Skip to main content
Springer Nature Link
Log in

PD-ML-Lite: Private Distributed Machine Learning from Lightweight Cryptography

  • Conference paper
  • First Online:
Information Security (ISC 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11723))

Included in the following conference series:

  • 1101 Accesses

Abstract

Privacy arises to a major issue in distributed learning. Current approaches that do not use a trusted external authority either reduce the accuracy of the learning algorithm (e.g., by adding noise), or incur a high performance penalty. We propose a methodology for private distributed ML from light-weight cryptography (in short, PD-ML-Lite). We apply our methodology to two major ML algorithms, namely non-negative matrix factorization (NMF) and singular value decomposition (SVD). Our protocols are communication optimal, achieve the same accuracy as their non-private counterparts, and satisfy a notion of privacy—which we define—that is both intuitive and measurable. We use light cryptographic tools (multi-party secure sum and normed secure sum) to build learning algorithms rather than wrap complex learning algorithms in a heavy multi-party computation (MPC) framework.

We showcase our algorithms’ utility and privacy for NMF on topic modeling and recommender systems, and for SVD on principal component regression, and low rank approximation.

The full version of this work is available at [TMIZ19].

M. Tsikhanovich and M. Ishaq—Work done in part while the author was at Rensselaer Polytechnic Institute.

V. Zikas—This work was done in part while the author was at Rensselaer Polytechnic Institute and UCLA and supported in part by DARPA and SPAWAR under contract N66001-15-C-4065 and by the Office of the Director of National Intelligence (ODNI), Intelligence Advanced Research Projects Activity (IARPA), via 2019-1902070008. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies, either expressed or implied, of ODNI, IARPA, or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for governmental purposes notwithstanding any copyright annotation therein.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Centralized refers to the optimal (non-private) outcome where all data is aggregated for learning.

  2. 2.

    Recall that this requirement renders DP unacceptable.

  3. 3.

    In practice, RRI-NMF and similar alternating methods [Lin07, CZA07] outperform the original multiplicative algorithms for NMF [LS01].

  4. 4.

    Theoretical results for DP (e.g. [BBFM12]) only apply to simple mechanisms. Composition of these simple mechanisms needs to be examined case-by-case (e.g., in one-party Differentially Private NMF, [LWS15] incurr a 19% loss in learning quality when strict DP is satisfied even for \(\epsilon =0.25\)). In the M-party setting due to a possible difference attack at successive iterations, each party must add noise to all observables they emit in every iteration [RA12, HXZ15]. The empirical impact is a disaster.

  5. 5.

    One can adapt PD-NMF to accomodate non-observed entries.

References

  1. 20 news groups dataset

    Google Scholar 

  2. Balcan, M.F., Blum, A., Fine, S., Mansour, Y.: Distributed learning, communication complexity and privacy. In: Conference on Learning Theory, p. 26-1 (2012)

    Google Scholar 

  3. Blum, A., Dwork, C., McSherry, F., Nissim, K.: Practical privacy: the SuLQ framework. In: Proceedings of the Twenty-Fourth ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, pp. 128–138. ACM (2005)

    Google Scholar 

  4. Bendlin, R., Damgard, I., Orlandi, C., Zakarias, S.: Semi-homomorphic encryption and multiparty computation. Cryptology ePrint Archive, Report 2010/514 (2010)

    Google Scholar 

  5. Bassily, R., Freund, Y.: Typical stability. arXiv preprint arXiv:1604.03336 (2016)

  6. Boutsidis, C., Gallopoulos, E.: SVD based initialization: a head start for nonnegative matrix factorization. Pattern Recogn. 41, 1350–1362 (2008)

    Article  Google Scholar 

  7. Bassily, R., Groce, A., Katz, J., Smith, A.: Coupled-worlds privacy: exploiting adversarial uncertainty in statistical data privacy. In: 2013 IEEE 54th Annual Symposium on Foundations of Computer Science (FOCS), pp. 439–448. IEEE (2013)

