Enhancing Noisy Functional Encryption for Privacy-Preserving Machine Learning
Linda Scheu-Hachtel, Jasmin Zalonis
TL;DR
The paper addresses privacy-friendly PPML in settings with multiple data holders, limited trusted resources, and dynamic participation. It introduces DyNMCFE, a dynamic, labeled, noisy multi-client functional encryption framework, and a concrete inner-product instantiation named DyNo, which supports client corruption and preserves output privacy via differential privacy. By combining label-based access with DP noise and a PRF-based keying mechanism, the authors enable efficient training of linear models (e.g., logistic regression) under private gradient descent, demonstrated with practical benchmarks and a full PPML protocol. The work offers both formal security definitions and an implementation showing millisecond-to-second runtimes, indicating strong practicality for privacy-preserving ML in distributed, governance-driven environments. Overall, this approach provides a scalable, DP-guaranteed paradigm for encrypted PPML with dynamic, partially untrusted participants and a resource-constrained coordinating authority.
Abstract
Functional encryption (FE) has recently attracted interest in privacy-preserving machine learning (PPML) for its unique ability to compute specific functions on encrypted data. A related line of work focuses on noisy FE, which ensures differential privacy in the output while keeping the data encrypted. We extend the notion of noisy multi-input functional encryption (NMIFE) to (dynamic) noisy multi-client functional encryption ((Dy)NMCFE), which allows for more flexibility in the number of data holders and analyses, while protecting the privacy of the data holder with fine-grained access through the usage of labels. Following our new definition of DyNMCFE, we present DyNo, a concrete inner-product DyNMCFE scheme. Our scheme captures all the functionalities previously introduced in noisy FE schemes, while being significantly more efficient in terms of space and runtime and fulfilling a stronger security notion by allowing the corruption of clients. To further prove the applicability of DyNMCFE, we present a protocol for PPML based on DyNo. According to this protocol, we train a privacy-preserving logistic regression.
