Privacy-preserving machine learning (PPML) based on Cryptographic techniques has been attracting attention in recent years. A lot papers provide matchine learning as a service (MLaaS) mainly in two ways:
- Inference: A company offers a trained ML model, and a customer is able to query a feature input to obtain the inference result.
- Training: Multiple companies work together to train a high accuracy model using their datasets.
The major concern is to keep the model (i.e., model parameters) and the input data (either training data or inference samples) secret.
Existing works can be divided into different categories from different aspects. The commonly-adopted criterion are as follows:
- Computation Setting: This denotes how many parties are involved in the computation (i.e., inference or training). Typically, there are 2PC, 3PC, 4PC and 4+ parties.
- Security Model: This depicts the behavior of the adversary. e.g., semi-honest (or malicious) and honest-majority (or dishonest-majority).
- Capability: This represents whether the work support inference or training.
An overview of existing works is illustrated in the table below.
| PPML | Capability | Threat Model | Techniques | |||
|---|---|---|---|---|---|---|
| Inference | Training | Semi-honest | Malicious | |||
| 2PC | ABY | ✔ | ✔ | ✔ | OT & GC & SS | |
| 2PC | SecureML | ✔ | ✔ | ✔ | HE & GC & SS | |
| 2PC | MiniONN | ✔ | ✔ | HE & GC & SS | ||
| 2PC | GAZELLE | ✔ | ✔ | HE & GC & SS | ||
| 2PC | EzPC | ✔ | ✔ | GC & SS | ||
| 2PC | XONN | ✔ | ✔ | GC & SS | ||
| 2PC | QUOTIENT | ✔ | ✔ | ✔ | OT & GC & SS | |
| 2PC | MP2ML | ✔ | ✔ | HE & GC & SS | ||
| 2PC | CrypTFlow2 | ✔ | ✔ | HE & OT & SS | ||
| 2PC | Delphi | ✔ | ✔ | HE & GC & SS | ||
| 2PC | GALA | ✔ | ✔ | HE & GC | ||
| 2PC | QuantizedNN | ✔ | ✔ | Abort | HE & OT & SS | |
| 2PC | GForce | ✔ | ✔ | HE & SS | ||
| 2PC | ABY 2.0 | ✔ | ✔ | ✔ | OT & GC & SS | |
| 2PC | MUSE | ✔ | ✔ | Malicious clients | HE & GC & SS | |
| 2PC | SIRNN | ✔ | ✔ | SS & OT | ||
| 2PC | SecFloat | ✔ | ✔ | ✔ | SS & OT | |
| 2PC | Cheetah | ✔ | ✔ | HE & SS & OT | ||
| 2PC | PRNNInfer | ✔ | ✔ | HE | ||
| 2PC | AriaNN | ✔ | ✔ | ✔ | FSS & SS | |
| 2PC | Pika | ✔ | ✔ | ✔ | FSS | |
| 2PC | Fusion | ✔ | ✔ | Malicious servers | SS & ZKP | |
| 2PC | SIMC | ✔ | ✔ | Malicious clients | SS & HE & OT & GC | |
| 2PC | Squirrel | ✔ | ✔ | ✔ | SS & HE & OT | |
| 3PC | Chameleon | ✔ | ✔ | GC & SS | ||
| 3PC | ABY3 | ✔ | ✔ | ✔ | GC & SS | |
| 3PC | ASTRA | ✔ | ✔ | ✔ | Abort | SS |
| 3PC | SecureNN | ✔ | ✔ | ✔ | SS | |
| 3PC | BLAZE | ✔ | ✔ | ✔ | Fairness | SS |
| 3PC | QuantizedNN | ✔ | ✔ | Abort | SS | |
| 3PC | CrypTFlow | ✔ | ✔ | SS | ||
| 3PC | SWIFT | ✔ | ✔ | GOD | SS | |
| 3PC | Falcon | ✔ | ✔ | ✔ | Abort | SS |
| 3PC | CryptGPU | ✔ | ✔ | ✔ | SS | |
| 3PC | SecQuantizedNN | ✔ | ✔ | ✔ | SS | |
| 3PC | Piranha | ✔ | ✔ | ✔ | SS | |
| 3PC | pMPL | ✔ | ✔ | ✔ | GOD (privileged party) | SS |
| 3PC | PEA | ✔ | ✔ | ✔ | SS & DP | |
| 3PC | LLAMA | ✔ | ✔ | FSS & SS | ||
| 4PC | FLASH | ✔ | ✔ | ✔ | GOD | SS |
| 4PC | SWIFT | ✔ | ✔ | ✔ | GOD | SS |
| 4PC | Trident | ✔ | ✔ | ✔ | Fairness | GC & SS |
| 4PC | Fantastic Four | ✔ | ✔ | ✔ | GOD | SS |
| 4PC | Tetrad | ✔ | ✔ | ✔ | GOD | GC & SS |
Note: one paper may be included in several categories (e.g. a paper that supports training naturally supports inference).
