[math-fun] pseudo-homomorphic encryption ??
Here's a real-world problem: You have some sort of IoT (Internet of Things) sensor -- perhaps a camera -- and you want to train an AI/machine learning algorithm to recognize something that is exposed to the camera. But perhaps you don't trust the AI/ML developer. So you send him/her only an encrypted dataset along with the classification data (yes/no or perhaps a finite set of possibilities); this classification data isn't encrypted, and there isn't any easy way to figure out from the sequence of classifications any useful info about the encrypted dataset. So far as I know, homomorphic encryption hasn't matured to the point where the entire training process could operate on homomorphically encrypted data. But we're not talking here about completely generic calculations -- we're talking about quite limited calculations, just in enormous quantities (10^18 calculations). Perhaps there are "homomorphic" encryption systems that do *just enough* and AI/ML systems that are dumbed down *just enough* that the two constraints can meet in the middle. After all, AI/ML systems don't seem to care about most kinds of image distortions, so perhaps they could still be capable of characterizing certain pictures even after encryption ? Obviously, if such things are possible, then there are clearly information leaks, but these might even be useful.
I think what you're looking for is "Federated Learning" https://ai.googleblog.com/2017/04/federated-learning-collaborative.html This use case doesn't actually require homomorphic encryption; instead the ML training is split up between an on-device update stage, which uses the real data, and a global stage, which gets and combines model parameter updates from many devices, without leaking much information about any individual device's data set. --Michael On Sun, Jan 13, 2019 at 12:56 PM Henry Baker <hbaker1@pipeline.com> wrote:
Here's a real-world problem:
You have some sort of IoT (Internet of Things) sensor -- perhaps a camera -- and you want to train an AI/machine learning algorithm to recognize something that is exposed to the camera.
But perhaps you don't trust the AI/ML developer.
So you send him/her only an encrypted dataset along with the classification data (yes/no or perhaps a finite set of possibilities); this classification data isn't encrypted, and there isn't any easy way to figure out from the sequence of classifications any useful info about the encrypted dataset.
So far as I know, homomorphic encryption hasn't matured to the point where the entire training process could operate on homomorphically encrypted data.
But we're not talking here about completely generic calculations -- we're talking about quite limited calculations, just in enormous quantities (10^18 calculations).
Perhaps there are "homomorphic" encryption systems that do *just enough* and AI/ML systems that are dumbed down *just enough* that the two constraints can meet in the middle.
After all, AI/ML systems don't seem to care about most kinds of image distortions, so perhaps they could still be capable of characterizing certain pictures even after encryption ?
Obviously, if such things are possible, then there are clearly information leaks, but these might even be useful.
_______________________________________________ math-fun mailing list math-fun@mailman.xmission.com https://mailman.xmission.com/cgi-bin/mailman/listinfo/math-fun
-- Forewarned is worth an octopus in the bush.
This hit one of my pet peeves in IOT--wonderful solutions that need lots of MIPS, but no way to pay the piper. Because we don't have an "internet of extension cords", most of the envisioned IOT devices outside cars or structures will depend on very limited stored energy or intermittent harvested power (another peeve of mine). Question--how do you do authentication and encryption with a few hundred (or maybe a few thousand) cycles of an 8 or 16b microcontroller. Interesting research area. --R On Sun, Jan 13, 2019 at 3:56 PM Henry Baker <hbaker1@pipeline.com> wrote:
Here's a real-world problem:
You have some sort of IoT (Internet of Things) sensor -- perhaps a camera -- and you want to train an AI/machine learning algorithm to recognize something that is exposed to the camera.
But perhaps you don't trust the AI/ML developer.
So you send him/her only an encrypted dataset along with the classification data (yes/no or perhaps a finite set of possibilities); this classification data isn't encrypted, and there isn't any easy way to figure out from the sequence of classifications any useful info about the encrypted dataset.
So far as I know, homomorphic encryption hasn't matured to the point where the entire training process could operate on homomorphically encrypted data.
But we're not talking here about completely generic calculations -- we're talking about quite limited calculations, just in enormous quantities (10^18 calculations).
Perhaps there are "homomorphic" encryption systems that do *just enough* and AI/ML systems that are dumbed down *just enough* that the two constraints can meet in the middle.
After all, AI/ML systems don't seem to care about most kinds of image distortions, so perhaps they could still be capable of characterizing certain pictures even after encryption ?
Obviously, if such things are possible, then there are clearly information leaks, but these might even be useful.
_______________________________________________ math-fun mailing list math-fun@mailman.xmission.com https://mailman.xmission.com/cgi-bin/mailman/listinfo/math-fun
participants (3)
-
Henry Baker -
Michael Kleber -
Richard Howard