarota, Daniel Demmler, Thomas Schneider, and Hossein Yalame. MP2ML: a mixed-protocol machine learning framework for private inference. In Proceedings of the 15th International Conference on Availability, Reliability and Security, pages 1–10, 2020. Search in Google Scholar

[125] Scott Cyphers, Arjun K Bansal, Anahita Bhiwandiwalla, Jayaram Bobba, Matthew Brookhart, Avijit Chakraborty, Will Constable, Christian Convey, Leona Cook, Omar Kanawi, et al. Intel ngraph: An intermediate representation, compiler, and executor for deep learning. arXiv preprint:1801.08058, 2018. Search in Google Scholar

[126] Huili Chen, Rosario Cammarota, Felipe Valencia, and Francesco Regazzoni. PlaidML-HE: Acceleration of deep learning kernels to compute on encrypted data. In 2019 IEEE 37th International Conference on Computer Design (ICCD), pages 333–336. IEEE, 2019. Search in Google Scholar

[127] Siam Hussain, Baiyu Li, Farinaz Koushanfar, and Rosario Cammarota. Tinygarble2: Smart, efficient, and scalable yao’s garble circuit. In Proceedings of the 2020 Workshop on Privacy-Preserving Machine Learning in Practice, pages 65–67, 2020. Search in Google Scholar

[128] Theo Ryffel, Andrew Trask, Morten Dahl, Bobby Wagner, Jason Mancuso, Daniel Rueckert, and Jonathan Passerat-Palmbach. A generic framework for privacy preserving deep learning. arXiv preprint:1811.04017, 2018. Search in Google Scholar

[129] Nishant Kumar, Mayank Rathee, Nishanth Chandran, Divya Gupta, Aseem Rastogi, and Rahul Sharma. Cryptflow: Secure tensorflow inference. In 2020 IEEE Symposium on Security and Privacy (SP), pages 336–353. IEEE, 2020. Search in Google Scholar

[130] Ehsan Hesamifard, Hassan Takabi, Mehdi Ghasemi, and Rebecca N Wright. Privacy-preserving machine learning as a service. Proceedings on Privacy Enhancing Technologies, 2018(3):123–142, 2018. Search in Google Scholar

[131] Karthik Nandakumar, Nalini Ratha, Sharath Pankanti, and Shai Halevi. Towards deep neural network training on encrypted data. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops, pages 0–0, 2019. Search in Google Scholar

[132] Melissa Chase, Ran Gilad-Bachrach, Kim Laine, Kristin E Lauter, and Peter Rindal. Private collaborative neural network learning. IACR Cryptol. ePrint Arch., 2017:762, 2017. Search in Google Scholar

[133] Nitin Agrawal, Ali Shahin Shamsabadi, Matt J Kusner, and Adrià Gascón. Quotient: two-party secure neural network training and prediction. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pages 1231–1247, 2019. Search in Google Scholar

[134] Megha Byali, Harsh Chaudhari, Arpita Patra, and Ajith Suresh. Flash: fast and robust framework for privacy-preserving machine learning. Proceedings on Privacy Enhancing Technologies, 2020(2):459–480, 2020. Search in Google Scholar

[135] Harsh Chaudhari, Ashish Choudhury, Arpita Patra, and Ajith Suresh. Astra: High throughput 3pc over rings with application to secure prediction. In Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop, pages 81–92, 2019. Search in Google Scholar

[136] Morten Dahl, Jason Mancuso, Yann Dupis, Ben Decoste, Morgan Giraud, Ian Livingstone, Justin Patriquin, and Gavin Uhma. Private machine learning in tensorflow using secure computation. arXiv preprint:1810.08130, 2018. Search in Google Scholar

[137] Marcel Keller. MP-SPDZ: A versatile framework for multi-party computation. Cryptology ePrint Archive, Report 2020/521, 2020. https://eprint.iacr.org/2020/521. Search in Google Scholar

[138] A. Viand, P. Jattke, and A. Hithnawi. Sok: Fully homomorphic encryption compilers. In 2021 2021 IEEE Symposium on Security and Privacy (SP), pages 1166–1182, Los Alamitos, CA, USA, may 2021. IEEE Computer Society. Search in Google Scholar

[139] Aayush Jain, Huijia Lin, and Amit Sahai. Indistinguishability obfuscation from well-founded assumptions. arXiv preprint:2008.09317, 2020. Search in Google Scholar

[140] Yann LeCun, Yoshua Bengio, and Geoffrey Hinton. Deep learning. nature, 521(7553):436–444, 2015. Search in Google Scholar

[141] Ian Goodfellow, Yoshua Bengio, Aaron Courville, and Yoshua Bengio. Deep learning, volume 1. MIT press Cambridge, 2016. Search in Google Scholar

[142] Mohamad H Hassoun et al. Fundamentals of artificial neural networks. MIT press, 1995. Search in Google Scholar

[143] Balázs Csanád Csáji et al. Approximation with artificial neural networks. Faculty of Sciences, Etvs Lornd University, Hungary, 24(48):7, 2001. Search in Google Scholar

[144] Nathan O Hodas and Panos Stinis. Doing the impossible: Why neural networks can be trained at all. Frontiers in psychology, 9:1185, 2018. Search in Google Scholar

[145] David Balduzzi, Marcus Frean, Lennox Leary, JP Lewis, Kurt Wan-Duo Ma, and Brian McWilliams. The shattered gradients problem: If resnets are the answer, then what is the question? In International Conference on Machine Learning, pages 342–350. PMLR, 2017. Search in Google Scholar

[146] Yann LeCun, Bernhard Boser, John S Denker, Donnie Henderson, Richard E Howard, Wayne Hubbard, and Lawrence D Jackel. Backpropagation applied to handwritten zip code recognition. Neural computation, 1(4):541–551, 1989. Search in Google Scholar

[147] Yann LeCun, Léon Bottou, Yoshua Bengio, and Patrick Haffner. Gradient-based learning applied to document recognition. Proceedings of the IEEE, 86(11):2278–2324, 1998. Search in Google Scholar

[148] Sergey Ioffe and Christian Szegedy. Batch normalization: Accelerating deep network training by reducing internal covariate shift, 2015. Search in Google Scholar

[149] Nitish Srivastava, Geoffrey Hinton, Alex Krizhevsky, Ilya Sutskever, and Ruslan Salakhutdinov. Dropout: A simple way to prevent neural networks from overfitting. Journal of Machine Learning Research, 15(56):1929–1958, 2014. Search in Google Scholar

[150] Chigozie Nwankpa, Winifred Ijomah, Anthony Gachagan, and Stephen Marshall. Activation functions: Comparison of trends in practice and research for deep learning, 2018. Search in Google Scholar

[151] Yann A LeCun, Léon Bottou, Genevieve B Orr, and Klaus-Robert Müller. Efficient backprop. In Neural networks: Tricks of the trade, pages 9–48. Springer, 2012. Search in Google Scholar

[152] Vinod Nair and Geoffrey E Hinton. Rectified linear units improve restricted boltzmann machines. In ICML, 2010. Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo