DOCSLIB.ORG

New Directions in Efficient Privacypreserving Machine Learning

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

New Directions in Efficient Privacy­Preserving Machine Learning Sameer Narahari Wagh May 12th, 2020 A Dissertation Presented to the Faculty of Princeton University in Candidacy for the Degree of Doctor of Philosophy Thesis Committee: Prof. Prateek Mittal (Advisor) . Princeton University Prof. Vincent Poor . .Princeton University Prof. Peter Ramadge . Princeton University Prof. Niraj Jha . Princeton University Dr. Nishanth Chandran . Microsoft Research, India © Copyright by Sameer Narahari Wagh, 2020. All rights reserved. To my Mother, for her unconditional love and unwavering belief in me. ii Abstract Applications of machine learning have become increasingly common in recent years. For instance, navigation systems like Google Maps use machine learning to better predict traffic patterns; Facebook, LinkedIn, and other social media platforms use machine learning to customize user’s news feeds. Central to all these systems is user data. However, the sensitive nature of the collected data has also led to a number of privacy concerns. Privacy-preserving machine learning enables systems that can perform such computation over sensitive data while protecting its privacy. In this dissertation, we focus on developing efficient protocols for machine learn- ing as a target analytics application. To incorporate privacy, we use a multi-party computation-based approach. In multi-party computation, a number of non-colluding entities jointly perform computation over the data and privacy stems from no party having any information about the data being computed on. At the heart of this disser- tation are three frameworks – SecureNN, Falcon, and Ponytail – each pushing the frontiers of privacy-preserving machine learning and propose novel approaches to protocol design. SecureNN and Falcon introduce, for the first time, highly effi- cient protocols for computation of non-linear functions (such as rectified linear unit, maxpool, batch-normalization) using purely modular arithmetic. Ponytail demon- strates the use of homomorphic encryption to significantly improve over prior art in private matrix multiplication. Each framework provides both significant asymptotic as well as concrete efficiency gains over prior work by improving computation aswell as communication performance by an order of magnitude. These building blocks – matrix multiplication, rectified linear unit, maxpool, batch-normalization – are central to machine learning and improvements to these significantly improve upon prior art in private machine learning. Furthermore, each of these systems is implemented and benchmarked to reduce the barrier of deploy- ment. Uniquely positioned at the intersection of both theory and practice, these frameworks bridge the gap between plaintext and privacy-preserving computation while contributing new directions for research to the community. iii Acknowledgments “Alone we can do so little; together we can do so much.” - Helen Keller Like any worthwhile undertaking, there is an entire universe of people that assist in the making of one PhD and this section is a tribute to my universe of people. I do not believe acknowledgments can be written in hindsight and true to this spirit, this part of the thesis was written over the entire course of my PhD. I see this as a reflection not of my PhD but about the people I shared it with and hence, toallof you, a big thank you for sharing parts of this journey with me! I strongly believe that researchers are made and not born and no sentiment could better acknowledge my advisor Prateek’s contribution in my life. I admire Prateek for his tremendous dedication, enthusiasm, and relentless optimism. I am grateful for his encouragement, for believing in me, and for all the creative freedom given to me during the course of my PhD. Working with Prateek has been one of the best decisions of my life and if I ever were to relive these years, I would make this decision every single time! I would also like to acknowledge Paul Cuff for his instrumental role in shaping me as a student, scholar, and as an individual. Paul has been like a second advisor to me, a close mentor for life, as well as a wonderful basketball colleague. A special acknowledgment to Prof. Rajesh Narayanan, Prof. Nic Shannon, Prof David Dorfan, and M Prakash Sir, my previous advisors and mentors, who introduced me to the path of research, provided invaluable mentorship, and without whom I would never have chosen this path in life. I would like to thank my thesis committee – Prof. Niraj Jha and Nishanth Chandran as readers, Prof. Vince Poor and Prof. Peter Ramadge as the examiners – as well as other department faculties that I had the opportunity to interact with during my time at Princeton – Prof. Paul Prucnal and Prof. Alejandro Rodriguez. A special acknowledgment to my mentors Nishanth Chandran (doubly!), Hao Chen, Ilya Razenshteyn, Divya Gupta, Tal Rabin, Olya