综述：基于密码技术的人工智能隐私保护计算模型

田海博; 梁岫琪

doi:10.12263/DZXB.20210702

您当前的位置：

首页 >

文章列表页 >

综述：基于密码技术的人工智能隐私保护计算模型

综述评论 | 更新时间：2025-12-08

- 综述：基于密码技术的人工智能隐私保护计算模型
- A Survey: Computing Models of Artificial Intelligence Privacy Protection Based on Cryptographic Techniques
- 电子学报 2023年51卷第8期页码：2260-2276
- 作者机构：
  
  中山大学计算机学院，广东广州 510275
- 作者简介：
  
  [ "田海博男，1979年出生，河北深州人．主要研究方向为密码学应用，包括人工智能、区块链的隐私保护等.E-mail: tianhb@mail.sysu.edu.cn" ]
  [ "梁岫琪男，1997年出生，广东肇庆人．主要研究方向为人工智能隐私保护．E-mail: liangxq8@mail2.sysu.edu.cn" ]
- 基金信息：
  
  广东省基础与应用基础研究重大项目(2019B030302008);广东省重点领域研发计划项目(2020B010166005);华为技术有限公司(TC20210407007;YBN2019105017)
- DOI：10.12263/DZXB.20210702
  中图分类号： TP309.2;
- 收稿：2021-06-04，
  
  修回：2022-07-25，
  
  纸质出版：2023-08-25
- 稿件说明：
移动端阅览
田海博,梁岫琪.综述：基于密码技术的人工智能隐私保护计算模型[J].电子学报,2023,51(08):2260-2276.

TIAN Hai-bo,LIANG Xiu-qi.A Survey: Computing Models of Artificial Intelligence Privacy Protection Based on Cryptographic Techniques[J].ACTA ELECTRONICA SINICA,2023,51(08):2260-2276.
田海博,梁岫琪.综述：基于密码技术的人工智能隐私保护计算模型[J].电子学报,2023,51(08):2260-2276. DOI： 10.12263/DZXB.20210702.

TIAN Hai-bo,LIANG Xiu-qi.A Survey: Computing Models of Artificial Intelligence Privacy Protection Based on Cryptographic Techniques[J].ACTA ELECTRONICA SINICA,2023,51(08):2260-2276. DOI： 10.12263/DZXB.20210702.

摘要

人工智能隐私保护的应用场景多种多样.在不同的场景中，完成隐私保护计算的实体可信程度和数量不尽相同.这些实体的可信程度和数量对隐私保护计算方法能否实际应用具有重要影响.本文从实体的可信程度和数量出发，将基于密码技术的人工智能隐私保护计算方法归类为4种计算模型，分别是多中心模型、双中心模型、单中心模型和现实模型.除现实模型外，其它计算模型都存在可信实体.对每一种计算模型，本文给出当前基于密码学工具给出的人工智能隐私保护方法涉及的典型计算和采取的典型算法，并指出提升算法的效率和安全性是对每种计算模型都适用的研究方向.

Abstract

The application scenarios of artificial intelligence privacy protection are diverse. In different scenarios

the trustness and number of entities fulfilling privacy protection computation are different. The trustness and number of these entities have an important impact on the technical choices of privacy protection computation. Starting from the trustness and number of entities

this paper classifies the computation methods of artificial intelligence privacy protection

which are based on cryptographic techniques into four types of computation models: multiple centers model

double centers model

single center model and real model. Except for the real model

there are trusted entities in all other computation models. For each kind of computation model

this paper presents the typical computations and algorithms

which are involved in the current artificial intelligence privacy protection methods based on cryptography tools. And this paper also points out that improving the efficiency and security of algorithms is an applicable research direction for each model.

关键词

Keywords

references

DOWLIN N , GILAD-BACHRACH R , LAINE K , et al . Cryptonets: Applying neural networks to encrypted data with high throughput and accuracy [C ] // Proceedings of the 33rd International Conference on International Conference on Machine Learning . Cambridge : MIT Press , 2016 : 19 - 24 .

