Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
97 tokens/sec
GPT-4o
53 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Holding Secrets Accountable: Auditing Privacy-Preserving Machine Learning (2402.15780v2)

Published 24 Feb 2024 in cs.CR

Abstract: Recent advancements in privacy-preserving machine learning are paving the way to extend the benefits of ML to highly sensitive data that, until now, have been hard to utilize due to privacy concerns and regulatory constraints. Simultaneously, there is a growing emphasis on enhancing the transparency and accountability of machine learning, including the ability to audit ML deployments. While ML auditing and PPML have both been the subjects of intensive research, they have predominately been examined in isolation. However, their combination is becoming increasingly important. In this work, we introduce Arc, an MPC framework for auditing privacy-preserving machine learning. At the core of our framework is a new protocol for efficiently verifying MPC inputs against succinct commitments at scale. We evaluate the performance of our framework when instantiated with our consistency protocol and compare it to hashing-based and homomorphic-commitment-based approaches, demonstrating that it is up to 104x faster and up to 106x more concise.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (82)
  1. MPC-Friendly commitments for publicly verifiable covert security. September 2021.
  2. QUOTIENT: Two-Party secure neural network training and prediction. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS ’19, pages 1231–1247, New York, NY, USA, November 2019. Association for Computing Machinery.
  3. arkworks contributors. arkworks, 2022.
  4. On Pixel-Wise explanations for Non-Linear classifier decisions by Layer-Wise relevance propagation. PLoS One, July 2015.
  5. Secure evaluation of quantized neural networks. Proceedings on Privacy Enhancing Technologies, 2020:355–375, 2020.
  6. Probabilistic verification of fairness properties via concentration. December 2018.
  7. Adult. UCI Machine Learning Repository, 1996.
  8. AI auditing: The broken bus on the road to AI accountability. January 2024.
  9. Efficient Zero-Knowledge arguments for arithmetic circuits in the discrete log setting. In EUROCRYPT, 2016.
  10. Zexe: Enabling decentralized private computation. IACR Cryptology ePrint Archive, 2018:962, 2018.
  11. Bulletproofs: Short proofs for confidential transactions and more. In 2018 IEEE Symposium on Security and Privacy (SP), May 2018.
  12. FLASH: Fast and robust framework for privacy-preserving machine learning. Proc. Priv. Enhancing Technol., 2020(2):459–480, April 2020.
  13. Ran Canetti. Security and composition of multiparty cryptographic protocols. J. Cryptology, 13(1):143–202, January 2000.
  14. Improved primitives for secure multiparty integer computation. In Security and Cryptography for Networks, 2010.
  15. Certicom. Standards for efficient cryptography 2 (SEC 2). Technical report, 2010.
  16. EzPC: Programmable, efficient, and scalable secure two-party computation for machine learning. In IEEE European Symposium on Security and Privacy, February 2019.
  17. HOLMES: Efficient distribution testing for secure collaborative learning. 2023.
  18. Fast large-scale honest-majority MPC for malicious adversaries. In CRYPTO, 2018.
  19. Tools for verifying neural models’ training data. July 2023.
  20. SCIPR Lab & Clearmatics. Libff: C++ library for Finite Fields and Elliptic Curves. Online: https://github.com/clearmatics/libff, January 2024.
  21. Certified adversarial robustness via randomized smoothing. February 2019.
  22. Catching MPC cheaters: Identification and openability. In Information Theoretic Security, pages 110–134. Springer International Publishing, 2017.
  23. Fantastic four: Honest-Majority Four-Party secure computation with malicious security. In USENIX Security, 2021.
  24. Securing DNSSEC keys via threshold ECDSA from generic MPC. In ESORICS, 2020.
  25. A probabilistic remark on algebraic program testing. Inf. Process. Lett., 7(4):193–195, June 1978.
  26. Proving Data-Poisoning robustness in decision trees. December 2019.
  27. Fairness through awareness. April 2011.
  28. Improved primitives for MPC over mixed arithmetic-binary circuits. In CRYPTO, 2020.
  29. Plonk: Permutations over lagrange-bases for oecumenical noninteractive arguments of knowledge. 2019.
  30. Experimenting with zero-knowledge proofs of training. 2023.
  31. ATLAS: Efficient and scalable MPC in the honest majority setting. In CRYPTO, 2021.
  32. Identifying a Training-Set attack’s target using renormalized influence estimation. In ACM CCS 2022, January 2022.
  33. Unsolved problems in ML safety. September 2021.
  34. Proactive secret sharing or: How to cope with perpetual leakage. In Advances in Cryptology — CRYPT0’ 95, pages 339–352. Springer Berlin Heidelberg, 1995.
