Highly efficient secure linear algebra for private machine learning classifications over malicious clients in the post-quantum world

Official URL: https://dx.doi.org/10.1016/j.jksuci.2023.101718

Over the last decade there has a been widespread usage of Machine Learning (ML) classifiers in cases such accurate disease diagnosis at clinics, credit card fraud detection in banks, cyber-attacks prevention of computer systems in different industries, etc. However, privacy and security concerns and law regulations have been an obstacle to the usage of ML classifiers. To this end, this paper addresses the scenario where a server has a private trained ML model, and one or more clients have private queries that they wish to classify using the server's model. During the process, the server learns nothing, while the clients learn only their final classifications and nothing else. Several ML classification algorithms, such as Deep Neural Networks, Support Vector Machines, Logistic Regression, different flavors of Naïve Bayes, etc., can be expressed in terms of linear algebra operations. To this end, initially, as building blocks, several novel secure linear algebra operations are proposed. On top of them novel secure ML classification algorithms are proposed for the aforementioned classifiers under strict security, privacy and efficiency constraints and their security is proven under the semi-honest model. Since the used underlying cryptographic primitives are shown to be resilient to quantum computer attacks, the proposed algorithms are also suitable for the post-quantum world. Furthermore, the proposed algorithms are non-interactive and, based on where the bulk of the operations are done, they have the flexibility to be server or client centric. Theoretical analysis and extensive experimental evaluations over benchmark datasets show that the proposed secure linear algebra operations, hence the secure ML algorithms build on top of them, outperform the state-of-the-art schemes in terms of computation and communication costs as well as on security and privacy characteristics. Moreover, and to the best of the authors’ knowledge, for the first time in literature the security of the proposed algorithms is proven when dealing with multiple malicious clients during classifications.