Skip to main content
Springer Nature Link
Log in

Client-Aided Privacy-Preserving Machine Learning

  • Conference paper
  • First Online:
Security and Cryptography for Networks (SCN 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14973))

Included in the following conference series:

Abstract

Privacy-preserving machine learning (PPML) enables multiple distrusting parties to jointly train ML models on their private data without revealing any information beyond the final trained models. In this work, we study the client-aided two-server setting where two non-colluding servers jointly train an ML model on the data held by a large number of clients. By involving the clients in the training process, we develop efficient protocols for training algorithms including linear regression, logistic regression, and neural networks. In particular, we introduce novel approaches to securely computing inner product, sign check, activation functions (e.g., ReLU, logistic function), and division on secret shared values, leveraging lightweight computation on the client side. We present constructions that are secure against semi-honest clients and further enhance them to achieve security against malicious clients. We believe these new client-aided techniques may be of independent interest.

We implement our protocols and compare them with the two-server PPML protocols presented in SecureML (Mohassel and Zhang, S&P’17) across various settings and ABY2.0 (Patra et al., Usenix Security’21) theoretically. We demonstrate that with the assistance of untrusted clients in the training process, we can significantly improve both the communication and computational efficiency by orders of magnitude. Our protocols compare favorably in all the training algorithms on both LAN and WAN networks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Addanki, S., Garbe, K., Jaffe, E., Ostrovsky, R., Polychroniadou, A.: Prio+: privacy preserving aggregate statistics via Boolean shares. In: Galdi, C., Jarecki, S. (eds.) SCN 2022. LNCS, vol. 13409, pp. 516–539. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-14791-3_23

    Chapter  Google Scholar 

  2. Beaver, D.: Efficient multiparty protocols using circuit randomization. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 420–432. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_34

    Chapter  Google Scholar 

  3. Bell, J.H., Bonawitz, K.A., Gascón, A., Lepoint, T., Raykova, M.: Secure single-server aggregation with (poly)logarithmic overhead. In: ACM SIGSAC CCS (2020)

    Google Scholar 

  4. Bonawitz, K.A., et al.: Practical secure aggregation for federated learning on user-held data. CoRR (2016)

    Google Scholar 

  5. Bunn, P., Ostrovsky, R.: Secure two-party k-means clustering. In: CCS (2007)

    Google Scholar 

  6. Byali, M., Chaudhari, H., Patra, A., Suresh, A.: FLASH: fast and robust framework for privacy-preserving machine learning. Proc. Priv. Enhanc. Technol. (2020)

    Google Scholar 

  7. Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: FOCS (2001)

    Google Scholar 

  8. Chaudhari, H., Choudhury, A., Patra, A., Suresh, A.: ASTRA: high throughput 3PC over rings with application to secure prediction. In: ACM SIGSAC (2019)

    Google Scholar 

  9. Chaudhari, H., Rachuri, R., Suresh, A.: Trident: efficient 4PC framework for privacy preserving machine learning. In: NDSS (2020)

    Google Scholar 

  10. Corrigan-Gibbs, H., Boneh, D.: Prio: private, robust, and scalable computation of aggregate statistics. In: USENIX NSDI (2017)

    Google Scholar 

  11. Deng, L.: The MNIST database of handwritten digit images for machine learning research. IEEE Signal Process. Mag. (2012)

    Google Scholar 

  12. Geng, J., et al.: Towards general deep leakage in federated learning. CoRR (2021)

    Google Scholar 

  13. Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or A completeness theorem for protocols with honest majority. In: STOC (1987)

    Google Scholar 

  14. Jagannathan, G., Wright, R.N.: Privacy-preserving distributed k-means clustering over arbitrarily partitioned data. In: ACM SIGKDD (2005)

    Google Scholar 

  15. Juvekar, C., Vaikuntanathan, V., Chandrakasan, A.: GAZELLE: a low latency framework for secure neural network inference. In: USENIX Security (2018)

    Google Scholar 

  16. Kairouz, P., et al.: Advances and open problems in federated learning. CoRR (2019)

    Google Scholar 

  17. Kamara, S., Mohassel, P., Raykova, M., Sadeghian, S.: Scaling private set intersection to billion-element sets. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 195–215. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45472-5_13

    Chapter  Google Scholar 

  18. Konečný, J., McMahan, H.B., Ramage, D., Richtárik, P.: Federated optimization: distributed machine learning for on-device intelligence. CoRR (2016)

    Google Scholar 

  19. Koti, N., Pancholi, M., Patra, A., Suresh, A.: SWIFT: super-fast and robust privacy-preserving machine learning. In: USENIX Security (2021)

    Google Scholar 

  20. Kumar, N., Rathee, M., Chandran, N., Gupta, D., Rastogi, A., Sharma, R.: CryptFlow: secure TensorFlow inference. In: IEEE SP (2020)

    Google Scholar 

  21. Le, P.H., Ranellucci, S., Gordon, S.D.: Two-party private set intersection with an untrusted third party. In: SIGSAC (2019)