Ohrimenko, Benny Pinkas, and Assi Barak. They have been instrumental in my professional development and without whom I would not be where I am today. I would also like to thank all my collaborators Miran Kim, Yongsoo Song, Fabrice Benhamouda, Eyal Kushilevitz, Xi He, Ashwin Machanavajjhala, Aaron Johnson, Ryan Wails, Lawrence Esswood, Felix Schuster, Manuel Costa, Yanqi Zhou, and David Wentzlaff. Dragoş and Saeed, a very special thanks to both of you, Ponytail would not be half as fun without you. Likewise, Hans and Gerry, it has been a pleasure working with you and I wish you the very best of luck in your journey at Grad school. I would also like to thank all the awards and grants that have supported the research efforts of this dissertation. Lisa, fortunately or unfortunately, you had an office right opposite Prateek’s and had to see me often. No amount of words can thank you – from simple favors, to elaborate requests, you have helped me through it all and I cannot imagine my Princeton journey without you. No matter where I am, you will keep receiving post- cards from around the world. A big thank you to all the incredible ELE departmental iv staff Colleen, Roelie, Dorothy, Heather, Stacey, Kate, Jean, Lidia, and Abby who truly form the backbone of the department. A special thank you to Lori, Katie, and Muhamed for all the support in making my graduate life easier and to Cecilia for all her support in organizing all kinds of departmental events – MelodEE, the departmental t-shirt and more. I sincerely applaud your dedication and efforts to make our department such a fun place. I would like to express my deepest appreciation for some people who have not only shared this journey with me but also made this journey what it is. First and foremost, my deepest gratitude to Rutwik, a dear friend and long-time roommate; I truly cannot imagine my journey at Princeton without you. I have learned so much from you and the countless memories we have together shall be cherished forever. I look forward to more wonderful times together. To Shruti Tople, a dear friend, a trustworthy guide, and a fantastic collaborator. To Sergiy for being a humble link to JG and ELDOA but more importantly for just being yourself. To John-Garret a.k.a JG, for being the best body mechanic on this planet, and for showing me the way to living my life more fully. To Luciano, for all the fun times we shared together and many more to come. To Yeohee, for the fun jamming for MelodEE and for all that I have learned from you. To Tri and Mayank for all the crazy conversations and more than making up for the Ph in a PhD. A special appreciation for my Yoga instructor David as well as all my yoga friends. To my host family Rona, Rob, Kate and Matt, Sara and Bernat who graciously welcomed me not just into the United States but also into their lives. To Brett Bishop, for the enjoyable workouts together and for all your honest inputs on life. To Yan, for being a phenomenal mentor as well as a wonderful book guru. To Lanqing and Jonathan for all the fun puzzles over lunch and otherwise and to Prakhar, Vikash, Shashank, Siddharth, Shaurya, Pranav, Chris, Uno, Wen, Theresa, and Vitor for all the cooking and meals we shared. Finally, Sandra, Hamid, Mina, and Sepehr, you guys have been an instrumental part of my Princeton lives and I will cherish every moment we spent together! I would also like to thank all my friends across the world, especially from India; you made this journey a real pleasure and you’re all fondly remembered during the writing of this acknowledgment. A special and heartfelt appreciation to Harshad Chandak for everything (in particular for all the “making memories”). My sincere gratitude to all my family in India as well as in the States – without your support, this journey would not be easy. I would like to acknowledge a few of my friends, in and outside Princeton for being a part of this journey: Changchang, Peng, Yixin, Yushan, Thee, Liwei, Arjun, Hooman, Tong, Shivam, Irineo, Vera, Nadeen, Molly, Quinn, Abhishek, Shweta, and Sukrit, Sapad, Daniel and Christina, Anders, Harsh, Rahul, Shir, Eysa, and Eduardo, Mohammad Samragh, Sadegh (MSR), Ilia, Lynn, and Pardis. I would also like to thank Anita (and Zalalem) for being one of the best hosts on this planet. I thank numerous people I have played badminton, basketball, ultimate, and soccer with, in particular, my folks and coaches at CFN and the FCRangers crew for the wonderful soccer time in Seattle. I would like to thank all the organizations and grants that have supported my work. Finally, I would like to thank Princeton for giving me this wonderful environment to thrive to the best of my abilities, an entire ecosystem of talented individuals to learn from. v Contents Abstract ..................................... iii Acknowledgments ...............................
Recommended publications
  • ARTIFICIAL INTELLIGENCE and ALGORITHMIC LIABILITY a Technology and Risk Engineering Perspective from Zurich Insurance Group and Microsoft Corp

