-
Syft 0.5: A Platform for Universally Deployable Structured Transparency
Authors:
Adam James Hall,
Madhava Jay,
Tudor Cebere,
Bogdan Cebere,
Koen Lennart van der Veen,
George Muraru,
Tongye Xu,
Patrick Cason,
William Abramson,
Ayoub Benaissa,
Chinmay Shah,
Alan Aboudib,
Théo Ryffel,
Kritika Prakash,
Tom Titcombe,
Varun Kumar Khare,
Maddie Shang,
Ionesio Junior,
Animesh Gupta,
Jason Paumier,
Nahua Kang,
Vova Manannikov,
Andrew Trask
Abstract:
We present Syft 0.5, a general-purpose framework that combines a core group of privacy-enhancing technologies that facilitate a universal set of structured transparency systems. This framework is demonstrated through the design and implementation of a novel privacy-preserving inference information flow where we pass homomorphically encrypted activation signals through a split neural network for in…
▽ More
We present Syft 0.5, a general-purpose framework that combines a core group of privacy-enhancing technologies that facilitate a universal set of structured transparency systems. This framework is demonstrated through the design and implementation of a novel privacy-preserving inference information flow where we pass homomorphically encrypted activation signals through a split neural network for inference. We show that splitting the model further up the computation chain significantly reduces the computation time of inference and the payload size of activation signals at the cost of model secrecy. We evaluate our proposed flow with respect to its provision of the core structural transparency principles.
△ Less
Submitted 27 April, 2021; v1 submitted 26 April, 2021;
originally announced April 2021.
-
Practical Defences Against Model Inversion Attacks for Split Neural Networks
Authors:
Tom Titcombe,
Adam J. Hall,
Pavlos Papadopoulos,
Daniele Romanini
Abstract:
We describe a threat model under which a split network-based federated learning system is susceptible to a model inversion attack by a malicious computational server. We demonstrate that the attack can be successfully performed with limited knowledge of the data distribution by the attacker. We propose a simple additive noise method to defend against model inversion, finding that the method can si…
▽ More
We describe a threat model under which a split network-based federated learning system is susceptible to a model inversion attack by a malicious computational server. We demonstrate that the attack can be successfully performed with limited knowledge of the data distribution by the attacker. We propose a simple additive noise method to defend against model inversion, finding that the method can significantly reduce attack efficacy at an acceptable accuracy trade-off on MNIST. Furthermore, we show that NoPeekNN, an existing defensive method, protects different information from exposure, suggesting that a combined defence is necessary to fully protect private user data.
△ Less
Submitted 21 April, 2021; v1 submitted 12 April, 2021;
originally announced April 2021.
-
PyVertical: A Vertical Federated Learning Framework for Multi-headed SplitNN
Authors:
Daniele Romanini,
Adam James Hall,
Pavlos Papadopoulos,
Tom Titcombe,
Abbas Ismail,
Tudor Cebere,
Robert Sandmann,
Robin Roehm,
Michael A. Hoeh
Abstract:
We introduce PyVertical, a framework supporting vertical federated learning using split neural networks. The proposed framework allows a data scientist to train neural networks on data features vertically partitioned across multiple owners while kee** raw data on an owner's device. To link entities shared across different datasets' partitions, we use Private Set Intersection on IDs associated wi…
▽ More
We introduce PyVertical, a framework supporting vertical federated learning using split neural networks. The proposed framework allows a data scientist to train neural networks on data features vertically partitioned across multiple owners while kee** raw data on an owner's device. To link entities shared across different datasets' partitions, we use Private Set Intersection on IDs associated with data points. To demonstrate the validity of the proposed framework, we present the training of a simple dual-headed split neural network for a MNIST classification task, with data samples vertically distributed across two data owners and a data scientist.
△ Less
Submitted 14 April, 2021; v1 submitted 1 April, 2021;
originally announced April 2021.
-
U-Noise: Learnable Noise Masks for Interpretable Image Segmentation
Authors:
Teddy Koker,
Fatemehsadat Mireshghallah,
Tom Titcombe,
Georgios Kaissis
Abstract:
Deep Neural Networks (DNNs) are widely used for decision making in a myriad of critical applications, ranging from medical to societal and even judicial. Given the importance of these decisions, it is crucial for us to be able to interpret these models. We introduce a new method for interpreting image segmentation models by learning regions of images in which noise can be applied without hindering…
▽ More
Deep Neural Networks (DNNs) are widely used for decision making in a myriad of critical applications, ranging from medical to societal and even judicial. Given the importance of these decisions, it is crucial for us to be able to interpret these models. We introduce a new method for interpreting image segmentation models by learning regions of images in which noise can be applied without hindering downstream model performance. We apply this method to segmentation of the pancreas in CT scans, and qualitatively compare the quality of the method to existing explainability techniques, such as Grad-CAM and occlusion sensitivity. Additionally we show that, unlike other methods, our interpretability model can be quantitatively evaluated based on the downstream performance over obscured images.
△ Less
Submitted 25 November, 2022; v1 submitted 14 January, 2021;
originally announced January 2021.
-
Asymmetric Private Set Intersection with Applications to Contact Tracing and Private Vertical Federated Machine Learning
Authors:
Nick Angelou,
Ayoub Benaissa,
Bogdan Cebere,
William Clark,
Adam James Hall,
Michael A. Hoeh,
Daniel Liu,
Pavlos Papadopoulos,
Robin Roehm,
Robert Sandmann,
Phillipp Schoppmann,
Tom Titcombe
Abstract:
We present a multi-language, cross-platform, open-source library for asymmetric private set intersection (PSI) and PSI-Cardinality (PSI-C). Our protocol combines traditional DDH-based PSI and PSI-C protocols with compression based on Bloom filters that helps reduce communication in the asymmetric setting. Currently, our library supports C++, C, Go, WebAssembly, JavaScript, Python, and Rust, and ru…
▽ More
We present a multi-language, cross-platform, open-source library for asymmetric private set intersection (PSI) and PSI-Cardinality (PSI-C). Our protocol combines traditional DDH-based PSI and PSI-C protocols with compression based on Bloom filters that helps reduce communication in the asymmetric setting. Currently, our library supports C++, C, Go, WebAssembly, JavaScript, Python, and Rust, and runs on both traditional hardware (x86) and browser targets. We further apply our library to two use cases: (i) a privacy-preserving contact tracing protocol that is compatible with existing approaches, but improves their privacy guarantees, and (ii) privacy-preserving machine learning on vertically partitioned data.
△ Less
Submitted 18 November, 2020;
originally announced November 2020.