Snail: Secure Single Iteration Localization

TL;DR

This work proposes a method for performing localization in a privacy preserving manner supporting two scenarios: first, when the image and map are held by a client who wishes to offload localization to untrusted third parties, and second, when the image and map are held separately by untrusting parties.

Abstract

Localization is a computer vision task by which the position and orientation of a camera is determined from an image and environmental map. We propose a method for performing localization in a privacy preserving manner supporting two scenarios: first, when the image and map are held by a client who wishes to offload localization to untrusted third parties, and second, when the image and map are held separately by untrusting parties. Privacy preserving localization is necessary when the image and map are confidential, and offloading conserves on-device power and frees resources for other tasks. To accomplish this we integrate existing localization methods and secure multi-party computation (MPC), specifically garbled circuits, yielding proof-based security guarantees in contrast to existing obfuscation-based approaches which recent related work has shown vulnerable. We present two approaches to localization, a baseline data-oblivious adaptation of localization suitable for garbled circuits and our novel Single Iteration Localization. Our technique improves overall performance while maintaining confidentiality of the input image, map, and output pose at the expense of increased communication rounds but reduced computation and communication required per round. Single Iteration Localization is over two orders of magnitude faster than a straightforward application of garbled circuits to localization enabling real-world usage in the first robot to offload localization without revealing input images, environmental map, position, or orientation to offload servers.

Figures (8)

• Figure 1: Depiction of the PnP problem. The goal is to find the pose $\mathbf{x}$, which minimizes the error $\mathbf{dI} = \|\mathbf{Q}_i - \mathbf{I}_i\|$ between the image measured points $\mathbf{I}_i$ and the map points $\mathbf{M}_i$ projected to the image $\mathbf{Q}_i$.
• Figure 2: Time to localize using ABY and EMP secure computation frameworks on feature data from ETH3D schops2017multi. Each measurement is an average of three trials using randomly selected points. The same random sequence of points are used across measurements. Note the log scale of the x-axis. The highlighted area is the difference between the slowest EMP configuration and the fastest of ABY.
• Figure 3: Time to perform addition and multiplication using floating point and fixed point data representation of various width with EMP's semi-honestly secure half-gates protocol.
• Figure 4: Arithmetic operations performed during LM localization using Single Iteration Localization. GN exhibits similar behavior.
• Figure 5: UML diagrams of a naïve data-oblivious adaptation of PnP localization via gradient descent and Single Iteration Localization. On the left, a constant upper bound of optimization iterations (default of 20 LM iterations in OpenCV) are required. On the right, the number of optimization iterations is data-dependent which in practice is much fewer than 20 but comes at the cost of additional round complexity. Regarding the inner SVD algorithm, the number of iterations can be reduced from a constant upper bound on the left (default of 30 in Eigen/LAPACK) to the optimal number (12) on the right using public knowledge about the input distribution, namely two QR sweeps per singular value and one singular value for each physical degree of freedom (2*6).

Theorems & Definitions (1)

• lemma 1