How to protect data in cloud neural networks - a new encryption method
Researchers from MIT have developed A new method of encryption for working with neural networks in the cloud - Gazelle. The server processes the user's data without knowing their contents, that is, they remain anonymous. We tell about the system and its perspectives.
/photo John Jones CC
Why Gazellewas needed.
Outsourcing of machine learning is a growing trend in the IT industry. Large firms launch cloud platforms with convolutional neural networks. These networks are often used for the classification of images (in medicine, for example, for the classification of X-rays and CT images). However, their data exchange mechanisms over the network seriously slow down the whole process, which limits the range of applications of such services.
Gazelle will protect the data that is transferred to neural networks in the cloud, and speed up their processing. The MIT solution is 20-30 times faster than similar algorithms .
How does the technology
The system uses two forms of encryption. The first one is homomorphic encryption - it allows you to perform various mathematical actions on the encrypted user data and generate an encrypted result. And it corresponds to the result of operations performed with "open" values.
The second form is the protocol. distorted contour . This is confidential accounting protocol , which allows the participants in the system to evaluate any value (for example, more, less or equal) without disclosing information about the input data and not attracting a third party (arbitrator).
In general, the system consists of three components. The first is a homomorphic layer (Homomorphic Layer), which contains fast realizations of homomorphic operations: SIMD and SIMD multiplication (scalar), as well as automorphisms of . The second component is the kernels of linear algebra (Linear Algebra kernels). Here, the algorithms of matrix-vector multiplication and homomorphic convolution are "enclosed", as well as the system for searching for image features.
The third component is called Gazelle Network Inference. This is an output system that combines systems of a distorted contour with linear algebra kernels. It is the basis of the protocol for outputting the results of neural network processing.
The very same processing of data occurs as follows. First, the client encrypts its data using a scheme for homomorphic encryption and sends them to a server with a neural network. Next, the neural network produces the necessary calculations in the linear layer, and then transfers them further - to the nonlinear (in convolutional neural networks, these layers are constantly alternating).
After that, the data is divided between the network and the user's device. On the device of the latter there must be a system that is able to work with schemes based on the construction of distorted circuits. The user independently performs a series of calculations and sends the encrypted results back to the cloud.
This load sharing ensures that the neurosystem will perform complex homomorphic calculations for one layer at a time. This avoids data clutter and improves system performance (since a distorted circuit works best on non-linear layers). A similar exchange of data is performed alternately for all layers of the network.
Further, the procedure for the separation of secrets is carried out. The data, broken into several parts, is synchronized and collected together by the client. Cloud service sends the last key to decrypt the result. So one side (the user) receives the classification results, and the second party (the server with the neural network) receives nothing.
More information about the system can be found in article , which the researchers published on the results of their work.
Perspectives of technology
So far, the algorithm is experimental and has not been implemented in any particular application. Creating programs with practical application is the next stage in the development of the system.
/photo PxHere PD
Perhaps one of the tools will be an algorithm of machine learning, which reveals in patients the presence of diabetic retinopathy from a picture of the eye. The system is already approved The US Food and Drug Administration is used in hospitals. There is a possibility that it will be the first one for which Gazelle is implemented.
Technology is planned to be used not only in the field of medicine. It will also find application in analytical systems for the financial market and face recognition systems. So, the server will not have access to the original photos of people, which should increase the security of these solutions.
P.S. What else do we write on the blog about IaaS:
Is cloudless computing in the cloud a trend of modernity or necessity?
Cloud technologies in the financial sphere: the experience of Russian companies
How to test the disk system in the cloud
P.P.S. Fresh posts from our blog on Habré:
IETF proposed a new standard for messaging - what you need to know
The Japanese presented a prototype processor for the exaflop supercomputer
It may be interesting
Situs QQ Online
Situs QQ Online