    Google Scholar 

  8. Bertin-Mahieux, T., Ellis, D.P.W., Whitman, B., Lamere, P.: The million song dataset. In: ISMIR (2011)

    Google Scholar 

  9. Berry, M., Mezher, D., Philippe, B., Sameh, A.: Parallel computation of the singular value decomposition. Ph.D. thesis, INRIA (2003)

    Google Scholar 

  10. Brickell, J., Shmatikov, V.: The cost of privacy: destruction of data-mining utility in anonymized data publishing. In: SIGKDD (2008)

    Google Scholar 

  11. Chen, S., Lu, R., Zhang, J.: A flexible privacy-preserving framework for singular value decomposition under internet of things environment. CoRR, abs/1703.06659 (2017)

    Google Scholar 

  12. Condat, L.: Fast projection onto the simplex and the \(\ell _1\) ball. Math. Program. 158, 575–585 (2016)

    Article  MathSciNet  Google Scholar 

  13. Cichocki, A., Zdunek, R., Amari, S.: Hierarchical ALS algorithms for nonnegative matrix and 3D tensor factorization. In: Davies, M.E., James, C.J., Abdallah, S.A., Plumbley, M.D. (eds.) ICA 2007. LNCS, vol. 4666, pp. 169–176. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74494-8_22

    Chapter  MATH  Google Scholar 

  14. Du, S.S., Liu, Y., Chen, B., Li, L.: Maxios: large scale nonnegative matrix factorization for collaborative filtering. In: NIPS 2014 Workshop on Distributed Matrix Computations (2014)

    Google Scholar 

  15. Damgard, I., Pastro, V., Smart, N.P., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. Cryptology ePrint Archive, Report 2011/535 (2011)

    Google Scholar 

  16. Dwork, C., Roth, A., et al.: The algorithmic foundations of differential privacy. Found. Trends Theor. Comput. Sci. 9, 211–407 (2014)

    Article  MathSciNet  Google Scholar 

  17. Demmler, D., Schneider, T., Zohner, M.: ABY - a framework for efficient mixed-protocol secure two-party computation. In: 22nd Annual Network and Distributed System Security Symposium, NDSS 2015, San Diego, California, USA, 8–11 February 2015 (2015)

    Google Scholar 

  18. Bag of words datasets

    Google Scholar 

  19. Fernandes, K., Vinagre, P., Cortez, P.: A proactive intelligent decision support system for predicting the popularity of online news. In: Pereira, F., Machado, P., Costa, E., Cardoso, A. (eds.) EPIA 2015. LNCS (LNAI), vol. 9273, pp. 535–546. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-23485-4_53

    Chapter  Google Scholar 

  20. Gillis, N.: Successive nonnegative projection algorithm for robust nonnegative blind source separation. SIIMS (2014)

    Google Scholar 

  21. Gemulla, R., Nijkamp, E., Haas, P.J., Sismanis, Y.: Large-scale matrix factorization with distributed stochastic gradient descent. In: KDD (2011)

    Google Scholar 

  22. Groce, A.D.: New notions and mechanisms for statistical privacy. Ph.D. thesis, University of Maryland (2014)

    Google Scholar 

  23. Griffiths, T.L., Steyvers, M.: Finding scientific topics. Proc. Natl. Acad. Sci. U.S.A 101(Suppl. 1), 5228–5235 (2004)

    Article  Google Scholar 

  24. Golub, G.H., Van Loan, C.F.: Matrix Computations, vol. 3. JHU Press (2012)

    Google Scholar 

  25. Han, S., Ng, W.K., Yu, P.S.: Privacy-preserving singular value decomposition. In: Proceedings of the ICDE, March 2009

    Google Scholar 

  26. Ho, N.-D.: Nonnegative matrix factorization algorithms and applications. Ph.D. thesis, École Polytechnique (2008)

    Google Scholar 

  27. Hardt, M., Roth, A.: Beyond worst-case analysis in private singular vector computation. In: Proceedings of the STOC. ACM (2013)