-
Cryptographic Primitives in Privacy-Preserving Machine Learning: A Survey. H. Qin, D. He, Q. Feng, M. K. Khan, M. Luo and K. -K. R. Choo IEEE Transactions on Knowledge and Data Engineering, eprint
-
Secure Multi-party Learning: From Secure Computation to Secure Learning. HAN Wei-Li SONG Lu-shan RUAN Wen-qiang LIN Guo-peng WANG Zhe-xuan Chinese Journal of Computers, eprint in Chinese
-
When Machine Learning Meets Privacy: A Survey and Outlook. Bo Liu, Ming Ding, Sina Shaham, Wenny Rahayu, Farhad Farokhi, and Zihuai Lin ACM Computing Surveys (CSUR), eprint
-
Privacy-preserving machine learning: Methods, challenges and directions. Xu R, Baracaldo N, Joshi J arXiv preprint arXiv, eprint
- Fusion: Efficient and Secure Inference Resilient to Malicious Servers. Caiqin Dong, Jian Weng, Jia-Nan Liu, Yue Zhang, Yao Tong, Anjia Yang, Yudan Cheng, Shun Hu NDSS 2023, eprint
- SIMC: ML Inference Secure Against Malicious Clients at Semi-Honest Cost. Nishanth Chandran, Divya Gupta, Sai Lakshmi Bhavana Obbattu, Akash Shah USENIX 2022, eprint
- Private and Reliable Neural Network Inference. Nikola Jovanovic, Marc Fischer, Samuel Steffen, Martin T. Vechev CCS 2022, eprint
- Cheetah: Lean and Fast Secure Two-Party Deep Neural Network Inference. Zhicong Huang, Wen-jie Lu, Cheng Hong, Jiansheng Ding USENIX 2022, eprint
- SIRNN: A Math Library for Secure RNN Inference. Deevashwer Rathee, Mayank Rathee, Rahul Kranti Kiran Goli, Divya Gupta, Rahul Sharma, Nishanth Chandran, Aseem Rastogi S&P 2021, eprint
- Muse: Secure Inference Resilient to Malicious Clients. Ryan Lehmkuhl, Pratyush Mishra, Akshayaram Srinivasan, Raluca Ada Popa S&P 2021, eprint
- GForce: GPU-Friendly Oblivious and Rapid Neural Network Inference. Lucien K. L. Ng, Sherman S. M. Chow USENIX 2021, eprint
- GALA: Greedy ComputAtion for Linear Algebra in Privacy-Preserved Neural Networks. Qiao Zhang, Chunsheng Xin, Hongyi Wu NDSS 2021, eprint
- Delphi: A Cryptographic Inference Service for Neural Networks. Pratyush Mishra, Ryan Lehmkuhl, Akshayaram Srinivasan, Wenting Zheng, Raluca Ada Popa USENIX 2020, eprint
- CrypTFlow2: Practical 2-Party Secure Inference. Deevashwer Rathee, Mayank Rathee, Nishant Kumar, Nishanth Chandran, Divya Gupta, Aseem Rastogi, Rahul Sharma CCS 2020, eprint
- MP2ML: A mixed-protocol machine learning framework for private inference. Fabian Boemer, Rosario Cammarota, Daniel Demmler, Thomas Schneider, Hossein Yalame ARES 2020, eprint
- XONN: XNOR-based Oblivious Deep Neural Network Inference. M. Sadegh Riazi, Mohammad Samragh, Hao Chen, Kim Laine, Kristin E. Lauter, Farinaz Koushanfar USENIX 2019, eprint
- EzPC: Programmable and efficient secure two-party computation for machine learning. Nishanth Chandran, Divya Gupta, Aseem Rastogi, Rahul Sharma, Shardul Tripathi EuroS&P 2019, eprint
- GAZELLE: A Low Latency Framework for Secure Neural Network Inference. Chiraag Juvekar, Vinod Vaikuntanathan, Anantha P. Chandrakasan USENIX 2018, eprint
- Oblivious Neural Network Predictions via MiniONN Transformations. Jian Liu, Mika Juuti, Yao Lu, N. Asokan CCS 2017, eprint
- Squirrel: A Scalable Secure Two-Party Computation Framework for Training Gradient Boosting Decision Tree. Wen-jie Lu, Zhicong Huang, Qizhi Zhang, Yuchen Wang, Cheng Hong USENIX 2023, eprint
- AriaNN: Low-Interaction Privacy-Preserving Deep Learning via Function Secret Sharing. Théo Ryffel, Pierre Tholoniat, David Pointcheval, Francis R. Bach PETS 2022, eprint
- Pika: Secure Computation using Function Secret Sharing over Rings. Sameer Wagh PETS 2022, eprint
- SecFloat: Accurate Floating-Point meets Secure 2-Party Computation. Deevashwer Rathee, Anwesh Bhattacharya, Rahul Sharma, Divya Gupta, Nishanth Chandran, Aseem Rastogi S&P 2022, eprint
- Piranha: A GPU Platform for Secure Computation. Jean-Luc Watson, Sameer Wagh, Raluca Ada Popa USENIX 2022, eprint