    ARTIFICIAL INTELLIGENCE and ALGORITHMIC LIABILITY a Technology and Risk Engineering Perspective from Zurich Insurance Group and Microsoft Corp

    White Paper ARTIFICIAL INTELLIGENCE AND ALGORITHMIC LIABILITY A technology and risk engineering perspective from Zurich Insurance Group and Microsoft Corp. July 2021 TABLE OF CONTENTS 1. Executive summary 03 This paper introduces the growing notion of AI algorithmic 2. Introduction 05 risk, explores the drivers and A. What is algorithmic risk and why is it so complex? ‘Because the computer says so!’ 05 B. Microsoft and Zurich: Market-leading Cyber Security and Risk Expertise 06 implications of algorithmic liability, and provides practical 3. Algorithmic risk : Intended or not, AI can foster discrimination 07 guidance as to the successful A. Creating bias through intended negative externalities 07 B. Bias as a result of unintended negative externalities 07 mitigation of such risk to enable the ethical and responsible use of 4. Data and design flaws as key triggers of algorithmic liability 08 AI. A. Model input phase 08 B. Model design and development phase 09 C. Model operation and output phase 10 Authors: D. Potential complications can cloud liability, make remedies difficult 11 Zurich Insurance Group 5. How to determine algorithmic liability? 13 Elisabeth Bechtold A. General legal approaches: Caution in a fast-changing field 13 Rui Manuel Melo Da Silva Ferreira B. Challenges and limitations of existing legal approaches 14 C. AI-specific best practice standards and emerging regulation 15 D. New approaches to tackle algorithmic liability risk? 17 Microsoft Corp. Rachel Azafrani 6. Principles and tools to manage algorithmic liability risk 18 A. Tools and methodologies for responsible AI and data usage 18 Christian Bucher B. Governance and principles for responsible AI and data usage 20 Franziska-Juliette Klebôn C.
  • NASA Develops Wireless Tile Scanner for Space Shuttle Inspection

    NASA Develops Wireless Tile Scanner for Space Shuttle Inspection

    August 2007 NASA, Microsoft launch collaboration with immersive photography NASA and Microsoft Corporation a more global view of the launch facil- provided us with some outstanding of Redmond, Wash., have released an ity. The software uses photographs images, and the result is an experience interactive, 3-D photographic collec- from standard digital cameras to that will wow anyone wanting to get a tion of the space shuttle Endeavour construct a 3-D view that can be navi- closer look at NASA’s missions.” preparing for its upcoming mission to gated and explored online. The NASA The NASA collections were created the International Space Station. Endea- images can be viewed at Microsoft’s in collaboration between Microsoft’s vour launched from NASA Kennedy Live Labs at: http://labs.live.com Live Lab, Kennedy and NASA Ames. Space Center in Florida on Aug. 8. “This collaboration with Microsoft “We see potential to use Photo- For the first time, people around gives the public a new way to explore synth for a variety of future mission the world can view hundreds of high and participate in America’s space activities, from inspecting the Interna- resolution photographs of Endeav- program,” said William Gerstenmaier, tional Space Station and the Hubble our, Launch Pad 39A and the Vehicle NASA’s associate administrator for Space Telescope to viewing landing Assembly Building at Kennedy in Space Operations, Washington. “We’re sites on the moon and Mars,” said a unique 3-D viewer. NASA and also looking into using this new tech- Chris C. Kemp, director of Strategic Microsoft’s Live Labs team developed nology to support future missions.” Business Development at Ames.
  • Practical Homomorphic Encryption and Cryptanalysis

