Highly efficient secure linear algebra for private machine learning classifications over malicious clients in the post-quantum world

作     者：Kjamilji, Artrim Guney, Osman Berke 

作者机构：Istanbul Commerce Univ Fac Engn Istanbul Turkiye Sabanci Univ Fac Engn & Nat Sci Istanbul Turkiye Univ Caddesi 27 Tuzla TR-34956 Istanbul Turkiye Inonu Cd 4 TR-34854 Maltepe Istanbul Turkiye 

出 版 物：《JOURNAL OF KING SAUD UNIVERSITY-COMPUTER AND INFORMATION SCIENCES》 (沙特国王大学：计算机与信息科学)

年 卷 期：2023年第35卷第9期

核心收录：

学科分类：08[工学] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

主　　题：Novel secure linear algebra Privacy preserving algorithms Machine learning classification Malicious clients Post -quantum cryptography 

摘      要：Over the last decade there has a been widespread usage of Machine Learning (ML) classifiers in cases such accurate disease diagnosis at clinics, credit card fraud detection in banks, cyber-attacks prevention of computer systems in different industries, etc. However, privacy and security concerns and law regulations have been an obstacle to the usage of ML classifiers. To this end, this paper addresses the scenario where a server has a private trained ML model, and one or more clients have private queries that they wish to classify using the server s model. During the process, the server learns nothing, while the clients learn only their final classifications and nothing else. Several ML classification algorithms, such as Deep Neural Networks, Support Vector Machines, Logistic Regression, different flavors of Naive Bayes, etc., can be expressed in terms of linear algebra operations. To this end, initially, as building blocks, several novel secure linear algebra operations are proposed. On top of them novel secure ML classification algorithms are proposed for the aforementioned classifiers under strict security, privacy and efficiency constraints and their security is proven under the semi-honest model. Since the used underlying cryptographic primitives are shown to be resilient to quantum computer attacks, the proposed algorithms are also suitable for the post-quantum world. Furthermore, the proposed algorithms are non-interactive and, based on where the bulk of the operations are done, they have the flexibility to be server or client centric. Theoretical analysis and extensive experimental evaluations over benchmark datasets show that the proposed secure linear algebra operations, hence the secure ML algorithms build on top of them, outperform the state-of-the-art schemes in terms of computation and communication costs as well as on security and privacy characteristics. Moreover, and to the best of the authors knowledge, for the first time in literature the securit