Towards A Private New World: Algorithm, Protocol, and Hardware Co-Design for Large-Scale Secure Computation
- Author(s): Riazi, Mohammad Sadegh
- Advisor(s): Koushanfar, Farinaz
- et al.
Data privacy and security are among the grand challenges in the emerging era of massive data and collective intelligence. On the one hand, the rapid advances of several technologies, including artificial intelligence, are directly dependent on harnessing the full potential of data. On the other hand, such colossal collections of data inherently have sensitive information about individuals; explicit access to the data violates the privacy of content owners. While a number of elegant cryptographic solutions have been suggested for secure storage as well as secure transmission of data, the ability to compute on encrypted data at scale has remained a standing challenge. Secure computation is a set of developing technologies that enable processing on the unintelligible version of the data. Secure computation can create a zero-trust platform where two or more individuals or organizations collaboratively compute on their shares of data without compromising data confidentiality. Computing on encrypted data removes several critical obstacles that prohibit scientific advances in which collaboration between distrusting parties is needed. Nevertheless, secure computation comes at the cost of significant computational overhead and higher communication between the pertinent parties. Currently, the high computational complexity prevents secure computation to be adopted in compute-intensive systems. This dissertation introduces several holistic algorithm-level, protocol-level, as well as hardware-level methodologies to enable the large-scale realization of the emerging secure computing and privacy technologies.
The key contributions of this dissertation are as follows: (I) Introducing a novel secure computation framework in which several secure function evaluation protocols are integrated. The integration allows to choose a specific protocol to execute each unique operation based on the underlying mathematical characteristics of the protocol. The proposed methodology enables the secure execution of machine learning models 4-133x faster than the prior art. (II) Designing a neural network transformation and a customized secure computation protocol for secure inference on deep neural networks. The transformation translates the contemporary neural network operations into several Boolean operations that can more efficiently be executed in secure computation protocols. The proposed transformation in conjunction with the customized protocol enable privacy-preserving medical diagnosis on four medical datasets for the first time. (III) Design and end-to-end implementation of a new high-performance hardware architecture for computing on encrypted data. The proposed architecture outperforms high-end GPUs by more than 30x and modern CPUs by more than two orders of magnitude. (IV) Creating an efficient methodology based on hardware synthesis tools to produce compact Boolean circuit representation of a given function. The Boolean representation is optimized according to the cost function of secure computation protocols. The methodology reduces the computation and communication costs by up to 4x. (V) Designing a new substring search algorithm customized for secure computation that does not require random access to the text. The proposed algorithm outperforms all state-of-the-art substring search algorithms when run within the secure computation protocol. (VI) Introducing the first secure content-addressable memory for approximate search. The design enables high-accuracy similarity-based approximate search while keeping the underlying data private without relying on a trusted server. The construction is the first to provide post-breach data confidentiality. (VII) Proposing a new methodology to create large-volume synthetic human fingerprints that are computationally indistinguishable from real fingerprints. The methodology enhances the security of any fingerprint-based authentication system.