# Privacy-Preserving Machine Learning ## expand\_more ![privacy-preserving_machine_learning_resized.jpg](/sites/g/files/omnuum11281/files/vlsiarch/files/privacy-preserving_machine_learning_resized.jpg) We characterize performance overhead of privacy-preserving computation techniques, focusing on homomorphic encryption (HE) technique. Homomorphic encryption makes it possible to compute on encrypted data leveraging a huge computation overhead, which raises challenges on its actual deployment. We analyze the overhead and build its performance and cost model. We investigate the practicality of this new computing model that is capable of secure computation outsourcing. We place emphasis on privacy-preserving machine learning/deep learning applications because recent advances in (personalized) deep learning applications can significantly facilitate our lives provided that user's privacy is protected. To make use of homomorphic encryption techniques with these applications, we optimize it on both algorithm and hardware levels. Specifically, based on the characteristics of deep learning and homomorphic encryption workloads, we look at how to fit the pipeline of homomorphic encryption operations to the hardware better. We design a specialized hardware accelerator and conduct performance and power analysis with the algorithm-level optimizations combined. ## Select Publications Download 3 citations download- [BibTeX](/bibcite/export?pager_style=no_pager&number_of_items=6&sort_field=bibcite_year--desc&taxonomy_filters%5Bfield_hwp_c_peoplepublications%5D&taxonomy_filters%5Bfield_hwp_c_project123456%5D%5B0%5D%5Btarget_id%5D=172619&&&format=bibtex) - [EndNote X3 XML](/bibcite/export?pager_style=no_pager&number_of_items=6&sort_field=bibcite_year--desc&taxonomy_filters%5Bfield_hwp_c_peoplepublications%5D&taxonomy_filters%5Bfield_hwp_c_project123456%5D%5B0%5D%5Btarget_id%5D=172619&&&format=endnote8) - [EndNote 7 XML](/bibcite/export?pager_style=no_pager&number_of_items=6&sort_field=bibcite_year--desc&taxonomy_filters%5Bfield_hwp_c_peoplepublications%5D&taxonomy_filters%5Bfield_hwp_c_project123456%5D%5B0%5D%5Btarget_id%5D=172619&&&format=endnote7) - [Endnote tagged](/bibcite/export?pager_style=no_pager&number_of_items=6&sort_field=bibcite_year--desc&taxonomy_filters%5Bfield_hwp_c_peoplepublications%5D&taxonomy_filters%5Bfield_hwp_c_project123456%5D%5B0%5D%5Btarget_id%5D=172619&&&format=tagged) - [Marc](/bibcite/export?pager_style=no_pager&number_of_items=6&sort_field=bibcite_year--desc&taxonomy_filters%5Bfield_hwp_c_peoplepublications%5D&taxonomy_filters%5Bfield_hwp_c_project123456%5D%5B0%5D%5Btarget_id%5D=172619&&&format=marc) - [PubMedId](/bibcite/export?pager_style=no_pager&number_of_items=6&sort_field=bibcite_year--desc&taxonomy_filters%5Bfield_hwp_c_peoplepublications%5D&taxonomy_filters%5Bfield_hwp_c_project123456%5D%5B0%5D%5Btarget_id%5D=172619&&&format=pubmed_id) - [RIS](/bibcite/export?pager_style=no_pager&number_of_items=6&sort_field=bibcite_year--desc&taxonomy_filters%5Bfield_hwp_c_peoplepublications%5D&taxonomy_filters%5Bfield_hwp_c_project123456%5D%5B0%5D%5Btarget_id%5D=172619&&&format=ris) ### 2022 Maximilian Lam, Michael Mitzenmacher, Vijay Janapa Reddi, Gu-Yeon Wei, and David Brooks. 2022. “[Tabula: Efficiently Computing Nonlinear Activation Functions for Secure Neural Network Inference](/publications/efficiently-computing-nonlinear-activation-functions-secure-neural-network)” Maximilian Lam, Michael Mitzenmacher, Vijay Janapa Reddi, Gu-Yeon Wei, and David Brooks. 