    Practical Homomorphic Encryption and Cryptanalysis

    Practical Homomorphic Encryption and Cryptanalysis Dissertation zur Erlangung des Doktorgrades der Naturwissenschaften (Dr. rer. nat.) an der Fakult¨atf¨urMathematik der Ruhr-Universit¨atBochum vorgelegt von Dipl. Ing. Matthias Minihold unter der Betreuung von Prof. Dr. Alexander May Bochum April 2019 First reviewer: Prof. Dr. Alexander May Second reviewer: Prof. Dr. Gregor Leander Date of oral examination (Defense): 3rd May 2019 Author's declaration The work presented in this thesis is the result of original research carried out by the candidate, partly in collaboration with others, whilst enrolled in and carried out in accordance with the requirements of the Department of Mathematics at Ruhr-University Bochum as a candidate for the degree of doctor rerum naturalium (Dr. rer. nat.). Except where indicated by reference in the text, the work is the candidates own work and has not been submitted for any other degree or award in any other university or educational establishment. Views expressed in this dissertation are those of the author. Place, Date Signature Chapter 1 Abstract My thesis on Practical Homomorphic Encryption and Cryptanalysis, is dedicated to efficient homomor- phic constructions, underlying primitives, and their practical security vetted by cryptanalytic methods. The wide-spread RSA cryptosystem serves as an early (partially) homomorphic example of a public- key encryption scheme, whose security reduction leads to problems believed to be have lower solution- complexity on average than nowadays fully homomorphic encryption schemes are based on. The reader goes on a journey towards designing a practical fully homomorphic encryption scheme, and one exemplary application of growing importance: privacy-preserving use of machine learning.
  • Information Guide

    Information Guide

    INFORMATION GUIDE 7 ALL-PRO 7 NFL MVP LAMAR JACKSON 2018 - 1ST ROUND (32ND PICK) RONNIE STANLEY 2016 - 1ST ROUND (6TH PICK) 2020 BALTIMORE DRAFT PICKS FIRST 28TH SECOND 55TH (VIA ATL.) SECOND 60TH THIRD 92ND THIRD 106TH (COMP) FOURTH 129TH (VIA NE) FOURTH 143RD (COMP) 7 ALL-PRO MARLON HUMPHREY FIFTH 170TH (VIA MIN.) SEVENTH 225TH (VIA NYJ) 2017 - 1ST ROUND (16TH PICK) 2020 RAVENS DRAFT GUIDE “[The Draft] is the lifeblood of this Ozzie Newsome organization, and we take it very Executive Vice President seriously. We try to make it a science, 25th Season w/ Ravens we really do. But in the end, it’s probably more of an art than a science. There’s a lot of nuance involved. It’s Joe Hortiz a big-picture thing. It’s a lot of bits and Director of Player Personnel pieces of information. It’s gut instinct. 23rd Season w/ Ravens It’s experience, which I think is really, really important.” Eric DeCosta George Kokinis Executive VP & General Manager Director of Player Personnel 25th Season w/ Ravens, 2nd as EVP/GM 24th Season w/ Ravens Pat Moriarty Brandon Berning Bobby Vega “Q” Attenoukon Sarah Mallepalle Sr. VP of Football Operations MW/SW Area Scout East Area Scout Player Personnel Assistant Player Personnel Analyst Vincent Newsome David Blackburn Kevin Weidl Patrick McDonough Derrick Yam Sr. Player Personnel Exec. West Area Scout SE/SW Area Scout Player Personnel Assistant Quantitative Analyst Nick Matteo Joey Cleary Corey Frazier Chas Stallard Director of Football Admin. Northeast Area Scout Pro Scout Player Personnel Assistant David McDonald Dwaune Jones Patrick Williams Jenn Werner Dir.
  • Homomorphic Encryption Library

