In this work, we present CHEX-MIX, a solution to the problem of privacy-preserving machine learning between two mutually distrustful parties in an untrusted cloud setting. CHEX-MIX relies on a combination of HE and trusted execution environments (TEEs) and leverages the benefits of each to counter the drawbacks of the other. In particular, we use HE to provide clients with confidentiality guarantees and TEEs to provide model providers with confidentiality guarantees and protect the integrity of computation from malicious cloud adversaries. Unlike prior solutions to this problem, such as multi-key HE, single-key HE, MPC, or TEE-only techniques, our solution assumes that both clients and the cloud can be malicious, makes no collusion assumptions, and frees model providers from needing to maintain private online infrastructures. In this paper, we analyze our solution from a security perspective and detail the advantages that our solution provides over prior works, including its ability to allow model providers to maintain privacy of their software IP. We demonstrate the feasibility of our solution by deploying CHEX-MIX in an Azure confidential computing machine. Our results show that CHEX-MIX can execute at high efficiency, with low communication cost, while providing security guarantees unaddressed by prior work.
Category / Keywords: cryptographic protocols / oblivious inference; homomorphic encryption; trusted execution environment; privacy-preserving machine learning Date: received 8 Dec 2021, last revised 5 Jan 2022 Contact author: dnataraj at umich edu, wei dai at microsoft com Available format(s): PDF | BibTeX Citation Version: 20220105:193656 (All versions of this report) Short URL: ia.cr/2021/1603