This article is part of the series Signal Processing in the Encrypted Domain.

Open Access Research Article

Oblivious Neural Network Computing via Homomorphic Encryption

C Orlandi1*, A Piva1 and M Barni2

Author Affiliations

1 Department of Electronics and Telecommunications, University of Florence, Via S.Marta 3, Firenze 50139, Italy

2 Department of Information Engineering, University of Siena, Via Roma 56, Siena 53100, Italy

For all author emails, please log on.

EURASIP Journal on Information Security 2007, 2007:037343 doi:10.1155/2007/37343


The electronic version of this article is the complete one and can be found online at: http://jis.eurasipjournals.com/content/2007/1/037343


Received:27 March 2007
Accepted:1 June 2007
Published:24 July 2007

© 2007 Orlandi et al.

This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

The problem of secure data processing by means of a neural network (NN) is addressed. Secure processing refers to the possibility that the NN owner does not get any knowledge about the processed data since they are provided to him in encrypted format. At the same time, the NN itself is protected, given that its owner may not be willing to disclose the knowledge embedded within it. The considered level of protection ensures that the data provided to the network and the network weights and activation functions are kept secret. Particular attention is given to prevent any disclosure of information that could bring a malevolent user to get access to the NN secrets by properly inputting fake data to any point of the proposed protocol. With respect to previous works in this field, the interaction between the user and the NN owner is kept to a minimum with no resort to multiparty computation protocols.

References

  1. K Hornik, M Stinchcombe, H White, Multilayer feedforward networks are universal approximators. Neural Networks 2(5), 359–366 (1989). Publisher Full Text OpenURL

  2. RL Rivest, L Adleman, ML Dertouzos, On data banks and privacy homomorphisms. Foundations of Secure Computation (Academic Press, New York, NY, USA, 1978), pp. 169–178

  3. B Pinkas, Cryptographic techniques for privacy-preserving data mining. ACM SIGKDD Explorations Newsletter 4(2), 12–19 ACM special interest group on knowledge discovery and data minin Publisher Full Text OpenURL

  4. O Goldreich, S Micali, A Wigderson, How to play any mental game or a completeness theorem for protocols with honest majority. Proceedings of the 19th Annual ACM Symposium on Theory of Computing (STOC '87), May 1987, New York, NY, USA (ACM Press), pp. 218–229

  5. D Chaum, C Crépeau, I Damgård, Multiparty unconditionally secure protocols. Proceedings of the 20th Annual ACM Symposium on Theory of Computing (STOC '88), May 1988, Chicago, Ill, USA (ACM Press), pp. 11–19

  6. Y Lindell, B Pinkas, Privacy preserving data mining. Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO '00), August 2000, Santa Barbara, Calif, USA, Lecture Notes in Computer Science 1880, 36–54

  7. R Agrawal, R Srikant, Privacy-preserving data mining. Proceedings of the ACM SIGMOD International Conference on Management of Data, May 2000, Dallas, Tex, USA (ACM Press), pp. 439–450

  8. Y-C Chang, C-J Lu, Oblivious polynomial evaluation and oblivious neural learning. Theoretical Computer Science 341(1–3), 39–54 (2005)

  9. S Laur, H Lipmaa, T Mielikäihen, Cryptographically private support vector machines. Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD '06), August 2006, Philadelphia, Pa, USA (ACM Press), pp. 618–624

  10. M Kantarcioglu, J Vaidya, Privacy preserving naive bayes classifier for horizontally partitioned data. Proceedings of the Workshop on Privacy Preserving Data Mining, November 2003, Melbourne, Fla, USA

  11. Z Yang, RN Wright, Improved privacy-preserving Bayesian network parameter learning on vertically partitioned data. Proceedings of the 21st International Conference on Data Engineering Workshops (ICDEW '05), April 2005, Tokyo, Japan (IEEE Computer Society), p. 1196

  12. R Wright, Z Yang, Privacy-preserving Bayesian network structure computation on distributed heterogeneous data. Proceedings of the 10th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD '04), August 2004, Seattle, Wash, USA (ACM Press), pp. 713–718

  13. G Jagannathan, RN Wright, Privacy-preserving distributed k-means clustering over arbitrarily partitioned data. Proceeding of the 11th ACM SIGKDD International Conference on Knowledge Discovery in Data Mining (KDD '05), August 2005, Chicago, Ill, USA (ACM Press), pp. 593–599

  14. AC Yao, Protocols for secure computations. Proceedings of the 23rd Annual Symposium on Foundations of Computer Science, November 1982, Chicago, Ill, USA, 160–164

  15. A Yao, How to generate and exchange secrets. Proceedings of the 27th Annual Symposium on Foundations of Computer Science (FOCS '86), October 1986, Toronto, Ontario, Canada, 162–167

  16. P Paillier, Public-key cryptosystems based on composite degree residuosity classes. Proceedings of International Conference on the Theory and Application of Cryptographic Techniques (EUROCRYPT '99), May 1999, Prague, Czech Republic, Lecture Notes is Computer Science (Springer) 1592, pp. 223–238

  17. M Barni, C Orlandi, A Piva, A privacy-preserving protocol for neural-network-based computation. Proceedings of the 8th Multimedia and Security Workshop (MM & Sec '06), September 2006, Geneva, Switzerland (ACM Press), pp. 146–151

  18. S Goldwasser, S Micali, Probabilistic encryption. Journal of Computer and System Sciences 28(2), 270–299 (1984). Publisher Full Text OpenURL

  19. I Damgård, M Jurik, A generalisation, a simplification and some applications of Paillier's probabilistic public-key system. Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography (PKC '01), February 2001, Cheju Island, Korea, 119–136

  20. D Catalano, in The bit security of Paillier's encryption scheme and a new, efficient, public key cryptosystem, Ph, ed. by . D. thesis (Università di Catania, Catania, Italy, 2002)

  21. B Goethals, S Laur, H Lipmaa, T Mielikäinen, On private scalar product computation for privacy-preserving data mining. Proceedings of the 7th Annual International Conference in Information Security and Cryptology (ICISC '04), December 2004, Seoul, Korea, 104–120

  22. IJ Cox, J-PMG Linnartz, Public watermarks and resistance to tampering. Proceedings the 4th IEEE International Conference on Image Processing (ICIP '97), October 1997, Santa Barbara, Calif, USA 3, 3–6

  23. T Kalker, J-PMG Linnartz, M van Dijk, Watermark estimation through detector analysis. Proceedings of IEEE International Conference on Image Processing (ICIP '98), October 1998, Chicago, Ill, USA 1, 425–429

  24. D Dolev, C Dwork, M Naor, Nonmalleable cryptography. SIAM Journal on Computing 30(2), 391–437 (2000). Publisher Full Text OpenURL

  25. TM Mitchell, Machine Learning (McGraw-Hill, New York, NY, USA, 1997)

  26. P-A Fouque, J Stern, J-G Wackers, CryptoComputing with rationals. Proceedings of the 6th International Conference on Financial-Cryptography (FC '02), March 2002, Southampton, Bermuda, Lecture Notes in Computer Science 2357, 136–146

  27. RP Gorman, TJ Sejnowski, Analysis of hidden units in a layered network trained to classify sonar targets. Neural Networks 1(1), 75–89 (1988). Publisher Full Text OpenURL