  35. XorSHAP: Privacy-Preserving explainable AI for decision tree models. 2023.
  36. Proof-of-learning: Definitions and practice. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE, May 2021.
  37. Towards efficient data valuation based on the shapley value. February 2019.
  38. Private and reliable neural network inference. In ACM CCS, 2022.
  39. GAZELLE: a low latency framework for secure neural network inference. In USENIX Security, August 2018.
  40. Scaling up trustless DNN inference with Zero-Knowledge proofs. October 2022.
  41. Constant-Size commitments to polynomials and their applications. In ASIACRYPT 2010, 2010.
  42. Marcel Keller. MP-SPDZ: A versatile framework for Multi-Party computation. In ACM CCS, CCS ’20, November 2020.
  43. Marcel Keller and Ke Sun. Secure quantized training for deep learning. In ICML, volume 162, 2022.
  44. Interpreting black box predictions using fisher kernels. In AISTATS, volume 89. PMLR, 2019.
  45. Blind justice: Fairness with encrypted sensitive attributes. June 2018.
  46. Optimized Privacy-Preserving CNN inference with fully homomorphic encryption. IEEE Trans. Inf. Forensics Secur., 2023.
  47. Understanding black-box predictions via influence functions. March 2017.
  48. SWIFT: Super-fast and robust Privacy-Preserving machine learning. In USENIX Security 21, 2021.
  49. Tetrad: Actively secure 4PC for secure training and inference. 2022.
  50. Learning multiple layers of features from tiny images. Technical report, 2009.
  51. Imagenet classification with deep convolutional neural networks. NeurIPS, 2021.
  52. Gradient-based learning applied to document recognition. Proc. IEEE, 86(11):2278–2324, November 1998.
  53. Training confidence-calibrated classifiers for detecting Out-of-Distribution samples. In ICLR, 2018.
  54. Efficient 3PC for binary circuits with application to Maliciously-Secure DNN inference. 2023.
  55. A unified approach to interpreting model predictions. In NeurIPS, volume 30. Curran Associates, Inc., 2017.
  56. RoFL: Attestable robustness for secure federated learning. 2023.
  57. Cryptographic auditing for collaborative learning. In NeurIPS ML Safety Workshop, 2022.
  58. CHURP: Dynamic-Committee proactive secret sharing. In ACM CCS, November 2019.
  59. ABY3: A mixed protocol framework for machine learning. In CCS, October 2018.
  60. Two simple ways to learn individual fairness metrics from data. In ICML, volume 119, 2020.
  61. NIST. SHA-3 standard: Permutation-Based hash and Extendable-Output functions. Technical report, 2016.
  62. Experimenting with collaborative zk-SNARKs: Zero-Knowledge proofs for distributed secrets. In USENIX Security, 2022.
  63. BLAZE: blazing fast privacy-preserving machine learning. 2020.
  64. Torben Pryds Pedersen. Non-Interactive and Information-Theoretic secure verifiable secret sharing. In CRYPTO. Springer Berlin Heidelberg, 1992.
  65. “why should I trust you?”: Explaining the predictions of any classifier. February 2016.
  66. MArBled circuits: Mixing arithmetic and boolean circuits with active security. In Progress in Cryptology – INDOCRYPT 2019, pages 227–249. Springer International Publishing, 2019.
  67. Learning certified individually fair representations. February 2020.
  68. MPSS: Mobile proactive secret sharing. ACM Trans. Inf. Syst. Secur., 13(4):1–32, December 2010.
  69. Fairness in the eyes of the data: Certifying Machine-Learning models. September 2020.
  70. Confidential-PROFITT: Confidential PROof of FaIr training of trees. In ICLR, 2022.
  71. Traceback of data poisoning attacks in neural networks. October 2021.
  72. Learning important features through propagating activation differences. In Doina Precup and Yee Whye Teh, editors, ICML, volume 70, 2017.
  73. Distributing any elliptic curve based protocol. In Cryptography and Coding, pages 342–366. Springer International Publishing, 2019.
  74. ZkDL: Efficient zero-knowledge proofs of deep learning training. July 2023.
  75. Axiomatic attribution for deep networks. In Doina Precup and Yee Whye Teh, editors, ICML, volume 70, 2017.
  76. Out-of-distribution detection using an ensemble of self supervised leave-out classifiers. In ECCV, 2018.
  77. SecureNN: 3-party secure computation for neural network training. PETS, 2019.
  78. FALCON: Honest-Majority Maliciously Secure Framework for Private Deep Learning. 2021.
  79. Neural cleanse: Identifying and mitigating backdoor attacks in neural networks. S&P, April 2019.
  80. Training individually fair ML models with sensitive subspace robustness. 2020.
  81. Cerebro: A platform for multi-party cryptographic collaborative learning. In USENIX Security, 2021.
  82. Helen: Maliciously secure coopetitive learning for linear models. In IEEE S&P 2019, 2019.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (5)
  1. Hidde Lycklama (7 papers)
  2. Alexander Viand (10 papers)
  3. Nicolas Küchler (7 papers)
  4. Christian Knabenhans (3 papers)
  5. Anwar Hithnawi (15 papers)
Citations (5)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now