WU Y , CAI S , XIAO X , et al . Privacy preserving vertical federated learning for tree-based models [J ] . VLDB Endowment , 2020 , 13 ( 11 ): 2090 - 2103 .

YAO A C . Protocols for secure computations [C ] // Proceedings of the 23rd Annual Symposium on Foundations of Computer Science . Piscataway : IEEE , 1982 : 160 - 164 .

GOLDREICH O , MICALI S , WIGDERSON A . How to play any mental game [C ] //Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing[C ] . New York: Association for Computing Machinery , 1987 : 218 - 229 .

DAVID E , VLADIMIR K , MIKE R . A pragmatic introduction to secure multi-party computation [J ] . Foundations and Trends in Privacy and Security , 2018 , 2 ( 2-3 ): 70 - 246 .

纪守领 , 杜天宇 , 李进锋 , 等 . 机器学习模型安全与隐私研究综述 [J ] . 软件学报 , 2021 , 32 ( 1 ): 41 - 67 .

JI S L , DU T Y , LI J F , et al . Security and pdvacy of machine learning models: A survey [J ] . Journal of Software , 2021 , 32 ( 1 ): 41 - 67 . (in Chinese)

谭作文 , 张连福 . 机器学习隐私保护研究综述 [J ] . 软件学报 , 2020 , 31 ( 7 ): 2127 - 2156 .

TAN Z W , ZHANG L F . Survey on privacy preserving techniques for machine learning [J ] . Journal of Software , 2020 , 31 ( 7 ): 2127 - 2156 . (in Chinese)

刘睿瑄 , 陈红 , 郭若杨 , 等 . 机器学习中的隐私攻击与防御 [J ] . 软件学报 , 2020 , 31 ( 3 ): 866 - 892 .

LIU R X , CHEN H , GUO R Y , et al . Survey on privacy attacks and defenses in machine learning [J ] . Joumal of Software , 2020 , 31 ( 3 ): 866 - 892 . (in Chinese)

AL-RUBAIE M , CHANG J M . Privacy-preserving machine learning: Threats and solutions [J ] . IEEE Security Privacy , 2019 , 17 ( 2 ): 49 - 58 .

TANUWIDJAJA H C , CHOI R , KIM K . A survey on deep learning techniques for privacy-preserving [C ] // Proceedings of the Second International Conference on Machine Learning for Cyber Security . Switzerland : Springer Nature , 2019 : 29 - 46 .

OGUNSEYI T B , YANG C . Survey and analysis of cryptographic techniques for privacy protection in recommender systems [C ] // Proceedings of the 4th International Conference on Cloud Computing and Security . Switzerland : Springer Nature , 2018 : 691 - 706 .

DUGAN T , ZOU X . A survey of secure multiparty computation protocols for privacy preserving genetic tests [C ] // Proceedings of the First International Conference on Connected Health: Applications, Systems and Engineering Technologies . Piscataway : IEEE , 2016 : 173 - 182 .

MOHASSEL P , RINDAL P . ABY3: A mixed protocol framework for machine learning [C ] // Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security . New York : Association for Computing Machinery , 2018 : 35 - 52 .

ITO M , NONMEMBER A , SAITO A , et al . Secret sharing scheme realizing general access structure [J ] . Electronics and Communications in Japan , Part 3, 1989 , 72 ( 9 ): 56 - 64 .

DAN B . Sharemind: Programmable Secure Computations with Practical Applications [D ] . Tartu : University of Tartu , 2013 .

DAMGÅRD I , PASTRO V , SMART N , et al . Multiparty computation from somewhat homomorphic encryption [C ] // Proceedings of the 32nd Annual International Cryptology Conference . New York : Springer Verlag , 2012 : 643 - 662 .

CRAMER R , DAMGÅRD I , ISHAI Y . Share conversion, pseudorandom secret-sharing and applications to secure computation [C ] // Proceedings of Second Theory of Cryptography Conference . Berlin : Springer , 2005 : 342 - 362 .

