Training a CNN using SPDZ
An implementation of Convolutional Neural Networks (CNNs) using secure Multi-Party Computation (MPC).Posted a month ago
OpenMined is an open-source community focused on researching, developing, and promoting tools for secure, privacy-preserving, value-aligned artificial intelligence.
Industry standard tools for artificial intelligence have been designed with several assumptions: data is centralized into a single compute cluster, the cluster exists in a secure cloud, and the resulting models will be owned by a central authority. We envision a world in which we are not restricted to this scenario - a world in which AI tools treat privacy, security, and multi-owner governance as first class citizens.
With OpenMined, an AI model can be governed by multiple owners and trained securely on an unseen, distributed dataset.
The mission of the OpenMined community is to create an accessible ecosystem of tools for private, secure, multi-owner governed AI. We do this by extending popular libraries like TensorFlow and PyTorch with advanced techniques in cryptography and private machine learning.
Privacy is at the core of OpenMined - building tools that allow data owners to keep their data private during the model training process. This is done by utilizing two methods of privacy preservation: federated learning and differential privacy.
Instead of bringing data all to one place for training, federated learning is done by bringing the model to the data. This allows a data owner to maintain the only copy of their information.
Differential Privacy is a set of techniques for preventing a model from accidentally memorizing secrets present in a training dataset during the learning process.
OpenMined is building tools that allow models to be trained within insecure, distributed environments such as end user devices. We aim to support two methods of secure computation: multi-party computation and homomorphic encryption.
When a model has multiple owners, multi-party computation allows for individuals to share control of a model without seeing its contents such that no sole owner can use or train it.
When a model has a single owner, homomorphic encryption allows an owner to encrypt their model so that untrusted 3rd parties can train or use the model without being able to steal it.
The OpenMined ecosystem allows for various systems of shared ownership, allowing variable control structures to be designed by model owners according to their own preferences. We allow for two systems of governance: consensus and threshold governance.
The default governance structure is one in which a group of data or model owners must all agree to perform training or inference in order for it to occur.
An alternative governance structure is one in which a minimum threshold of data or model owners must agree to perform training or inference in order for it to occur.
A data scientist creates a model in a framework such as PyTorch, Tensorflow, or Keras, defines a training bounty they are willing to pay for it to be trained, and requests a specific kind of private training data (i.e., personal health information, social media posts, smart-home metadata, etc.)
As the main offering of OpenMined, data scientists should have the ability to incorporate federated learning and secure prediction into their existing deep learning infrastructure. This allows for training to be done in a private cloud while minimizing the risk of leaking intellectual property or private training data.
With identical technical functionality to the private grid, the public grid is an open marketplace for individuals to offer their data to be trained on and for models to be offered for secure prediction in web applications.
A Library for Private, Secure, Multi-Owner Deep Learning - Currently Pre Alpha
A Peer-to-Peer On-Demand Compute Grid
The OpenMined Unity Application