FLASH: Fast and Robust Framework for Privacy-preserving Machine Learning

Megha Byali 1 , Harsh Chaudhari 2 , Arpita Patra 3  and Ajith Suresh 4
  • 1 Indian Institute of Science,
  • 2 Indian Institute of Science,
  • 3 Indian Institute of Science,
  • 4 Indian Institute of Science,


Privacy-preserving machine learning (PPML) via Secure Multi-party Computation (MPC) has gained momentum in the recent past. Assuming a minimal network of pair-wise private channels, we propose an efficient four-party PPML framework over rings ℤ2ℓ, FLASH, the first of its kind in the regime of PPML framework, that achieves the strongest security notion of Guaranteed Output Delivery (all parties obtain the output irrespective of adversary’s behaviour). The state of the art ML frameworks such as ABY3 by Mohassel et.al (ACM CCS’18) and SecureNN by Wagh et.al (PETS’19) operate in the setting of 3 parties with one malicious corruption but achieve the weaker security guarantee of abort. We demonstrate PPML with real-time efficiency, using the following custom-made tools that overcome the limitations of the aforementioned state-of-the-art– (a) dot product, which is independent of the vector size unlike the state-of-the-art ABY3, SecureNN and ASTRA by Chaudhari et.al (ACM CCSW’19), all of which have linear dependence on the vector size. (b) Truncation and MSB Extraction, which are constant round and free of circuits like Parallel Prefix Adder (PPA) and Ripple Carry Adder (RCA), unlike ABY3 which uses these circuits and has round complexity of the order of depth of these circuits. We then exhibit the application of our FLASH framework in the secure server-aided prediction of vital algorithms– Linear Regression, Logistic Regression, Deep Neural Networks, and Binarized Neural Networks. We substantiate our theoretical claims through improvement in benchmarks of the aforementioned algorithms when compared with the current best framework ABY3. All the protocols are implemented over a 64-bit ring in LAN and WAN. Our experiments demonstrate that, for MNIST dataset, the improvement (in terms of throughput) ranges from 24 × to 1390 × over LAN and WAN together.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] A.Barak, D.Escudero, A.P.K.Dalskov, and M.Keller. Secure evaluation of quantized neural networks. IACR Cryptology ePrint Archive, 2019.

  • [2] Á.Kiss, M.Naderpour, J.Liu, N. Asokan, and T.Schneider. Sok: Modular and efficient private decision tree evaluation. In PoPETs, 2018.

  • [3] T. Araki, A. Barak, J. Furukawa, T. Lichter, Y. Lindell, A. Nof, K. Ohara, A. Watzman, and O. Weinstein. Optimized Honest-Majority MPC for Malicious Adversaries -Breaking the 1 Billion-Gate Per Second Barrier. In IEEE S&P, 2017.

  • [4] T. Araki, A. Barak, J. Furukawa, Y. Lindell, A. Nof, and K. Ohara. DEMO: high-throughput secure three-party computation of kerberos ticket generation. In ACM CCS, 2016.

  • [5] T. Araki, J. Furukawa, Y. Lindell, A. Nof, and K. Ohara. High-Throughput Semi-Honest Secure Three-Party Computation with an Honest Majority. In ACM CCS, 2016.

  • [6] A.Tueno, F.Kerschbaum, and S.Katzenbeisser. Private evaluation of decision trees using sublinear cost. In PoPETs, 2019.

  • [7] A. Ben-David, N. Nisan, and B. Pinkas. Fairplaymp: a system for secure multi-party computation. In ACM CCS, 2008.

  • [8] M. Ben-Or, S. Goldwasser, and A. Wigderson. Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation (Extended Abstract). In ACM STOC, 1988.

  • [9] D. Bogdanov, S. Laur, and J. Willemson. Sharemind: A framework for fast privacy-preserving computations. In ESORICS, 2008.

  • [10] P. Bogetoft, D. L. Christensen, I. Damgård, M. Geisler, T. P. Jakobsen, M. Krøigaard, J. D. Nielsen, J. B. Nielsen, K. Nielsen, J. Pagter, M. I. Schwartzbach, and T. Toft. Secure Multiparty Computation Goes Live. In FC, 2009.

  • [11] D. Boneh, E. Boyle, H. Corrigan-Gibbs, N. Gilboa, and Y. Ishai. How to prove a secret: Zero-knowledge proofs on distributed data via fully linear pcps. CRYPTO, 2019.

  • [12] M. Byali, C. Hazay, A. Patra, and S. Singla. Fast actively secure five-party computation with security beyond abort. In ACM CCS, 2019.

  • [13] M. Byali, A. Joseph, A. Patra, and D. Ravi. Fast secure computation for small population over the internet. ACM CCS, 2018.

  • [14] H. Chaudhari, A. Choudhury, A. Patra, and A. Suresh. ASTRA: High-throughput 3PC over Rings with Application to Secure Prediction. In ACM CCSW, 2019.

  • [15] K. Chida, D. Genkin, K. Hamada, D. Ikarashi, R. Kikuchi, Y. Lindell, and A. Nof. Fast large-scale honest-majority MPC for malicious adversaries. In CRYPTO, 2018.

  • [16] R. Cleve. Limits on the security of coin flips when half the processors are faulty (extended abstract). In ACM STOC, 1986.

  • [17] R. Cohen and Y. Lindell. Fairness versus guaranteed output delivery in secure multiparty computation. In ASIACRYPT, 2014.

  • [18] Cryptography and Privacy Engineering Group at TU Darmstadt. ENCRYPTO Utils. https://github.com/encryptogroup/ENCRYPTO_utils, 2017.

  • [19] I. Damgård, M. Keller, E. Larraia, V. Pastro, P. Scholl, and N. P. Smart. Practical covertly secure MPC for dishonest majority - or: Breaking the SPDZ limits. In ESORICS, 2013.

