Enabling Privacy-Preserving Machine Learning with Secure Multi-Party Computation

Abstract

The adoption of machine learning in domains such as healthcare, biometrics and industrial automation raises concerns around data privacy. Secure Multi-Party Computation offers an interesting approach that enables privacy-preserving computation on sensitive data. This thesis investigates the practicality of SMPC-based machine learning inference, by evaluating SMPC frameworks, benchmarking neural network architectures and implementing two case studies.Firstly three SMPC frameworks were reviewed and compared. Based on this comparison Secretflow-SPU is selected for further experimentation due to its user-friendly support.Second, a systematic benchmark of three different neural network architectures is conducted, to show the inference overhead and the relationship between the number of parameters and layers that influences this overhead.Finally, two SMPC use cases are presented. One is a privacy-preserving face verification and the second is a secure energy prediction for industrial robots. Both case studies show that SMPC introduces a significant inference overhead, especially for face verification that requires a more larger models to perform well. But it also shows that using models that are optimized for resource-constrained devices benefits significantly in SMPC as well. In addition the effect of network conditions such as network delay and packet loss was examined as well.