Enhanced Outsourced and Secure Inference for Tall Sparse Decision Trees
Andrew Quijano, Spyros T. Halkidis, Kevin Gallagher, Kemal Akkaya, Nikolaos Samaras
TL;DR
The paper tackles privacy-preserving inference for decision trees in outsourced settings by distributing the model across level-sites and evaluating level-by-level, improving efficiency for tall, sparse trees while reducing single-point-of-failure risk. It extends prior PPDT work by partitioning the DT per level, enabling secure, staged encrypted comparisons that preserve input and model privacy using additive homomorphic encryption and timing-attack resistant protocols. The authors provide simulation-based security analyses against honest-but-curious clients and level-sites, discuss timing-attack mitigations, and demonstrate practical performance improvements on cloud deployments with non-colluding providers. This approach offers practical, scalable privacy-preserving inference suitable for cloud-based deployments with robust security guarantees and improved performance for sparse trees.
Abstract
A decision tree is an easy-to-understand tool that has been widely used for classification tasks. On the one hand, due to privacy concerns, there has been an urgent need to create privacy-preserving classifiers that conceal the user's input from the classifier. On the other hand, with the rise of cloud computing, data owners are keen to reduce risk by outsourcing their model, but want security guarantees that third parties cannot steal their decision tree model. To address these issues, Joye and Salehi introduced a theoretical protocol that efficiently evaluates decision trees while maintaining privacy by leveraging their comparison protocol that is resistant to timing attacks. However, their approach was not only inefficient but also prone to side-channel attacks. Therefore, in this paper, we propose a new decision tree inference protocol in which the model is shared and evaluated among multiple entities. We partition our decision tree model by each level to be stored in a new entity we refer to as a "level-site." Utilizing this approach, we were able to gain improved average run time for classifier evaluation for a non-complete tree, while also having strong mitigations against side-channel attacks.