DAMGÅRD I , NIELSEN J B . Scalable and unconditionally secure multiparty computation [C ] // Proceedings of the 27nd Annual International Cryptology Conference . Berlin : Springer , 2007 : 572 - 590 .

REISTAD T I , TOFT T . Secret sharing comparison by transformation and rotation [C ] // Proceedings of Information Theoretic Security - Second International Conference . Berlin : Springer , 2007 : 169 - 180 .

YU C H . Sign modules in secure arithmetic circuits [EB/OL ] . ( 2011 )[2021 ] . http://eprint.iacr.org/2011/539 http://eprint.iacr.org/2011/539 .

MOHASSEL P , ZHANG Y . SecureML: A system for scalable privacy-preserving machine learning [C ] // Proceedings of IEEE Symposium on Security and Privacy . Piscataway : IEEE , 2017 : 19 - 38 .

ASHAROV G , LINDELL Y , SCHNEIDER T , et al . More efficient oblivious transfer extensions [J ] . Journal of Cryptology , 2017 , 30 ( 2 ): 805 - 858 .

DAMGÅRD I , FITZI M , KILTZ E , et al . Unconditionally secure constant-rounds multi-party computation for equality, comparison, bits and exponentiation [C ] // Proceedings of Third Theory of Cryptography Conference . Berlin : Springer , 2006 : 285 - 304 .

FURUKAWA J , LINDELL Y , NOF A , et al . High-throughput secure three-party computation for malicious adversaries and an honest majority [C ] // Proceedings of the Advances in Cryptology EUROCRYPT 2017 , Part II . Cham : Springer , 2017 : 225 - 255 .

ERKIN Z , VEUGEN T , TOFT T , et al . Generating private recommendations efficiently using homomorphic encryption and data packing . IEEE Transactions on Information Forensics and Security , 2012 , 7 ( 3 ): 1053 - 1066 .

SHARMA S , CHEN K . Confidential boosting with random linear classifiers for outsourced user-generated data [C ] // In Computer Security-Proceddings Part I of the 24th European Symposium on Research in Computer Security . Cham : Springer , 2019 : 41 - 65 .

SMART N P , VERCAUTEREN F . Fully homomorphic SIMD operations [J ] . Designs, Codes and Cryptography , 2014 , 17 ( 1 ): 57 - 81 .

BOST R , POPA R A , TU S , et al . Machine learning classification over encrypted data [C ] // Proceedings of the 22nd Annual Network and Distributed System Security Symposium . Reston : The Internet Society , 2015 : 1 - 14 .

ROQUES O , VIPIN R . Secure multi-party computation [DB/OL ] . ( 2020-11-26 )[ 2021-1-2 ] . https://github.com/ojroques/garbled-circuit https://github.com/ojroques/garbled-circuit .

NIKOLAENKO V , WEINSBERG U , IOANNIDIS S , JOYE M , BONEH D , TAFT N . Privacy-preserving ridge regression on hundreds of millions of records [C ] // Proceedings of the 2013 IEEE Symposium on Security and Privacy . Piscataway : IEEE , 2013 : 334 - 348 .

GONZÁLEZ-SERRANO F J , AMOR-MARTÍN A , CASAMAYÓN-ANTÓN J . Supervised machine learning using encrypted training data [J ] . International Journal of Information Security , 2018 , 17 ( 4 ): 365 - 377 .

BRESSON E , CATALANO D , POINTCHEVAL D . A simple public-key cryptosystem with a double trapdoor decryption mechanism and its applications [C ] // Proceedings of 9th International Conference on the Theory and Application of Cryptology and Information Security . Berlin : Springer , 2003 : 37 - 54 .

ZHANG X , CHEN X , LIU J , et al . DeepPAR and DeepDPA: Privacy preserving and asynchronous deep learning for industrial IoT [J ] . IEEE Transactions on Industrial Informatics , 2020 , 16 ( 3 ): 2081 - 2090 .

KIM S , OMORI M , HAYASHI T , et al . Privacy preserving naive bayes classification using fully homomorphic encryption [C ] // Proceedings of the 25th International Conference on Neural Information Processing . Cham : Springer , 2018 : 349 - 358 .