    Google Scholar 

  28. Hua, J., Xia, C., Zhong, S.: Differentially private matrix factorization. In: IJCAI, pp. 1763–1770 (2015)

    Google Scholar 

  29. Iwen, M.A., Ong, B.W.: A distributed and incremental SVD algorithm for agglomerative data analysis on large networks. SIAM J. Matrix Anal. Appl. 37(4), 1699–1718 (2016)

    Article  MathSciNet  Google Scholar 

  30. Jolliffe, I.T.: A note on the use of principal components in regression. Appl. Stat. 31, 300–303 (1982)

    Article  Google Scholar 

  31. Kairouz, P.: The fundamental limits of statistical data privacy. Ph.D. thesis, University of Illinois at Urbana-Champaign (2016)

    Google Scholar 

  32. Kim, S., Kim, J., Koo, D., Kim, Y., Yoon, H., Shin, J.: Efficient privacy-preserving matrix factorization via fully homomorphic encryption: extended abstract. In: AsiaCCS (2016)

    Google Scholar 

  33. Keller, M., Pastro, V., Rotaru, D.: Overdrive: making SPDZ great again. Cryptology ePrint Archive, Report 2017/1230 (2017)

    Google Scholar 

  34. Kumar, A., Sindhwani, V., Kambadur, P.: Fast conical hull algorithms for near-separable non-negative matrix factorization. arXiv preprint arXiv:1210.1190 (2012)

  35. Lin, C.-J.: Projected gradient methods for nonnegative matrix factorization. Neural Comput. 19, 2756–2779 (2007)

    Article  MathSciNet  Google Scholar 

  36. Lee, D.D., Sebastian Seung, H.: Algorithms for non-negative matrix factorization. In: NIPS (2001)

    Google Scholar 

  37. Limbeck, P., Suntinger, M., Schiefer, J.: SARI OpenRec - empowering recommendation systems with business events. In: DBKDA (2010)

    Google Scholar 

  38. Liu, Z., Wang, Y.-X., Smola, A.J.: Fast differentially private matrix factorization. CoRR (2015)

    Google Scholar 

  39. Markovsky, I.: Low Rank Approximation: Algorithms, Implementation, Applications. Springer, Heidelberg (2011)

    MATH  Google Scholar 

  40. Malin, B.A., El Emam, K., O’keefe, C.M.: Biomedical data privacy: problems, perspectives, and recent advances. JAMIA (2013)

    Google Scholar 

  41. Mazloom, S., Dov Gordon, S.: Secure computation with differentially private access patterns. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, pp. 490–507. ACM (2018)

    Google Scholar 

  42. Mazloom, S., Dov Gordon, S.: Secure computation with differentially private access patterns. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 490–507 (2018)

    Google Scholar 

  43. Movielens 1m dataset

    Google Scholar 

  44. Mohassel, P., Rindal, P.: \({\rm Aby}^3\): a mixed protocol framework for machine learning. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, pp. 35–52. ACM (2018)

    Google Scholar 

  45. Mohassel, P., Zhang, Y.: SecureML: a system for scalable privacy-preserving machine learning. In: IEEE Symposium on Security and Privacy, SP 2017, pp. 19–38 (2017)

    Google Scholar 

  46. Nikolaenko, V., Ioannidis, S., Weinsberg, U., Joye, M., Taft, N., Boneh, D.: Privacy-preserving matrix factorization. In: SIGSAC (2013)

    Google Scholar 

  47. Nielsen, J.B., Nordholt, P.S., Orlandi, C., Burra, S.S.: A new approach to practical active-secure two-party computation. Cryptology ePrint Archive, Report 2011/091 (2011)

    Google Scholar 

  48. Parlett, B.: The symmetric Eigenvalue Problem. SIAM (1998)

    Google Scholar 

  49. Rajkumar, A., Agarwal, S.: A differentially private stochastic gradient descent algorithm for multiparty classification. In: Artificial Intelligence and Statistics, pp. 933–941 (2012)

