Privacy-preserving federated learning with multiparty homomorphic Encryption
The EDIC program is happy to invite you to a public talk by our doctoral student Sinem Sav who is doing her PhD in the Security and Privacy Engineering Lab - SPRING
The aim of the talk is to present her achievements to a broad audience to prepare for hiring interviews coming up soon. Be sure to join, listen to the talk and participate in the Q&A session at the end of the presentation.
Training accurate and robust machine learning models requires a large amount of data that is usually scattered across data silos. Sharing or centralizing the data of different healthcare institutions is, however, unfeasible or prohibitively difficult due to privacy regulations. We address the problem of privacy-preserving training and evaluation of neural networks in an N-party, federated learning setting. Our solutions enable the computation of training under encryption by relying on lattice-based multiparty homomorphic encryption.
In the first part of this talk, I will present POSEIDON, the first of its kind in the regime of privacy-preserving neural network training. It preserves the confidentiality of the training data, the model, and the evaluation data, under a passive-adversary model and collusions between up to N−1 parties. Then, I will describe RHODE, a novel system that enables the training of recurrent neural networks under encryption in the same private federated learning framework. Our experimental results show that POSEIDON and RHODE achieve accuracy similar to centralized or decentralized non-private approaches and that their computation and communication overhead scales linearly with the number of parties. Finally, I will demonstrate the applicability of under-encryption training on biomedical analysis for disease-associated cell classification with single-cell analysis. For this, we design a system, PriCell, for training a published state-of-the-art convolutional neural network in a decentralized and privacy-preserving manner. We compare the accuracy achieved by PriCell with the centralized and non-secure solutions and show that PriCell guarantees privacy without reducing the utility of the data.
Sinem Sav is a Ph.D. Candidate at EPFL, Switzerland in the groups of Laboratory for Data Security (LDS, 2018-2022) and Security and Privacy Engineering Laboratory (SPRING, 2022-2023). She holds a B.Sc. and M.Sc. degree in Computer Engineering from Bilkent University, Turkey (2016-2018). Prior to Master’s degree she was in Simon Fraser University, Canada as an undergraduate research assistant.
Sinem’s research is at the intersection of security, privacy, and machine learning. She is currently working on privacy-preserving federated learning by relying on multiparty homomorphic encryption and the applications of these privacy-preserving systems to biomedical domains. Her work on privacy-preserving federated neural network learning is patented and received the best paper award on CSAW’21 Applied Research Competition in Europe.