CRAWFORD J L H , GENTRY C , HALEVI S , et al . Doing real work with FHE: The case of logistic regression [C ] // Proceedings of the 6th Workshop on Encrypted Computing & Applied Homomorphic Cryptography . New York : Association for Computing Machinery , 2018 : 1 - 12 .

MARC T , STOPAR M , HARTMAN J , et al . Privacy enhanced machine learning with functional encryption [C ] // Proceedings Part I of the 24th European Symposium on Research in Computer Security . Cham : Springer , 2019 : 3 - 21 .

SANS E D , GAY R , POINTCHEVAL D . Reading in the dark: Classifying encrypted digits with functional encryption [EB/OL ] . ( 2018-2-22 )[ 2021-1-3 ] . https://eprint.iacr.org/2018/206.2021 https://eprint.iacr.org/2018/206.2021 .

OHRIMENKO O , SCHUSTER F , FOURNET C , et al . Oblivious multi-party machine learning on trusted processors [C ] // Proceedings of the 25th USENIX Conference on , Security Symposium . New York : ACM , 2016 : 619 - 636 .

LIU K , KARGUPTA H , RYAN J . Random projection-based multiplicative data perturbation for privacy preserving distributed data mining [J ] . IEEE Transactions on Knowledge and Data Engineering , 2006 , 18 ( 1 ): 92 - 106 .

CHOTARD J , DUFOUR S E , GAY R , et al . Decentralized multi-client functional encryption for inner product [C ] // Proceedings Part II of the 24th International Conference on the Theory and Application of Cryptology and Information Security . Cham : Springer , 2018 : 703 - 732 .

DJATMIKO M , FRIEDMAN A , BORELI R , et al . Secure evaluation protocol for personalized medicine [C ] // Proceedings of the 13th Workshop on Privacy in the Electronic Society . New York : Association for Computing Machinery , 2014 : 159 - 162 .

WANG J , ARRIAGA A , TANG Q , et al . Facilitating privacy-preserving recommendation-as-a-service with machine learning [C ] // Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security . New York : Association for Computing Machinery , 2018 : 2306 - 2308 .

BONAWITZ K , IVANOV V , KREUTER B , et al . Practical secure aggregation for privacy-preserving machine learning [C ] // Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security . New York : Association for Computing Machinery , 2017 : 1175 - 1191 .

PHONG L T , AONO Y , HAYASHI T , et al . Privacy-preserving deep learning: Revisited and enhanced [C ] // Proceedings of the Applications and Techniques in Information Security - 8th International Conference . Singapore : Springer , 2017 : 100 - 110 .

MA X , ZHANG F G , CHEN X F , et al . Privacy preserving multi-party computation delegation for deep learning in cloud computing [J ] . Information Sciences , 2018 , 459 : 103 - 116 .

CHAI D , WANG L , CHEN K , et al . Secure federated matrix factorization [J ] . IEEE Intelligent Systems , 2021 , 36 ( 5 ): 11 - 20 .

ZHANG X , CHEN X F , LIU J , et al . DeepPAR and DeepDPA: Privacy-preserving and asynchronous deep learning for industrial IoT [J ] . IEEE Transactions on Industrial Informatics , 2019 , 16 ( 3 ): 2081 - 2090 .

YIN H , MALLYA A , VAHDAT A , et al See through gradients: Image batch recovery via gradinversion [C ] // Proceedings of the 2021 IEEE/CVF Conference on Computer Vision and Pattern Recognition . Piscataway : IEEE , 2021 : 16332 - 16341 .

BONTE C , VERCAUTEREN F . Privacy-preserving logistic regression training [J ] . BMC Medical Genomics . 2018 , 11 ( Suppl 4 ): 86 13 - 21 .

ILARIA C , NICOLAS G , MARIYA G , et al . TFHE: Fast fully homomorphic encryption over the torus [J ] . Journal of Cryptology . 2020 , 33 ( 1 ): 34 - 91 .

