Crypto-Nets: Neural Networks over Encrypted Data

TL;DR

This paper introduces a method for performing neural network predictions on encrypted data using homomorphic encryption, enabling privacy-preserving cloud-based inference without sacrificing accuracy.

Contribution

It presents a novel protocol combining neural networks with homomorphic encryption, allowing secure inference on encrypted data with modifications to neural network components.

Findings

Neural network inference on encrypted data is feasible with protocol modifications.

The method maintains prediction accuracy while preserving data privacy.

Secure cloud-based neural network services can be built using this approach.

Abstract

The problem we address is the following: how can a user employ a predictive model that is held by a third party, without compromising private information. For example, a hospital may wish to use a cloud service to predict the readmission risk of a patient. However, due to regulations, the patient's medical files cannot be revealed. The goal is to make an inference using the model, without jeopardizing the accuracy of the prediction or the privacy of the data. To achieve high accuracy, we use neural networks, which have been shown to outperform other learning models for many tasks. To achieve the privacy requirements, we use homomorphic encryption in the following protocol: the data owner encrypts the data and sends the ciphertexts to the third party to obtain a prediction from a trained model. The model operates on these ciphertexts and sends back the encrypted prediction. In this protocol, not only the data remains private, even the values predicted are available only to the data owner. Using homomorphic encryption and modifications to the activation functions and training algorithms of neural networks, we show that it is protocol is possible and may be feasible. This method paves the way to build a secure cloud-based neural network prediction services without invading users' privacy.