CryptoNets : 学習済みの深層学習モデル を 変換して、"(準同型)暗号処理済み の データ を 復号解読せずに、暗号データのまま、学習データ として 利用できる モデル” に 変換する 手法 ( モデルの推定段階 で、出力される予測結果 も 暗号化された状態 )

  • 6
    Like
  • 0
    Comment

解説文 は 追って 書いていきます。

【 主な用途 】

クラウド環境 で、個人情報データ や 企業部外秘 データ を 解析処理したい場合


【 原論文 】

Abstract

Applying machine learning to a problem which involves medical, financial, or other types of sensitive data, not only requires accurate predictions but also careful attention to maintaining data privacy and security.

Legal and ethical requirements may prevent the use of cloud-based machine learning solutions for such tasks.

In this work, we will present __a method to convert learned neural networks to CryptoNets, neural networks that can be applied to encrypted data.

This allows a data owner to send their data in an encrypted form to a cloud service that hosts the network.

The encryption ensures that the data remains confidential since the cloud does not have access to the keys needed to decrypt it.

Nevertheless, we will show that the cloud service is capable of applying the neural network to the encrypted data to make encrypted predictions, and also return them in encrypted form.

These encrypted predictions can be sent back to the owner of the secret key who can decrypt them.

Therefore, the cloud service does not gain any information about the raw data nor about the prediction it made.

We demonstrate CryptoNets on the MNIST optical character recognition tasks.

CryptoNets achieve 99% accuracy and can make around 59000 predictions per hour on a single PC.

Therefore, they allow high throughput, accurate, and private predictions.

cryptnets_0.PNG

( パフォーマンス )

cryptonets.PNG

cryptonets2.PNG


【 関連 】

TLDR : In this blogpost, we're going to train a neural network that is fully encrypted during training (trained on unencrypted data).

The result will be a neural network with two beneficial properties.

First, the neural network's intelligence is protected from those who might want to steal it, allowing valuable AIs to be trained in insecure environments without risking theft of their intelligence.

Secondly, the network can only make encrypted predictions__ (which presumably have no impact on the outside world because the outside world cannot understand the predictions without a secret key). This creates a valuable power imbalance between a user and a superintelligence. If the AI is homomorphically encrypted, then from it's perspective, the entire outside world is also homomorphically encrypted.


【 参考 】


準同型暗号とは?

enc1.PNG

enc2.PNG


【 関連記事 】