Abstract
This paper aims to provide a high-level overview of practical approaches to machine-learning respecting the privacy and confidentiality of customer information, which is called
Privacy-Preserving Machine Learning. First, the security approaches in offline-learning privacy methods are assessed. Those focused on modern cryptographic methods, such as
Homomorphic Encryption and Secure Multi-Party Computation, as well as on dedicated combined hardware and software platforms like
Trusted Execution Environment - Intel® Software Guard Extensions (Intel® SGX). Combining the security approaches with different machine learning architectures leads to our
Proof of Concept in which the accuracy and speed of the security solutions will be examined. The next step was exploring and comparing the
Open-Source Python-based solutions for
PPML. Four solutions were selected from almost 40 separate, state-of-the-art systems:
SyMPC,
TF-Encrypted,
TenSEAL, and
Gramine. Three different Neural Network architectures were designed to show different libraries’ capabilities. The POC solves the image classification problem based on the MNIST dataset. As the computational results show, the accuracy of all considered secure approaches is similar. The maximum difference between non-secure and secure flow does not exceed 1.2%. In terms of secure computations, the most effective
Privacy-Preserving Machine Learning library is based on
Trusted Execution Environment, followed by
Secure Multi-Party Computation and
Homomorphic Encryption. However, most of those are at least 1000 times slower than the nonsecure evaluation. Unfortunately, it is not acceptable for a realworld scenario. Future work could combine different security approaches, explore other new and existing state-of-the-art libraries or implement support for hardware-accelerated secure computation.
Go to article