Skip to Main content Skip to Navigation
Conference papers

Partially Encrypted Machine Learning using Functional Encryption

Théo Ryffel 1, 2 Edouard Dufour-Sans 2 Romain Gay 2 Francis Bach 3, 2 David Pointcheval 1, 2
1 CASCADE - Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities
DI-ENS - Département d'informatique de l'École normale supérieure, CNRS - Centre National de la Recherche Scientifique : UMR 8548, Inria de Paris
3 SIERRA - Statistical Machine Learning and Parsimony
DI-ENS - Département d'informatique de l'École normale supérieure, CNRS - Centre National de la Recherche Scientifique, Inria de Paris
Abstract : Machine learning on encrypted data has received a lot of attention thanks to recent breakthroughs in homomorphic encryption and secure multi-party computation. It allows outsourcing computation to untrusted servers without sacrificing privacy of sensitive data. We propose a practical framework to perform partially encrypted and privacy-preserving predictions which combines adversarial training and functional encryption. We first present a new functional encryption scheme to efficiently compute quadratic functions so that the data owner controls what can be computed but is not involved in the calculation: it provides a decryption key which allows one to learn a specific function evaluation of some encrypted data. We then show how to use it in machine learning to partially encrypt neural networks with quadratic activation functions at evaluation time, and we provide a thorough analysis of the information leaks based on indistinguishability of data items of the same label. Last, since most encryption schemes cannot deal with the last thresholding operation used for classification, we propose a training method to prevent selected sensitive features from leaking, which adversarially optimizes the network against an adversary trying to identify these features. This is interesting for several existing works using partially encrypted machine learning as it comes with little reduction on the model's accuracy and significantly improves data privacy.
Document type :
Conference papers
Complete list of metadata

https://hal.inria.fr/hal-02357181
Contributor : David Pointcheval <>
Submitted on : Saturday, November 9, 2019 - 3:31:57 PM
Last modification on : Tuesday, May 4, 2021 - 2:06:02 PM

Links full text

Identifiers

  • HAL Id : hal-02357181, version 1
  • ARXIV : 1905.10214

Collections

Citation

Théo Ryffel, Edouard Dufour-Sans, Romain Gay, Francis Bach, David Pointcheval. Partially Encrypted Machine Learning using Functional Encryption. NeurIPS 2019 - Thirty-third Conference on Neural Information Processing Systems, Dec 2019, Vancouver, Canada. ⟨hal-02357181⟩

Share

Metrics

Record views

12449