In the design of Duality SecurePlus™ Insights, we are often faced with a scenario where there are two entities, a model-owning organization that holds a machine learning model and a data owning organization that holds data that it wants to be classified using the model (a very similar scenario arises in the Duality SecurePlus Collaboration Platform as well). The model-owning organization will not reveal its model to the data-owning organization for several reasons, including the possible loss of competitive advantage, and regulations that protect the privacy of users in the training dataset. The data-owning organization will not reveal the data to the model -owning organization either. This is the classical cryptographic setting of secure two-party computation pioneered by several researchers including one of our co-founders.
So, how do we solve this problem? Cryptography gives us not one, but two very different methods to solve this problem with two very different performance characteristics.
Secret sharing based methods give a way for the two parties to write the model as a Boolean circuit and go through the circuit gate by gate while maintaining the invariant that any wire of the circuit is secret-shared between the two parties. There are of course a lot of ideas involved in making this work, and even more ideas involved in making this efficient and practical, but all said and done, secret sharing based methods are:
(a) computationally-efficient: each gate evaluation requires just a few Boolean operations and the computation of a block cipher such as the advanced encryption standard (AES) which can be done super-fast with the Intel AES-NI instruction set; but
(b) bandwidth-inefficient: each gate evaluation requires the exchange of 2-4 AES keys, that is 256-512 bits of information, which can quickly add up for very large circuits.
On the other hand, a Fully Homomorphic Encryption (FHE) based solution would ask the data-owner to simply encrypt its input using an FHE system and send it to the model-owner. The FHE mathemagic then lets the model-owner compute the model on the encrypted input, resulting in the encrypted classification. This has the opposite characteristics of the secret sharing based approach. FHE is very bandwidth-efficient, involving transmission of only the encrypted input and the encrypted classification result. In other words, the bandwidth expense does not depend on the size of the circuit at all. It is also computationally very efficient as long as the computations are “not too complex”. But what does that mean exactly?
In practice, doing any computation that involves only additions of numbers and scalar multiplications on encrypted data is unbelievably fast: homomorphic addition takes only 4x as many clock cycles as plaintext addition! When it gets to multiplying encrypted numbers, FHE gets progressively slower as the degree of the multiplication increases.
So, which is the right answer: secret sharing or fully homomorphic encryption?
Duality co-founders have pioneered new ways of cleverly combining the best of both techniques (and more) to achieve top performance for a given task. Our methods partition a given computation and translate between a secret shared encoding of data and a homomorphic encoding of data using them alternately to perform the computations that either one is best suited for. Doing this involves both new mathematical ideas as well as careful engineering to ensure that the encoding methods and the encryption switching protocols best match the task at hand. Our philosophy is simple: the end justifies the means. We use the entire suite of available cryptographic, security and privacy techniques to meet the goal at hand: to enable Secure Digital Collaboration.