  • [20] I. Damgård, C. Orlandi, and M. Simkin. Yet another compiler for active security or: Efficient MPC over arbitrary rings. CRYPTO, 2018.

  • [21] I. Damgård, V. Pastro, N. P. Smart, and S. Zakarias. Multiparty Computation from Somewhat Homomorphic Encryption. In CRYPTO, 2012.

  • [22] H. Darwood. Epicurious - recipes with rating and nutrition. 2017.

  • [23] D. Demmler, T. Schneider, and M. Zohner. ABY - A Framework for Efficient Mixed-Protocol Secure Two-Party Computation. In NDSS, 2015.

  • [24] H. Eerikson, C. Orlandi, P. Pullonen, J. Puura, and M. Simkin. Use your brain! arithmetic 3pc for any modulus with active security. IACR Cryptology ePrint Archive, 2019.

  • [25] A. Esteva, B. Kuprel, R. A. Novoa, J. Ko, S. M. Swetter, H. M. Blau, and S. Thrun. Dermatologist-level classification of skin cancer with deep neural networks. Nature, 2017.

  • [26] J. Furukawa, Y. Lindell, A. Nof, and O. Weinstein. High-Throughput Secure Three-Party Computation for Malicious Adversaries and an Honest Majority. In EUROCRYPT, 2017.

  • [27] M. Geisler. Viff: Virtual ideal functionality framework, 2007.

  • [28] O. Goldreich, S. Micali, and A. Wigderson. How to Play any Mental Game or A Completeness Theorem for Protocols with Honest Majority. In STOC, 1987.

  • [29] S. D. Gordon, S. Ranellucci, and X. Wang. Secure computation with low communication from cross-checking. In ASIACRYPT, 2018.

  • [30] D. Harrison and D. L Rubinfeld. Hedonic housing prices and the demand for clean air. Journal of Environmental Economics and Management, 1978.

  • [31] W. Hickey. The ultimate halloween candy power ranking. 2017.

  • [32] I. Hubara, M. Courbariaux, D. Soudry, R. El-Yaniv, and Y. Bengio. Binarized neural networks. In NIPS, 2016.

  • [33] Y. Ishai, J. Kilian, K. Nissim, and E. Petrank. Extending Oblivious Transfers Efficiently. In CRYPTO, 2003.

  • [34] Y. Ishai, R. Kumaresan, E. Kushilevitz, and A. Paskin-Cherniavsky. Secure computation with minimal interaction, revisited. In CRYPTO, 2015.

  • [35] J.So, B.Guler, A.S.Avestimehr, and P.Mohassel. Coded-privateml: A fast and privacy-preserving framework for distributed machine learning. CoRR, 2019.

  • [36] C. Juvekar, V. Vaikuntanathan, and A. Chandrakasan. GAZELLE: A low latency framework for secure neural network inference. In USENIX, 2018.

  • [37] H. Kitai, J. P. Cruz, N. Yanai, N. Nishida, T. Oba, Y. Unagami, T. Teruya, N. Attrapadung, T. Matsuda, and G. Hanaoka. MOBIUS: model-oblivious binarized neural networks. CoRR, 2018.

  • [38] Yann LeCun and Corinna Cortes. MNIST handwritten digit database. 2010.

  • [39] Y. Lindell. Fast cut-and-choose-based protocols for malicious and covert adversaries. J. Cryptology, 2016.

  • [40] Y. Lindell and B. Pinkas. An efficient protocol for secure two-party computation in the presence of malicious adversaries. In EUROCRYPT, 2007.

  • [41] E. Makri, D. Rotaru, N. P. Smart, and F. Vercauteren. EPIC: efficient private image classification (or: Learning from the masters). CT-RSA, 2018.

  • [42] P. Mohassel and M. K. Franklin. Efficiency tradeoffs for malicious two-party computation. In PKC, 2006.

  • [43] P. Mohassel and P. Rindal. ABY3: A Mixed Protocol Framework for Machine Learning. In ACM CCS, 2018.

  • [44] P. Mohassel, M. Rosulek, and Y. Zhang. Fast and Secure Three-party Computation: Garbled Circuit Approach. In CCS, 2015.

  • [45] P. Mohassel and Y. Zhang. Secureml: A system for scalable privacy-preserving machine learning. In IEEE S&P, 2017.

  • [46] M.S.Riazi, M.Samragh, H.Chen, K.Laine, K.E.Lauter, and F.Koushanfar. XONN: xnor-based oblivious deep neural network inference. 2019.

  • [47] J. B. Nielsen and C. Orlandi. Cross and clean: Amortized garbled circuits with constant overhead. In TCC, 2016.

  • [48] NOAA. Weather conditions in world war two. 2017.

  • [49] P. S. Nordholt and M. Veeningen. Minimising Communication in Honest-Majority MPC by Batchwise Multiplication Verification. In ACNS, 2018.

  • [50] A. Patra and D. Ravi. On the exact round complexity of secure three-party computation. CRYPTO, 2018.

  • [51] M. S. Riazi, C. Weinert, O. Tkachenko, E. M. Songhori, T. Schneider, and F. Koushanfar. Chameleon: A hybrid secure computation framework for machine learning applications. In AsiaCCS, 2018.

  • [52] F. Schroff, D. Kalenichenko, and J. Philbin. Facenet: A unified embedding for face recognition and clustering. In IEEE CVPR, 2015.

  • [53] S. Wagh, D. Gupta, and N. Chandran. Securenn: Efficient and private neural network training. 19th Privacy Enhancing Technologies Symposium, 2019.

  • [54] A. C. Yao. Protocols for Secure Computations. In FOCS, 1982.


Journal + Issues