Conformal Prediction for Privacy-Preserving Machine Learning

TL;DR

This paper demonstrates that conformal prediction methods can effectively provide uncertainty quantification in privacy-preserving machine learning using encrypted data, maintaining meaningful predictive performance and coverage.

Contribution

It introduces the application of conformal prediction directly on deterministically encrypted data, showing feasibility and analyzing trade-offs in privacy, accuracy, and coverage.

Findings

Models trained on encrypted data achieve 36.88% accuracy.

E-value-based conformal predictors reach over 60% coverage.

Encrypted data models outperform random guessing significantly.

Abstract

We investigate the integration of Conformal Prediction (CP) with supervised learning on deterministically encrypted data, aiming to bridge the gap between rigorous uncertainty quantification and privacy-preserving machine learning. Using AES-encrypted variants of the MNIST dataset, we demonstrate that CP methods remain effective even when applied directly in the encrypted domain, owing to the preservation of data exchangeability under fixed-key encryption. We test traditional $p$-value-based against $e$-value-based conformal predictors. Our empirical evaluation reveals that models trained on deterministically encrypted data retain the ability to extract meaningful structure, achieving 36.88\% test accuracy -- significantly above random guessing (9.56\%) observed with per-instance encryption. Moreover, $e$-value-based CP achieves predictive set coverage of over 60\% with 4.3 loss-threshold calibration, correctly capturing the true label in 4888 out of 5000 test cases. In contrast, the $p$-value-based CP yields smaller predictive sets but with reduced coverage accuracy. These findings highlight both the promise and limitations of CP in encrypted data settings and underscore critical trade-offs between prediction set compactness and reliability. %Our work sets a foundation for principled uncertainty quantification in secure, privacy-aware learning systems.