| Deep learning technology has shown excellent performance in many fields such as medical treatment and industry.Existing deep learning algorithms can well combine the advantages of big data to train more accurate models.Therefore,collaborative learning has become a popular deep learning paradigm.However,in the process of collaborative learning,data holders are required to share original datasets and model parameters,which may lead to privacy leakage.Once information is leaked,personal life and property will be seriously affected.Therefore,it is of great significance to study deep learning-oriented privacy protection methods.This thesis studies multi-party secure computation protocol for deep learning in a multi-data holder collaboration environment.This thesis investigates the existing problems of deep learning-oriented multi-party secure computation protocols and designs new protocols to solve these problems.First of all,this thesis designs an efficient threeparty secure computation protocol that can resist malicious attackers.Then,for compatibility and availability,this thesis designs a three-party secure computation protocol that supports the general circuit training model.Finally,this thesis designs a three-party secure computation protocol to prevent privacy disclosure of inference results.Experimental results show that these three protocols can perform the training and inference of deep learning models under the premise of high security and high performance.The main research results of this thesis are:(1)An universal three-party secure computation protocol is designed which is efficient and can resist malicious attackers.As for the communication cost,this thesis takes advantage of SGX’s trusted execution and introduces a third party to provide auxiliary computation for protocol participants to reduce the communication cost.Further,this article modified the form of the secret-sharing protocol to reduce the communication overhead of beaver triple multiplication.For security,this thesis uses SGX remote attestation technology to detect malicious behaviors(behaviors not performed according to the agreed protocol)to defend against malicious attackers.Therefore,the multi-party secure computation protocol that can resist semi-honest attackers is improved to a multiparty secure computation protocol that can resist malicious attackers at the cost of lower communication overhead.(2)A three-party secure computation protocol supporting the general circuit training model is designed.In this thesis,a protocol supporting the general circuit training model is implemented based on the garbled circuit,boolean circuit,and arithmetic circuit.In order to make secret share compatible with three kinds of circuits,this thesis constructs six kinds of share conversion protocols,which can efficiently convert secret share among three kinds of circuits,namely garbled,boolean,and arithmetic.Considering protocol availability,this thesis constructs efficient functional modules for common functions in deep learning.These modules are compatible with each other.For a given neural network training task,the modules can be combined effectively to give the corresponding three-party secure computation protocol.(3)For the membership inference attack with a wide application range and high attack precision,this thesis designs a three-party secure computation protocol to prevent the inference results from leaking privacy.In this thesis,differential privacy technology is used to add appropriate noise to the inference results to ensure that the attacker can not deduce real training data through a membership inference attack and retain certain availability for the model.In addition,in order to further enhance the resistance against this attack,four effective mitigation measures are designed and experiments are designed to evaluate their performance in resisting membership inference attack respectively. |
PDF Full Text Request