    Google Scholar 

  22. Lin, H.-Y., Tzeng, W.-G.: An efficient solution to the millionaires’ problem based on homomorphic encryption. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 456–466. Springer, Heidelberg (2005). https://doi.org/10.1007/11496137_31

    Chapter  Google Scholar 

  23. Lindell, Y., Pinkas, B.: Privacy preserving data mining. J. Cryptol. (2002)

    Google Scholar 

  24. McMahan, B., Moore, E., Ramage, D., Hampson, S., y Arcas, B.A.: Communication-efficient learning of deep networks from decentralized data. In: AISTATS (2017)

    Google Scholar 

  25. Melis, L., Song, C., De Cristofaro, E., Shmatikov, V.: Exploiting unintended feature leakage in collaborative learning. In: IEEE SP (2019)

    Google Scholar 

  26. Mishra, P., Lehmkuhl, R., Srinivasan, A., Zheng, W., Popa, R.A.: Delphi: a cryptographic inference service for neural networks. In: USENIX Security (2020)

    Google Scholar 

  27. Mohassel, P., Rindal, P.: Aby\( ^{\text{3}}\): a mixed protocol framework for machine learning. In: ACM SIGSAC CCS (2018)

    Google Scholar 

  28. Mohassel, P., Zhang, Y.: SecureML: a system for scalable privacy-preserving machine learning. In: IEEE SP (2017)

    Google Scholar 

  29. Patra, A., Schneider, T., Suresh, A., Yalame, H.: ABY2.0: improved mixed-protocol secure two-party computation. In: USENIX Security (2021)

    Google Scholar 

  30. Patra, A., Suresh, A.: BLAZE: blazing fast privacy-preserving machine learning. In: NDSS (2020)

    Google Scholar 

  31. Rathee, D., et al.: CryptFlow2: practical 2-party secure inference. In: ACM SIGSAC CCS (2020)

    Google Scholar 

  32. Sadegh Riazi, M., Weinert, C., Tkachenko, O., Songhori, E.M., Schneider, T., Koushanfar, F.: Chameleon: a hybrid secure computation framework for machine learning applications. In: AsiaCCS (2018)

    Google Scholar 

  33. Salem, A., Bhattacharya, A., Backes, M., Fritz, M., Zhang, Y.: Updates-leak: data set inference and reconstruction attacks in online learning. In: USENIX Security (2020)

    Google Scholar 

  34. Vaidya, J., Yu, H., Jiang, X.: Privacy-preserving SVM classification. Knowl. Inf. Syst. (2008)

    Google Scholar 

  35. Wagh, S., Gupta, D., Chandran, N.: SecureNN: 3-party secure computation for neural network training. Proc. Priv. Enhancing Technol. (2019)

    Google Scholar 

  36. Wang, Z., Song, M., Zhang, Z., Song, Y., Wang, Q., Qi, H.: Beyond inferring class representatives: user-level privacy leakage from federated learning. In: IEEE INFOCOM (2019)

    Google Scholar 

  37. Yao, A.C.-C.: How to generate and exchange secrets (extended abstract). In: FOCS (1986)

    Google Scholar 

  38. Yu, H., Vaidya, J., Jiang, X.: Privacy-preserving SVM classification on vertically partitioned data. In: Ng, W.-K., Kitsuregawa, M., Li, J., Chang, K. (eds.) PAKDD 2006. LNCS (LNAI), vol. 3918, pp. 647–656. Springer, Heidelberg (2006). https://doi.org/10.1007/11731139_74

    Chapter  Google Scholar 

  39. Zhu, L., Liu, Z., Han, S.: Deep leakage from gradients. In: NeurIPS (2019)

    Google Scholar 

Download references

Acknowledgments

This project is supported in part by the NSF CNS Award 2247352, Brown Data Science Seed Grant, Meta Research Award, Google Research Scholar Award, and Amazon Research Award.

Author information

Authors and Affiliations

  1. Brown University, Providence, USA

    Peihan Miao & Xinyi Shi

  2. University of California, Riverside, USA

    Chao Wu

  3. University of Illinois Urbana-Champaign, Urbana, USA

    Ruofan Xu

Authors
  1. Peihan Miao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xinyi Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chao Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ruofan Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xinyi Shi .

Editor information

Editors and Affiliations

  1. Università degli Studi di Salerno, Fisciano, Italy

    Clemente Galdi

  2. Télécom Paris, Paris, France

    Duong Hieu Phan

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Miao, P., Shi, X., Wu, C., Xu, R. (2024). Client-Aided Privacy-Preserving Machine Learning. In: Galdi, C., Phan, D.H. (eds) Security and Cryptography for Networks. SCN 2024. Lecture Notes in Computer Science, vol 14973. Springer, Cham. https://doi.org/10.1007/978-3-031-71070-4_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-71070-4_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-71069-8

  • Online ISBN: 978-3-031-71070-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics