Abstract
Comparisons or Inequality Tests are an essential building block of Rectified Linear Unit functions (ReLU ’s), ever more present in Machine Learning, specifically in Neural Networks. Motivated by the increasing interest in privacy-preserving Artificial Intelligence, we explore the current state of the art of privacy preserving comparisons over Multi-Party Computation (MPC). We then introduce constant round variations and combinations, which are compatible with customary fixed point arithmetic over MPC. Our main focus is implementation and benchmarking; hence, we showcase our contributions via an open source library, compatible with current MPC software tools. Furthermore, we include a comprehensive comparative analysis on various adversarial settings. Our results improve running times in practical scenarios. Finally, we offer conclusions about the viability of these protocols when adopted for privacy-preserving Machine Learning.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Following MPC analysis common practices, we evaluate protocols using round complexity as metric.
- 2.
Note that, as stated in Zaphod, SCALE-MAMBA adjusts the number of rounds (based on the circuit depth) when the setup is honest majority, instead of Full Threshold.
- 3.
Furthermore, current implementations of protocols for share conversion can only achieve statistical security.
- 4.
The details of the conversion and its development are also explored in detail in SCALE-MAMBA.
- 5.
See SCALE-MAMBA documentation.
- 6.
- 7.
We achieve this via the -O1 compilation flag, as recommended by the SCALE-MAMBA documentation [4].
References
Makri, E., Rotaru, D., Vercauteren, F., Wagh, S.: \(\sf Rabbit\): efficient comparison for secure multi-party computation. In: Borisov, N., Diaz, C. (eds.) FC 2021. LNCS, vol. 12674, pp. 249–270. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-662-64322-8_12
Catrina, O., de Hoogh, S.: Improved primitives for secure multiparty integer computation. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 182–199. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15317-4_13
Catrina, O., Saxena, A.: Secure computation with fixed-point numbers. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 35–50. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14577-3_6
Aly, A., et al.: SCALE and MAMBA v1.14: Documentation (2021). https://homes.esat.kuleuven.be/~nsmart/SCALE/
Keller, M.: MP-SPDZ: a versatile framework for multi-party computation. In: Ligatti, J., Ou, X., Katz, J., Vigna, G. (eds.) ACM CCS 2020, pp. 1575–1590. ACM Press, November 2020
Aly, A., Orsini, E., Rotaru, D., Smart, N.P., Wood, T.: Zaphod: efficiently combining lsss and garbled circuits in scale. In: Proceedings of the 7th ACM Workshop on Encrypted Computing & Applied Homomorphic Cryptography. WAHC 2019, pp. 33–44. Association for Computing Machinery, New York (2019)
Damgård, I., Fitzi, M., Kiltz, E., Nielsen, J.B., Toft, T.: Unconditionally secure constant-rounds multi-party computation for equality, comparison, bits and exponentiation. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 285–304. Springer, Heidelberg (2006). https://doi.org/10.1007/11681878_15
Escudero, D., Ghosh, S., Keller, M., Rachuri, R., Scholl, P.: Improved primitives for MPC over mixed arithmetic-binary circuits. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12171, pp. 823–852. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56880-1_29
Hazay, C., Scholl, P., Soria-Vazquez, E.: Low cost constant round MPC combining BMR and oblivious transfer. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 598–628. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70694-8_21
Damgård, I., Nielsen, J.B.: Universally composable efficient multiparty computation from threshold homomorphic encryption. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 247–264. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_15
Aly, A., Abidin, A., Nikova, S.: Practically efficient secure distributed exponentiation without bit-decomposition. In: Meiklejohn, S., Sako, K. (eds.) FC 2018. LNCS, vol. 10957, pp. 291–309. Springer, Heidelberg (2018). https://doi.org/10.1007/978-3-662-58387-6_16
Atapoor, S., Smart, N.P., Alaoui, Y.T.: Private liquidity matching using MPC. In: Galbraith, S.D. (ed.) CT-RSA 2022. LNCS, vol. 13161, pp. 96–119. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-95312-6_5
Aly, A., Smart, N.P.: Benchmarking privacy preserving scientific operations. In: Deng, R.H., Gauthier-Umaña, V., Ochoa, M., Yung, M. (eds.) ACNS 2019. LNCS, vol. 11464, pp. 509–529. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21568-2_25
Canetti, R.: Security and composition of multiparty cryptographic protocols. J. Cryptol. 13(1), 143–202 (2000)
Rotaru, D., Wood, T.: MArBled Circuits: mixing arithmetic and boolean circuits with active security. In: Hao, F., Ruj, S., Sen Gupta, S. (eds.) INDOCRYPT 2019. LNCS, vol. 11898, pp. 227–249. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-35423-7_12
Keller, M., Pastro, V., Rotaru, D.: Overdrive: making SPDZ great again. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 158–189. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_6
Wang, X., Ranellucci, S., Katz, J.: Authenticated garbling and efficient maliciously secure two-party computation. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017, pp. 21–37. ACM Press, October/November 2017
Lipmaa, H., Toft, T.: Secure equality and greater-than tests with sublinear online complexity. In: Fomin, F.V., Freivalds, R., Kwiatkowska, M., Peleg, D. (eds.) ICALP 2013. LNCS, vol. 7966, pp. 645–656. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39212-2_56
Makri, E., Rotaru, D., Smart, N.P., Vercauteren, F.: EPIC: efficient private image classification (or: learning from the masters). In: Matsui, M. (ed.) CT-RSA 2019. LNCS, vol. 11405, pp. 473–492. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12612-4_24
Smart, N.P., Wood, T.: Error detection in monotone span programs with application to communication-efficient multi-party computation. In: Matsui, M. (ed.) CT-RSA 2019. LNCS, vol. 11405, pp. 210–229. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12612-4_11
LeCun, Y., et al.: Backpropagation applied to handwritten zip code recognition. Neural Comput. 1(4), 541–551 (1989)
Acknowledgements
Authors would like to thank Dragos Rotaru, Titouan Tanguy, Chiara Marcolla, Eduardo Soria-Vazquez and Santos Merino for their fruitful discussion, that undoubtedly raised the quality of this work.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
Appendix
A Rabbit Definitions
1.1 A.1 The Problem
The majority of previous works have proposed mechanisms for comparisons based on bit decomposition. Such constructions tend to be expensive in terms of multiplicative depth. In general terms, they are compatible with both MPC and Homomorphic Encryption (HE) schemes. They also tend to have sublinear cost on the inputs size with some associated non-negligible constant. An example of this, is the seminal work from Damgård et al. [7] previously mentioned by this work.