    Google Scholar 

  50. Röder, M., Both, A., Hinneburg, A.: Exploring the space of topic coherence measures. In: Proceedings of the Eighth ACM International Conference on Web Search and Data Mining, pp. 399–408. ACM (2015)

    Google Scholar 

  51. Tsikhanovich, M., Magdon-Ismail, M., Ishaq, M., Zikas, V.: PD-ML-Lite: private distributed machine learning from lighweight cryptography. CoRR, abs/1901.07986 (2019)

    Google Scholar 

  52. Tang, C., Xu, Z., Dwarkadas, S.: Peer-to-peer information retrieval using self-organizing semantic overlay networks. In: SIGCOMM (2003)

    Google Scholar 

  53. Vavasis, S.A.: On the complexity of nonnegative matrix factorization. SIAM J. Optim. 20(3), 1364–1377 (2009)

    Article  MathSciNet  Google Scholar 

  54. Wellek, S.: Testing Statistical Hypotheses of Equivalence and Noninferiority, 2nd edn. CRC Press, Boca Raton (2010)

    Book  Google Scholar 

  55. Wang, Y.-X., Fienberg, S., Smola, A.: Privacy for free: posterior sampling and stochastic gradient Monte Carlo. In: Proceedings of the 32nd International Conference on Machine Learning (ICML 2015), pp. 2493–2502 (2015)

    Google Scholar 

  56. Won, H.-S., Kim, S.-P., Lee, S., Choi, M.-J., Moon, Y.-S.: Secure principal component analysis in multiple distributed nodes. Secur. Commun. Netw. 9(14), 2348–2358 (2016)

    Article  Google Scholar 

  57. Yi, X., Allan, J.: A comparative study of utilizing topic models for information retrieval. In: Boughanem, M., Berrut, C., Mothe, J., Soule-Dupuy, C. (eds.) ECIR 2009. LNCS, vol. 5478, pp. 29–41. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00958-7_6

    Chapter  Google Scholar 

  58. Youdao, N.: P4P: practical large-scale privacy-preserving distributed computation robust against malicious users. In: Proceedings of the USENEX (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Amazon.com, Inc., Seattle, USA

    Maksim Tsikhanovich

  2. Computer Science Department, Rensselaer Polytechnic Institute, Troy, USA

    Malik Magdon-Ismail

  3. School of Informatics, University of Edinburgh, Edinburgh, UK

    Muhammad Ishaq & Vassilis Zikas

  4. School of Informatics, University of Edinburgh & IOHK, Edinburgh, UK

    Maksim Tsikhanovich, Malik Magdon-Ismail, Muhammad Ishaq & Vassilis Zikas

Authors
  1. Maksim Tsikhanovich
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Malik Magdon-Ismail
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Muhammad Ishaq
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Vassilis Zikas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Maksim Tsikhanovich .

Editor information

Editors and Affiliations

  1. The Ohio State University, Columbus, OH, USA

    Zhiqiang Lin

  2. University of Maryland, College Park, MD, USA

    Charalampos Papamanthou

  3. Stony Brook University, Stony Brook, NY, USA

    Michalis Polychronakis

1 Electronic supplementary material

Below is the link to the electronic supplementary material.

Supplementary material 1 (pdf 505 KB)

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Tsikhanovich, M., Magdon-Ismail, M., Ishaq, M., Zikas, V. (2019). PD-ML-Lite: Private Distributed Machine Learning from Lightweight Cryptography. In: Lin, Z., Papamanthou, C., Polychronakis, M. (eds) Information Security. ISC 2019. Lecture Notes in Computer Science(), vol 11723. Springer, Cham. https://doi.org/10.1007/978-3-030-30215-3_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-30215-3_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-30214-6

  • Online ISBN: 978-3-030-30215-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics