A systematic comparison of encrypted machine learning solutions for image classification
File(s)2011.05296v2.pdf (122.05 KB)
Accepted version
Author(s)
Haralampieva, Veneta
Rueckert, Daniel
Passerat-Palmbach, Jonathan
Type
Conference Paper
Abstract
This work provides a comprehensive review of existing frameworks based on secure computing techniques in the context of private image classification. The in-depth analysis of these approaches is followed by careful examination of their performance costs, in particular runtime and communication overhead.
To further illustrate the practical considerations when using different privacy-preserving technologies, experiments were conducted using four state-of-the-art libraries implementing secure computing at the heart of the data science stack: PySyft and CrypTen supporting private inference via Secure Multi-Party Computation, TF-Trusted utilising Trusted Execution Environments and HE-Transformer relying on Homomorphic encryption.
Our work aims to evaluate the suitability of these frameworks from a usability, runtime requirements and accuracy point of view. In order to better understand the gap between state-of-the-art protocols and what is currently available in practice for a data scientist, we designed three neural network architecture to obtain secure predictions via each of the four aforementioned frameworks. Two networks were evaluated on the MNIST dataset and one on the Malaria Cell image dataset. We observed satisfying performances for TF-Trusted and CrypTen and noted that all frameworks perfectly preserved the accuracy of the corresponding plaintext model.
To further illustrate the practical considerations when using different privacy-preserving technologies, experiments were conducted using four state-of-the-art libraries implementing secure computing at the heart of the data science stack: PySyft and CrypTen supporting private inference via Secure Multi-Party Computation, TF-Trusted utilising Trusted Execution Environments and HE-Transformer relying on Homomorphic encryption.
Our work aims to evaluate the suitability of these frameworks from a usability, runtime requirements and accuracy point of view. In order to better understand the gap between state-of-the-art protocols and what is currently available in practice for a data scientist, we designed three neural network architecture to obtain secure predictions via each of the four aforementioned frameworks. Two networks were evaluated on the MNIST dataset and one on the Malaria Cell image dataset. We observed satisfying performances for TF-Trusted and CrypTen and noted that all frameworks perfectly preserved the accuracy of the corresponding plaintext model.
Date Issued
2020-11-09
Date Acceptance
2020-11-01
Citation
Proceedings of the 2020 Workshop on Privacy-Preserving Machine Learning in Practice, 2020, pp.55-59
ISBN
9781450380881
Publisher
ACM
Start Page
55
End Page
59
Journal / Book Title
Proceedings of the 2020 Workshop on Privacy-Preserving Machine Learning in Practice
Copyright Statement
© 2020 Copyright held by the owner/author(s). Publication rights licensed to ACM.
Identifier
https://dl.acm.org/doi/10.1145/3411501.3419432
Source
CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security
Subjects
cs.CR
cs.CR
cs.LG
Publication Status
Published
Start Date
2020-11-09
Finish Date
2020-11-13
Coverage Spatial
Online
Date Publish Online
2020-11-09