Enhanced Outsourced and Secure Inference for Tall Sparse Decision Trees

TL;DR

This paper introduces a secure, efficient, and privacy-preserving decision tree inference protocol that distributes the model across multiple entities, improving runtime and defending against side-channel attacks.

Contribution

It proposes a novel multi-entity model sharing approach for decision trees, enhancing efficiency and security over previous protocols.

Findings

Improved average runtime for non-complete trees.

Enhanced security against side-channel attacks.

Effective model sharing across multiple entities.

Abstract

A decision tree is an easy-to-understand tool that has been widely used for classification tasks. On the one hand, due to privacy concerns, there has been an urgent need to create privacy-preserving classifiers that conceal the user's input from the classifier. On the other hand, with the rise of cloud computing, data owners are keen to reduce risk by outsourcing their model, but want security guarantees that third parties cannot steal their decision tree model. To address these issues, Joye and Salehi introduced a theoretical protocol that efficiently evaluates decision trees while maintaining privacy by leveraging their comparison protocol that is resistant to timing attacks. However, their approach was not only inefficient but also prone to side-channel attacks. Therefore, in this paper, we propose a new decision tree inference protocol in which the model is shared and evaluated among multiple entities. We partition our decision tree model by each level to be stored in a new entity we refer to as a "level-site." Utilizing this approach, we were able to gain improved average run time for classifier evaluation for a non-complete tree, while also having strong mitigations against side-channel attacks.