    Homomorphic Encryption Library

    Ludwig-Maximilians-Universit¨at Munchen¨ Prof. Dr. D. Kranzlmuller,¨ Dr. N. gentschen Felde Data Science & Ethics { Microsoft SEAL { Exercise 1: Library for Matrix Operations Microsoft's Simple Encrypted Arithmetic Library (SEAL)1 is a publicly available homomorphic encryption library. It can be found and downloaded at http://sealcrypto.codeplex.com/. Implement a library 13b MS-SEAL.h supporting matrix operations using homomorphic encryption on basis of the MS SEAL. due date: 01.07.2018 (EOB) no. of students: 2 deliverables: 1. Implemenatation (including source code(s)) 2. Documentation (max. 10 pages) 3. Presentation (10 { max. 15 minutes) 13b MS-SEAL.h #i n c l u d e <f l o a t . h> #i n c l u d e <s t d b o o l . h> typedef struct f double ∗ e n t r i e s ; unsigned int width; unsigned int height; g matrix ; /∗ Initialize new matrix: − reserve memory only ∗/ matrix initMatrix(unsigned int width, unsigned int height); /∗ Initialize new matrix: − reserve memory − set any value to 0 ∗/ matrix initMatrixZero(unsigned int width, unsigned int height); /∗ Initialize new matrix: − reserve memory − set any value to random number ∗/ matrix initMatrixRand(unsigned int width, unsigned int height); 1https://www.microsoft.com/en-us/research/publication/simple-encrypted-arithmetic-library-seal-v2-0/# 1 /∗ copy a matrix and return its copy ∗/ matrix copyMatrix(matrix toCopy); /∗ destroy matrix − f r e e memory − set any remaining value to NULL ∗/ void freeMatrix(matrix toDestroy); /∗ return entry at position (xPos, yPos), DBL MAX in case of error
  • Arxiv:2102.00319V1 [Cs.CR] 30 Jan 2021

    Arxiv:2102.00319V1 [Cs.CR] 30 Jan 2021

    Efficient CNN Building Blocks for Encrypted Data Nayna Jain1,4, Karthik Nandakumar2, Nalini Ratha3, Sharath Pankanti5, Uttam Kumar 1 1 Center for Data Sciences, International Institute of Information Technology, Bangalore 2 Mohamed Bin Zayed University of Artificial Intelligence 3 University at Buffalo, SUNY 4 IBM Systems 5 Microsoft [email protected], [email protected], [email protected]/[email protected], [email protected], [email protected] Abstract Model Owner Model Architecture 푴 Machine learning on encrypted data can address the concerns Homomorphically Encrypted Model Model Parameters 퐸(휽) related to privacy and legality of sharing sensitive data with Encryption untrustworthy service providers, while leveraging their re- Parameters 휽 sources to facilitate extraction of valuable insights from oth- End-User Public Key Homomorphically Encrypted Cloud erwise non-shareable data. Fully Homomorphic Encryption Test Data {퐸(퐱 )}푇 Test Data 푖 푖=1 FHE Computations Service 푇 Encryption (FHE) is a promising technique to enable machine learning {퐱푖}푖=1 퐸 y푖 = 푴(퐸 x푖 , 퐸(휽)) Provider and inferencing while providing strict guarantees against in- Inference 푇 Decryption formation leakage. Since deep convolutional neural networks {푦푖}푖=1 Homomorphically Encrypted Inference Results {퐸(y )}푇 (CNNs) have become the machine learning tool of choice Private Key 푖 푖=1 in several applications, several attempts have been made to harness CNNs to extract insights from encrypted data. How- ever, existing works focus only on ensuring data security Figure 1: In a conventional Machine Learning as a Ser- and ignore security of model parameters. They also report vice (MLaaS) scenario, both the data and model parameters high level implementations without providing rigorous anal- are unencrypted.
  • Applications of Reinforcement Learning to Routing and Virtualization in Computer Networks

    Applications of Reinforcement Learning to Routing and Virtualization in Computer Networks

    Applications of Reinforcement Learning to Routing and Virtualization in Computer Networks by Soroush Haeri B. Eng., Multimedia University, Malaysia, 2010 Dissertation Submitted in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy in the School of Engineering Science Faculty of Applied Science © Soroush Haeri 2016 SIMON FRASER UNIVERSITY Spring 2016 All rights reserved. However, in accordance with the Copyright Act of Canada, this work may be reproduced without authorization under the conditions for “Fair Dealing.” Therefore, limited reproduction of this work for the purposes of private study, research, criticism, review and news reporting is likely to be in accordance with the law, particularly if cited appropriately. Abstract Computer networks and reinforcement learning algorithms have substantially advanced over the past decade. The Internet is a complex collection of inter-connected networks with a numerous of inter-operable technologies and protocols. Current trend to decouple the network intelligence from the network devices enabled by Software-Defined Networking (SDN) provides a centralized implementation of network intelligence. This offers great computational power and memory to network logic processing units where the network intelligence is implemented. Hence, reinforcement learning algorithms viable options for addressing a variety of computer networking challenges. In this dissertation, we propose two applications of reinforcement learning algorithms in computer networks. We first investigate the applications of reinforcement learning for deflection routing in buffer- less networks. Deflection routing is employed to ameliorate packet loss caused by contention in buffer-less architectures such as optical burst-switched (OBS) networks. We present a framework that introduces intelligence to deflection routing (iDef).
  • MP2ML: a Mixed-Protocol Machine Learning Framework for Private Inference∗ (Full Version)

