Table of Contents
Fetching ...

Enhancing Noisy Functional Encryption for Privacy-Preserving Machine Learning

Linda Scheu-Hachtel, Jasmin Zalonis

TL;DR

The paper addresses privacy-friendly PPML in settings with multiple data holders, limited trusted resources, and dynamic participation. It introduces DyNMCFE, a dynamic, labeled, noisy multi-client functional encryption framework, and a concrete inner-product instantiation named DyNo, which supports client corruption and preserves output privacy via differential privacy. By combining label-based access with DP noise and a PRF-based keying mechanism, the authors enable efficient training of linear models (e.g., logistic regression) under private gradient descent, demonstrated with practical benchmarks and a full PPML protocol. The work offers both formal security definitions and an implementation showing millisecond-to-second runtimes, indicating strong practicality for privacy-preserving ML in distributed, governance-driven environments. Overall, this approach provides a scalable, DP-guaranteed paradigm for encrypted PPML with dynamic, partially untrusted participants and a resource-constrained coordinating authority.

Abstract

Functional encryption (FE) has recently attracted interest in privacy-preserving machine learning (PPML) for its unique ability to compute specific functions on encrypted data. A related line of work focuses on noisy FE, which ensures differential privacy in the output while keeping the data encrypted. We extend the notion of noisy multi-input functional encryption (NMIFE) to (dynamic) noisy multi-client functional encryption ((Dy)NMCFE), which allows for more flexibility in the number of data holders and analyses, while protecting the privacy of the data holder with fine-grained access through the usage of labels. Following our new definition of DyNMCFE, we present DyNo, a concrete inner-product DyNMCFE scheme. Our scheme captures all the functionalities previously introduced in noisy FE schemes, while being significantly more efficient in terms of space and runtime and fulfilling a stronger security notion by allowing the corruption of clients. To further prove the applicability of DyNMCFE, we present a protocol for PPML based on DyNo. According to this protocol, we train a privacy-preserving logistic regression.

Enhancing Noisy Functional Encryption for Privacy-Preserving Machine Learning

TL;DR

The paper addresses privacy-friendly PPML in settings with multiple data holders, limited trusted resources, and dynamic participation. It introduces DyNMCFE, a dynamic, labeled, noisy multi-client functional encryption framework, and a concrete inner-product instantiation named DyNo, which supports client corruption and preserves output privacy via differential privacy. By combining label-based access with DP noise and a PRF-based keying mechanism, the authors enable efficient training of linear models (e.g., logistic regression) under private gradient descent, demonstrated with practical benchmarks and a full PPML protocol. The work offers both formal security definitions and an implementation showing millisecond-to-second runtimes, indicating strong practicality for privacy-preserving ML in distributed, governance-driven environments. Overall, this approach provides a scalable, DP-guaranteed paradigm for encrypted PPML with dynamic, partially untrusted participants and a resource-constrained coordinating authority.

Abstract

Functional encryption (FE) has recently attracted interest in privacy-preserving machine learning (PPML) for its unique ability to compute specific functions on encrypted data. A related line of work focuses on noisy FE, which ensures differential privacy in the output while keeping the data encrypted. We extend the notion of noisy multi-input functional encryption (NMIFE) to (dynamic) noisy multi-client functional encryption ((Dy)NMCFE), which allows for more flexibility in the number of data holders and analyses, while protecting the privacy of the data holder with fine-grained access through the usage of labels. Following our new definition of DyNMCFE, we present DyNo, a concrete inner-product DyNMCFE scheme. Our scheme captures all the functionalities previously introduced in noisy FE schemes, while being significantly more efficient in terms of space and runtime and fulfilling a stronger security notion by allowing the corruption of clients. To further prove the applicability of DyNMCFE, we present a protocol for PPML based on DyNo. According to this protocol, we train a privacy-preserving logistic regression.
Paper Structure (44 sections, 8 theorems, 31 equations, 5 figures, 6 tables)

This paper contains 44 sections, 8 theorems, 31 equations, 5 figures, 6 tables.

Key Result

theorem thmcountertheorem

The $\mathsf{NMIFE}^{\textnormal{ot}}$ scheme presented in Construction def:nmifeot is $\mathsf{IND}$-secure with $\mathsf{Adv}\xspace_{\mathsf{NMIFE}^{\textnormal{ot}}\xspace, \mathcal{A}\xspace}^{\mathsf{IND}}(\lambda) = 0$ for any $\mathsf{PPT}\xspace$ adversary $\mathcal{A}$.

Figures (5)

  • Figure 1: Analysis request and data gathering.
  • Figure 2: Training phase.
  • Figure 3: Model utility for 50 rounds, in dependency of $\epsilon_{\max}$. The dashed line shows peak accuracy on plaintext after 500 rounds. Dotted lines represent the maximal accuracy achieved with LDP with 500 rounds.
  • Figure 4: Model utility on Nhanes III versus $\epsilon_{\max}$ and training rounds. The dashed line shows peak accuracy on plaintext after 500 rounds; the diamond marks max convergence without noise. Dotted lines indicate LDP’s best accuracy at 500 rounds. Accuracy $=0$ means no convergence.
  • Figure : Model utility for 50 rounds, in dependency of $\epsilon_{\max}$. The dashed line shows peak accuracy on plaintext after 500 rounds. Dotted lines represent the maximal accuracy achieved with LDP with 500 rounds.

Theorems & Definitions (29)

  • definition thmcounterdefinition: Local Differential Privacy ldp
  • definition thmcounterdefinition: Global Differential Privacy
  • definition thmcounterdefinition: $l_2$-sensitivity
  • definition thmcounterdefinition
  • definition thmcounterdefinition: (Dynamic) Noisy Multi-Client Functional Encryption
  • remark thmcounterremark
  • definition thmcounterdefinition: Correctness of DyNMCFE
  • definition thmcounterdefinition: One-time Security of DyNMCFE
  • remark thmcounterremark
  • theorem thmcountertheorem
  • ...and 19 more