- ABY2.0: Improved Mixed-Protocol Secure Two-Party Computation. Arpita Patra, Thomas Schneider, Ajith Suresh, Hossein Yalame USENIX 2021, eprint
- QUOTIENT: Two-party secure neural network training and prediction. Nitin Agrawal, Ali Shahin Shamsabadi, Matt J. Kusner, Adrià Gascón CCS 2019, eprint
- SecureML: A System for Scalable Privacy-Preserving Machine Learning. Payman Mohassel, Yupeng Zhang S&P 2017, eprint
- ABY - A Framework for Efficient Mixed-Protocol Secure Two-Party Computation. Daniel Demmler, Thomas Schneider, Michael Zohner NDSS 2015, eprint
- LLAMA: A Low Latency Math Library for Secure Inference. Kanav Gupta, Deepak Kumaraswamy, Nishanth Chandran, Divya Gupta PETS 2022, eprint
- CrypTFlow: Secure TensorFlow Inference. Nishant Kumar, Mayank Rathee, Nishanth Chandran, Divya Gupta, Aseem Rastogi, Rahul Sharma S&P 2020, eprint
- Secure evaluation of quantized neural networks. Anders P. K. Dalskov, Daniel Escudero, Marcel Keller PETS 2020, eprint
- Chameleon: a hybrid secure computation framework for machine learning applications. M. Sadegh Riazi, Christian Weinert, Oleksandr Tkachenko, Ebrahim M. Songhori, Thomas Schneider, Farinaz Koushanfar AsiaCCS 2018, eprint
- Private, Efficient, and Accurate: Protecting Models Trained by Multi-party Learning with Differential Privacy Wenqiang Ruan, Mingxin Xu, Wenjing Fang, Li Wang, Lei Wang, Weili Han S&P 2023, eprint
- Efficient decision tree training with new data structure for secure multi-party computation. Koki Hamada, Dai Ikarashi, Ryo Kikuchi, Koji Chida PETS 2023, eprint
- Multi-Party Replicated Secret Sharing over a Ring with Applications to Privacy-Preserving Machine Learning. Alessandro N. Baccarini, Marina Blanton, Chen Yuan PETS 2023, eprint
- Convolutions in Overdrive: Maliciously Secure Convolutions for MPC. Marc Rivinius, Pascal Reisert, Sebastian Hasler, Ralf Küsters PETS 2023, eprint
- pMPL: A Robust Multi-Party Learning Framework with a Privileged Party. Lushan Song, Jiaxuan Wang, Zhexuan Wang, Xinyu Tu, Guopeng Lin, Wenqiang Ruan, Haoqi Wu, Weili Han CCS 2022, eprint
- Piranha: A GPU Platform for Secure Computation. Jean-Luc Watson, Sameer Wagh, Raluca Ada Popa USENIX 2022, eprint
- Secure Quantized Training for Deep Learning. Marcel Keller, Ke Sun ICML 2022, eprint
- SWIFT: super-fast and robust privacy-preserving machine learning. Nishat Koti, Mahak Pancholi, Arpita Patra, Ajith Suresh USENIX 2021, eprint
- CryptGPU: Fast Privacy-Preserving Machine Learning on the GPU. Sijun Tan, Brian Knott, Yuan Tian, David J. Wu S&P 2021, eprint
- Falcon: Honest-Majority Maliciously Secure Framework for Private Deep Learning. Sameer Wagh, Shruti Tople, Fabrice Benhamouda, Eyal Kushilevitz, Prateek Mittal, Tal Rabin PETS 2021, eprint
- BLAZE: Blazing Fast Privacy-Preserving Machine Learning. Arpita Patra, Ajith Suresh NDSS 2020, eprint
- SecureNN: 3-Party Secure Computation for Neural Network Training. Sameer Wagh, Divya Gupta, Nishanth Chandran PETS 2019, eprint
- ASTRA: High Throughput 3PC over Rings with Application to Secure Prediction. Harsh Chaudhari, Ashish Choudhury, Arpita Patra, Ajith Suresh CCSW 2019, eprint
- ABY3: A Mixed Protocol Framework for Machine Learning. Payman Mohassel, Peter Rindal CCS 2018, eprint
- Tetrad: Actively Secure 4PC for Secure Training and Inference. Nishat Koti, Arpita Patra, Rahul Rachuri, Ajith Suresh NDSS 2022, eprint
- Fantastic Four: Honest-Majority Four-Party Secure Computation With Malicious Security. Anders P. K. Dalskov, Daniel Escudero, Marcel Keller USENIX 2021, eprint
- Trident: Efficient 4PC Framework for Privacy Preserving Machine Learning. Harsh Chaudhari, Rahul Rachuri, Ajith Suresh NDSS 2020, eprint
- SWIFT: super-fast and robust privacy-preserving machine learning. Nishat Koti, Mahak Pancholi, Arpita Patra, Ajith Suresh USENIX 2021, eprint
- FLASH: Fast and Robust Framework for Privacy-preserving Machine Learning. Megha Byali, Harsh Chaudhari, Arpita Patra, Ajith Suresh PETS 2020, eprint