    MP2ML: a Mixed-Protocol Machine Learning Framework for Private Inference∗ (Full Version)

    MP2ML: A Mixed-Protocol Machine Learning Framework for Private Inference∗ (Full Version) Fabian Boemer Rosario Cammarota Daniel Demmler [email protected] [email protected] [email protected] Intel AI Intel Labs hamburg.de San Diego, California, USA San Diego, California, USA University of Hamburg Hamburg, Germany Thomas Schneider Hossein Yalame [email protected] [email protected] darmstadt.de TU Darmstadt TU Darmstadt Darmstadt, Germany Darmstadt, Germany ABSTRACT 1 INTRODUCTION Privacy-preserving machine learning (PPML) has many applica- Several practical services have emerged that use machine learn- tions, from medical image evaluation and anomaly detection to ing (ML) algorithms to categorize and classify large amounts of financial analysis. nGraph-HE (Boemer et al., Computing Fron- sensitive data ranging from medical diagnosis to financial eval- tiers’19) enables data scientists to perform private inference of deep uation [14, 66]. However, to benefit from these services, current learning (DL) models trained using popular frameworks such as solutions require disclosing private data, such as biometric, financial TensorFlow. nGraph-HE computes linear layers using the CKKS ho- or location information. momorphic encryption (HE) scheme (Cheon et al., ASIACRYPT’17), As a result, there is an inherent contradiction between utility and relies on a client-aided model to compute non-polynomial acti- and privacy: ML requires data to operate, while privacy necessitates vation functions, such as MaxPool and ReLU, where intermediate keeping sensitive information private [70]. Therefore, one of the feature maps are sent to the data owner to compute activation func- most important challenges in using ML services is helping data tions in the clear.
  • Modernization of Digital Enterprises Ai at the Core

    Modernization of Digital Enterprises Ai at the Core

    MODERNIZATION OF DIGITAL ENTERPRISES AI AT THE CORE From Models to Outcomes Hardik Tiwari, Prateek Das Humankind has always been fascinated by the ability of machines to learn Movies, Books, Art Thomas Bayes conceptualized Bayes Mathematicians and Scientists envisioned Theorem in 1763 the possibilities of predicting outcomes Alan Turing Arthur Samuel The world started imagining what if machines are Coined the term Wrote the first smarter “Turing Test” in Machine Learning 1950 code in 1952 And now we live in a present in which humans and intelligent systems are bound together in a symbiotic autonomy Smart Reply Apr 1, 2009: An April Fool’s Day joke Nov 5, 2015: Launched real product Feb 1, 2016: >10% of mobile Inbox replies AI permeates our daily lives — from search engines to ride-share schedulers to ever needful digital personal assistants Received a reminder about Confluence from Google Checked route on maps Booked a cab on Uber Received a location update for Taj Taking notes on Evernote Took a selfie for Instagram AI has reached a stage where intelligent systems have bettered the humans at times Face Recognition Human AI/ Machine 97.5% 97.7% Lip reading 41.3% 57.9% Pneumonia Detection 75.3% 75.9% And now AI technologies have become pervasive in every industry BFSI $25B Estimated revenue from AI products & Top Brands services in 2025 Fraud Detection Automated Cognitive RPA Uses automated analysis to help Trading identify clients best positioned for follow-on equity offerings. Chatbots Robo- Portfolio Advisors ~5M Management Potential jobs to be Loan/ Risk impacted in US by Insurance Management 2025 Credit underwriting Scoring Personalized Added AI enhancements to its Financial mobile banking app, which will give Scaleof disruption Products users personalized insights into ~10,000 their finances.