To solve this issue, the literature has proposed to relax the security model, as a trade-off for efficiency e.g. [2, 18]. The principle is to reduce the impact of bit decomposition in exchange of security under statistical constraints, i.e. statistical security. This statistical security should not be confused with cryptographic security, and it rather relates to the probability distribution over masked inputs.
1.2 A.2 The Rabbit Principle
The method itself is based on the commutative properties of addition. It formulates 2 different but equivalent equations. Generally speaking, the authors derive a simplified algebraic construction comprised of 3 INQ ’s, one of which relies exclusively on public inputs. The other 2 depend on public inputs and secret shared precomputed randomness. Furthermore, they can be all executed in parallel. This construction is equivalent to an LTEQZ on secret inputs.
To generate randomness, Rabbit authors rely on \(\textsf {edaBits} \) [8] (which is exclusively present on MP-SPDZ). For the purpose of this section, we abstract \(\textsf {edaBits} \), as a construction that allows us to generate (together with its bit expansion) some bounded randomness in \(\mathbb {Z}_{2^k}\).
Let \(\mathbb {Z}_{M}\) be some commutative ring bounded by \(M \in \mathbb {Z}\), \([\![ x ]\!]\) and \([\![ r ]\!]\) be some secret shared input and randomness in \(\mathbb {Z}_{M}\) and, R be some public element of \(\mathbb {Z}_{M}\). Then we can establish the following:
If we observe carefully the constructions above, we can appreciate that B is simply the complement of R. Prior discussing the algebraic elements of Rabbit, let us now consider the following statement:
Which is always true for any element of \(\mathbb {Z}_{M}\). Given the equations above, we can establish the following relations, let us start with \(([\![ a ]\!] + B)\):
When we expand \([\![ c+r ]\!]\) in the same fashion we can derive the following:
If we equate both expansions of \([\![ b ]\!]\), using \([\![ a+B ]\!]\) and \([\![ c ]\!]+ [\![ r ]\!]\), we can obtain the following (after simplifications):
Let us now replace \([\![ a ]\!]\), \([\![ b ]\!]\) and \([\![ c ]\!]\), and express the equation above, in terms of \([\![ x ]\!]\) and \([\![ r ]\!]\):
The INQ that we have conveniently now placed on the left of the equation, expresses the relation between x and the complement of R. In this case the \(\textsf {INQ} \) would be true, only if x is greater than R. Note that we are still working on \(\mathbb {Z}_{M}\), meaning that any excess over R would force an overflow and a subsequent wraparound. Now, let us abuse the notation and consider R to be some public element on \(\mathbb {Z}_{M}\) e.g. 0.
Given that we can freely disclose the masked secret \([\![ x ]\!] +[\![ r ]\!]\) without compromising security, the equation above would finally look like:
As previously stated both inequalities can be calculated in parallel. The inequality tests themselves are executed bitwise, using for instance, \(\textsf {edaBits} \) or any other mean to obtain the bit decomposition offline.
B Constant Round ReLU Protocol
Our proposed ReLU construction, follows the same line of thought from the contribution sections of this work. Indeed, Catrina and Saxena’s fixed point representation is heavily interlinked with the protocol. In fact, Protocol 6, optimizes the fixed point multiplication needed by the ReLU, extracting the mantissa from \(\langle x \rangle \).
In line with the definitions, introduced in Sect. 2.3. Our constant round ReLU can be trivially implemented as follows:
Complexity: The protocol has constant round complexity (\(\mathcal {O}(1)\)). It consists of 1 round (from the multiplication on line 3), plus what is added by any selected comparison mechanism introduced by this work i.e. 4 rounds.
Discussion: Our ReLU itself does not require to invoke PRTrunc, ever present in fixed point multiplications. Note that ReLU ’s are typically surrounded by more complex fixed point operations, that do require conventional fixed point multiplications e.g. [21] (hence the presence of slack and an invocation of PRTrunc per multiplication gate).
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Aly, A., Nawaz, K., Salazar, E., Sucasas, V. (2022). Through the Looking-Glass: Benchmarking Secure Multi-party Computation Comparisons for ReLU ’s. In: Beresford, A.R., Patra, A., Bellini, E. (eds) Cryptology and Network Security. CANS 2022. Lecture Notes in Computer Science, vol 13641. Springer, Cham. https://doi.org/10.1007/978-3-031-20974-1_3
Download citation
DOI: https://doi.org/10.1007/978-3-031-20974-1_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-20973-4
Online ISBN: 978-3-031-20974-1
eBook Packages: Computer ScienceComputer Science (R0)