MIT to Improve Cloud-Based Machine Learning Security

New method combines two encryption techniques and keeps neural networks operate quickly
20 August 2018   623

A team of researchers from MIT presented a combined method of data encryption for cloud artificial intelligence models at a computer security conference organized by USENIX. Protected with its help, the neural network works 20-30 times faster than those that use traditional techniques.

In addition, privacy remains: the cloud server does not receive the full amount of confidential data, and the user remains unaware of the parameters of the neural network. According to researchers, their system could be useful to hospitals for diagnosis of diseases from MRI photographs using cloud-based AI models.

In cloud computing, two techniques are commonly used: homomorphic encryption and garbled circuits. The first receives and performs calculations completely on the encrypted data and generates a result that the user can decode. However, a convolutional neural network creates noise during processing that grows and accumulates with each layer, so the need to filter the interference significantly reduces the computational speed.

The second technique is a form of computation for which two participants are required. The system takes their input data, processes it and sends each its result. In this case, the parties exchange information, but do not have an idea of ​​what it means. However, the width of the communication channel required for data exchange directly depends on the complexity of the calculations.

With respect to cloud neural networks, the technique shows itself well only on nonlinear layers that perform simple operations. On linear, using complex mathematics, the speed is reduced to a critical level.

The MIT team proposed a solution that uses the strengths of these two methods and bypasses the weak ones. So, the user starts on his device an encryption system using the technique of distorted circuits and loads data encrypted with a homomorphic method into the cloud neural network. Thus, both parties to the process are divided by data: the user device performs calculations on the distorted circuits and sends the data back to the neural network.

Separation of the workload allows to bypass the strong noise of data on each layer, which occurs with homomorphic encryption. In addition, the system limits communication on the technique of distorted circuits to only nonlinear layers.

The final touch is protection using the "secret exchange" scheme. When a user downloads encrypted data to a cloud service, they are separated, and each part receives a secret key. During the calculation, each participant has only a portion of the information. They are synchronized at the end, and only then the user requests from the service his secret key to decrypt the results.

As a result, the user gets the result of classification, but remains unaware of the model parameters, and the cloud service does not have access to the entire volume of data, which ensures privacy.

Neural networks require large processing power for processing data, and they are provided by cloud servers. However, MIT researchers are studying another option: the development of chips of a new architecture for the operation of neural networks on the device itself. In February 2018, they introduced a prototype processor, where the calculations are performed 3-7 times faster, and the power consumption is reduced by 95%.

Facebook to Release PyTorch 1.0

This release added support for large cloud platforms, a C ++ interface, a set of JIT compilers
10 December 2018   106

Facebook has released a stable version of the library for machine learning PyTorch 1.0. This iteration added support for large cloud platforms, a C ++ interface, a set of JIT compilers, and various improvements.

The stable version received a set of JIT compilers that eliminate the dependence of the code on the Python interpreter. The model code is transformed into Torch Script - a superstructure over Python. Keeping the opportunity to work with the model in the Python environment, the user can download it to other projects not related to this language. So, the PyTorch developers state that the code processed in this way can be used in the C ++ API.

The torch.distributed package and the torch.nn.parallel.DistributedDataParallel module are completely redesigned. torch.distributed now has better performance and works asynchronously with the Gloo, NCCL and MPI libraries.

The developers added a C ++ wrapper to PyTorch 1.0. It contains analogs of Python interface components, such astorch.nn,torch.optim, torch.data. According to the creators, the new interface should provide high performance for C ++ applications. True, the C ++ API is still experimental, but it can be used in projects now.

To improve the efficiency of working with PyTorch 1.0, a Torch Hub repository has been created, which stores pre-trained models of neural networks. You can publish your own development using the hubconf.py file, after which the model will be available for download by any user via the torch.hub.load API.

Support for C extensions and the module torch.utils.trainer were removed from the library.

Facebook released the preliminary version of PyTorch 1.0 at the beginning of October 2018, and in two months the developers brought the framework to a stable state.