Keeping sensitive data safe has sometimes come at the expense of speed when training machines to perform automated tasks like biometric authentication and financial fraud detection. But no longer. Raluca Ada Popa, associate professor of electrical engineering and computer sciences, and Ph.D. student Jean-Luc Watson have developed an innovative privacy-preserving approach to machine learning using a new platform, dubbed Piranha, that harnesses the speed of graphics processing units (GPUs) to train a realistic neural network on encrypted data for the first time.
“Even though people have wanted to do this for at least 20 years, training a realistic neural network model while keeping the data encrypted has not been practical,” said Popa. “The key was to make GPUs work with encrypted computation.”
GPUs can process large amounts of data simultaneously, making them ideal for high-performance computing and deep-learning applications. While they can be used to quickly train neural networks on plain text, they do not work with encrypted data. Encrypted data is incompatible with GPUs because it uses integers instead of floats — another kind of numerical data — and accesses memory in non-standard ways.
Piranha addresses these issues with a three-layer architecture that allows applications to interoperate with any cryptographic protocol. The researchers, including postdoctoral researcher Sameer Wagh, showed that they could train a realistic neural network, end to end, on encrypted data in a little over a day, a significant performance gain over previous approaches. They estimated that accomplishing the same task on Falcon, a state-of-the-art predecessor to Piranha, would have required 14 days, making it prohibitively expensive and impractical.
“With Piranha, we not only trained a realistic network for the first time with encrypted data, but we also improved performance by 16 to 48 times,” said Popa.
Learn more: For your eyes only; Piranha: A GPU platform for secure computation (USENIX)