2022. “[Tabula: Efficiently Computing Nonlinear Activation Functions for Secure Neural Network Inference](/publications/efficiently-computing-nonlinear-activation-functions-secure-neural-network)” - add\_circle\_outline do\_not\_disturb\_on Abstract - [ descriptionPublisher's Version](https://doi.org/10.48550/arXiv.2203.02833) - [ picture\_as\_pdfTabula: Efficiently Compu...](/sites/g/files/omnuum11281/files/vlsiarch/files/2203.02833.pdf) Multiparty computation approaches to private neural network inference require significant communication between server and client, incur tremendous runtime penalties, and cost massive storage overheads. The primary source of these expenses is garbled... - [ descriptionPublisher's Version](https://doi.org/10.48550/arXiv.2203.02833) - [ picture\_as\_pdfTabula: Efficiently Compu...](/sites/g/files/omnuum11281/files/vlsiarch/files/2203.02833.pdf) ### 2021 Maximilian Lam, Gu-Yeon Wei, David Brooks, Vijay Janapa Reddi, and Michael Mitzenmacher. 2021. “[Gradient Disaggregation: Breaking Privacy in Federated Learning by Reconstructing the User Participant Matrix](/publications/gradient-disaggregation-breaking-privacy-federated-learning-reconstructing)” Maximilian Lam, Gu-Yeon Wei, David Brooks, Vijay Janapa Reddi, and Michael Mitzenmacher. 2021. “[Gradient Disaggregation: Breaking Privacy in Federated Learning by Reconstructing the User Participant Matrix](/publications/gradient-disaggregation-breaking-privacy-federated-learning-reconstructing)” - add\_circle\_outline do\_not\_disturb\_on Abstract - [ descriptionPublisher's Version](https://doi.org/10.48550/arXiv.2106.06089) - [ picture\_as\_pdfGradient Disaggregation: ...](/sites/g/files/omnuum11281/files/vlsiarch/files/2106.06089.pdf) We show that aggregated model updates in federated learning may be insecure. An untrusted central server may disaggregate user updates from sums of updates across participants given repeated observations, enabling the server to recover privileged... - [ descriptionPublisher's Version](https://doi.org/10.48550/arXiv.2106.06089) - [ picture\_as\_pdfGradient Disaggregation: ...](/sites/g/files/omnuum11281/files/vlsiarch/files/2106.06089.pdf) ### 2020 Brandon Reagen, Wooseok Choi, Yeongil Ko, Vincent Lee, Gu Wei, Lee S, and David Brooks. 2020. “[Cheetah: Optimizations and Methods for PrivacyPreserving Inference via Homomorphic Encryption](/publications/cheetah-optimizations-and-methods-privacypreserving-inference-homomorphic)” Brandon Reagen, Wooseok Choi, Yeongil Ko, Vincent Lee, Gu Wei, Lee S, and David Brooks. 2020. “[Cheetah: Optimizations and Methods for PrivacyPreserving Inference via Homomorphic Encryption](/publications/cheetah-optimizations-and-methods-privacypreserving-inference-homomorphic)” - add\_circle\_outline do\_not\_disturb\_on Abstract - [ descriptionPublisher's Version](https://doi.org/10.48550/arXiv.2006.00505) - [ picture\_as\_pdfCheetah: Optimizations an...](/sites/g/files/omnuum11281/files/vlsiarch/files/2006.00505.pdf) As the application of deep learning continues to grow, so does the amount of data used to make predictions. While traditionally, big-data deep learning was constrained by computing performance and off-chip memory bandwidth, a new constraint has emerged... - [ descriptionPublisher's Version](https://doi.org/10.48550/arXiv.2006.00505) - [ picture\_as\_pdfCheetah: Optimizations an...](/sites/g/files/omnuum11281/files/vlsiarch/files/2006.00505.pdf) [ See all project publications arrow\_circle\_right ](https://prod-vlsiarch.drupalsites.harvard.edu/publications?f%5B0%5D=bibcite_reference_hwp_c_project123456%3A172619)