  • Smithsonian Institution Fiscal Year 2021 Budget Justification to Congress

    Smithsonian Institution Fiscal Year 2021 Budget Justification to Congress February 2020 SMITHSONIAN INSTITUTION (SI) Fiscal Year 2021 Budget Request to Congress TABLE OF CONTENTS INTRODUCTION Overview .................................................................................................... 1 FY 2021 Budget Request Summary ........................................................... 5 SALARIES AND EXPENSES Summary of FY 2021 Changes and Unit Detail ........................................ 11 Fixed Costs Salary and Related Costs ................................................................... 14 Utilities, Rent, Communications, and Other ........................................ 16 Summary of Program Changes ................................................................ 19 No-Year Funding and Object-Class Breakout .......................................... 23 Federal Resource Summary by Performance/Program Category ............ 24 MUSEUMS AND RESEARCH CENTERS Enhanced Research Initiatives ........................................................... 26 National Air and Space Museum ........................................................ 28 Smithsonian Astrophysical Observatory ............................................ 36 Major Scientific Instrumentation .......................................................... 41 National Museum of Natural History ................................................... 47 National Zoological Park ..................................................................... 55 Smithsonian Environmental
  • DELPHI: a Cryptographic Inference Service for Neural Networks Pratyush Mishra Ryan Lehmkuhl Akshayaram Srinivasan Wenting Zheng Raluca Ada Popa

    DELPHI: a Cryptographic Inference Service for Neural Networks Pratyush Mishra Ryan Lehmkuhl Akshayaram Srinivasan Wenting Zheng Raluca Ada Popa

    DELPHI: A Cryptographic Inference Service for Neural Networks Pratyush Mishra Ryan Lehmkuhl Akshayaram Srinivasan Wenting Zheng Raluca Ada Popa UC Berkeley Abstract Many companies provide neural network prediction services Cloud to users for a wide range of applications. However, current Client Cryptographic Protocol prediction systems compromise one party’s privacy: either Data NN Model the user has to send sensitive inputs to the service provider for Prediction classification, or the service provider must store its proprietary neural networks on the user’s device. The former harms the personal privacy of the user, while the latter reveals the service Figure 1: Cryptographic neural network inference. The lock indi- cates data provided in encrypted form. provider’s proprietary model. We design, implement, and evaluate DELPHI, a secure pre- tion over (convolutional) neural networks [Gil+16; Moh+17; diction system that allows two parties to execute neural net- Liu+17a; Juv+18] by utilizing specialized secure multi-party work inference without revealing either party’s data. DELPHI computation (MPC) [Yao86; Gol+87]. At a high level, these approaches the problem by simultaneously co-designing cryp- protocols proceed by encrypting the user’s input and the ser- tography and machine learning. We first design a hybrid cryp- vice provider’s neural network, and then tailor techniques for tographic protocol that improves upon the communication computing over encrypted data (like homomorphic encryption and computation costs over prior work. Second, we develop a or secret sharing) to run inference over the user’s input. At the planner that automatically generates neural network architec- end of the protocol execution, the intended party(-ies) learn ture configurations that navigate the performance-accuracy the inference result; neither party learns anything else about trade-offs of our hybrid protocol.
  • Patents and Standards : a Modern Framework for IPR-Based Standardisation

    Patents and Standards : a Modern Framework for IPR-Based Standardisation

    Patents and standards : a modern framework for IPR-based standardisation Citation for published version (APA): Bekkers, R. N. A., Birkman, L., Canoy, M. S., De Bas, P., Lemstra, W., Ménière, Y., Sainz, I., Gorp, van, N., Voogt, B., Zeldenrust, R., Nomaler, Z. O., Baron, J., Pohlmann, T., Martinelli, A., Smits, J. M., & Verbeek, A. (2014). Patents and standards : a modern framework for IPR-based standardisation. European Commission. https://doi.org/10.2769/90861 DOI: 10.2769/90861 Document status and date: Published: 01/01/2014 Document Version: Publisher’s PDF, also known as Version of Record (includes final page, issue and volume numbers) Please check the document version of this publication: • A submitted manuscript is the version of the article upon submission and before peer-review. There can be important differences between the submitted version and the official published version of record. People interested in the research are advised to contact the author for the final version of the publication, or visit the DOI to the publisher's website. • The final author version and the galley proof are versions of the publication after peer review. • The final published version features the final layout of the paper including the volume, issue and page numbers. Link to publication General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research.