THORE G , KRISTIN L , MICHAEL N . ML Confidential: Machine learning on encrypted data [C ] // Proceedings of the 15th International Conference on Information Security and Cryptology 2012 . Berlin : Springer , 2012 : 1 - 21 .

JOPPE W B , KRISTIN L , MICHAEL N . Private predictive analysis on encrypted medical data [J ] . Journal of Biomedical Informatics , 2014 , 50 : 234 - 243 .

CONSTABLE S D , TANG Y Z , WANG S , et al . Privacy-preserving GWAS analysis on federated genomic datasets [J ] . BMC Medical Informatics and Decision Making , 2015 , 15 ( Suppl 5 ): S2 1 - 9 .

LINDELL Y , PINKAS B . Privacy preserving data mining [C ] // Proceedings of the 20th Annual International Cryptology Conference . Berlin : Springer , 2000 : 36 - 54 .

QUINLAN J R . Induction of decision trees [J ] . Machine Learnin , 1986 , 1 ( 1 ): 81 - 106 .

LIU Y , KANG Y , XING C P , et al . A secure federated transfer learning framework [J ] . IEEE Intelligent Systems , 2020 , 35 ( 4 ): 70 - 82 .

PEDERSEN T P . A threshold cryptosystem without a trusted party [C ] // Proceedings of the Workshop on the Theory and Application of of Cryptographic Techniques in Advances in Cryptology 1991 . Berlin : Springer , 1991 : 522 - 526 .

CARMIT H , MUTHURAMAKRISHNAN V , MOR W . The price of active security in cryptographic protocols [C ] // Proceedings of the 39th Annual International Conference on the Theory and Applications of Cryptographic Techniques Advances in Cryptology 2020 . Cham : Springer , 2020 : 184 - 215 .

MARCEL K . MP-SPDZ: A versatile framework for multi-party computation [C ] // Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security . New York : Association for Computing Machinery , 2020 : 1575 - 1590 .

JUNG W , KIM S , AHN J H , et al . Over 100x faster bootstrapping in fully homomorphic encryption through memory-centric optimization with GPUs [J ] . IACR Transactions on Cryptographic Hardware and Embedded Systems , 2021 , 2021( 4 ): 114 - 148 .

YANG K , WENG C , LAN X , et al . Ferret: Fast extension for correlated ot with small communication [C ] // Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security . New York : Association for Computing Machinery , 2020 : 1607 - 1626 .

YANG K , WANG X , ZHANG J . More Efficient mpc from improved triple generation and authenticated garbling [C ] // Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security . New York : Association for Computing Machinery , 2020 : 1627 - 1646 .

RIAZI M S , WEINERT C , TKACHENKO O , et al . Chameleon: A hybrid secure computation framework for machine learning applications [C ] // Proceedings of the 2018 on Asia Conference on Computer and Communications Security . New York : Association for Computing Machinery , 2018 : 707 - 721 .

JUVEKAR C , VAIKUNTANATHAN V , CHANDRAKASAN A . GAZELLE: A low latency framework for secure neural network inference [C ] // Proceedings of the 27th USENIX Conference on Security Symposium 2018 . New York : ACM , 2018 : 1651 - 1668 .

CHANDRAN N , GUPTA D , RASTOGI A , et al . EzPC: Programmable and efficient secure two-party computation for machine learning [C ] // Proceedings of the IEEE European Symposium on Security and Privacy 2019 . Piscataway : IEEE , 2019 : 496 - 511 .

SHAIK I , SINGH A K , NARUMANCHI H , et al . A recommender system for efficient implementation of privacy preserving machine learning primitives based on TFHE [C ] // Proceedings of the 4th International Symposium on Cyber Security Cryptology and Machine Learning . Cham : Springer , 2020 : 193 - 218 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于稀疏平滑自蒸馏的差分隐私深度学习方法

基于区块链的分层联邦学习系统

本地差分隐私下面向离群点的真值发现算法研究

满足地理不可区分性的偏好感知多对多任务分配算法