Confidential Inference in Decision Trees

Rupesh Raj Karn; Mizan Gebremichael; Kashif Nawaz; Ibrahim M. Elfadel

doi:10.1007/978-3-031-70947-0_14

Confidential Inference in Decision Trees

Rupesh Raj Karn
, Mizan Gebremichael
, Kashif Nawaz
, Ibrahim M. Elfadel

Computer & Communication Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

In confidential computing, arithmetic algorithms operate on encrypted inputs to produce encrypted outputs. Specifically, in confidential inference, Alice has the parameters of the machine-learning model but does not want to reveal them to Bob, who has the data. Bob wants to use Alice’s model for inference, but does not want to reveal his data. Alice and Bob agree to use confidential computing to run the inference engine without revealing either the model or the data. However, they find that fully homomorphic and order-preserving encryptions are very time-consuming and very challenging to accelerate on hardware. When the machine learning model is a decision tree, these encryptions can be made computationally efficient and can even be readily accelerated on hardware. In this paper, we reveal how Alice and Bob run the inference engine of a decision tree in full confidence and show FPGA implementations of additively homomorphic, order-preserving, and post-quantum order-preserving encryption on constrained hardware platforms. We further evaluate the resources needed to implement the ciphertext decision tree and compare them with those of a plaintext decision tree. Confidential inference tests are run on the encrypted FPGA design using the MNIST data set.

Original language	British English
Title of host publication	VLSI-SoC 2023
Subtitle of host publication	Innovations for Trustworthy Artificial Intelligence - 31st IFIP WG 10.5/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2023, Revised Extended Selected Papers
Editors	Ibrahim (Abe) M. Elfadel, Lutfi Albasha
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	273-297
Number of pages	25
ISBN (Print)	9783031709463
DOIs	https://doi.org/10.1007/978-3-031-70947-0_14
State	Published - 2024
Event	31st IFIP WG 10.5/IEEE International Conference on Very Large Scale Integration - System on a Chip, VLSI-SoC 2023 - Dubai, United Arab Emirates Duration: 16 Oct 2023 → 18 Oct 2023

Publication series

Name	IFIP Advances in Information and Communication Technology
Volume	680 IFIPAICT
ISSN (Print)	1868-4238
ISSN (Electronic)	1868-422X

Conference

Conference	31st IFIP WG 10.5/IEEE International Conference on Very Large Scale Integration - System on a Chip, VLSI-SoC 2023
Country/Territory	United Arab Emirates
City	Dubai
Period	16/10/23 → 18/10/23

Keywords

Combinational Circuit
Finite-State Machine
FPGA Implementation
Homomorphic Encryption
Order-Preserving Encryption
Post-Quantum Cryptosystem
Sequential Circuit

Access to Document

10.1007/978-3-031-70947-0_14

Cite this

Karn, R. R., Gebremichael, M., Nawaz, K., & Elfadel, I. M. (2024). Confidential Inference in Decision Trees. In I. M. Elfadel, & L. Albasha (Eds.), VLSI-SoC 2023: Innovations for Trustworthy Artificial Intelligence - 31st IFIP WG 10.5/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2023, Revised Extended Selected Papers (pp. 273-297). (IFIP Advances in Information and Communication Technology; Vol. 680 IFIPAICT). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-70947-0_14

Karn, Rupesh Raj ; Gebremichael, Mizan ; Nawaz, Kashif et al. / Confidential Inference in Decision Trees. VLSI-SoC 2023: Innovations for Trustworthy Artificial Intelligence - 31st IFIP WG 10.5/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2023, Revised Extended Selected Papers. editor / Ibrahim (Abe) M. Elfadel ; Lutfi Albasha. Springer Science and Business Media Deutschland GmbH, 2024. pp. 273-297 (IFIP Advances in Information and Communication Technology).

@inproceedings{95a03810520944c08f2bdb62d98732bd,

title = "Confidential Inference in Decision Trees",

abstract = "In confidential computing, arithmetic algorithms operate on encrypted inputs to produce encrypted outputs. Specifically, in confidential inference, Alice has the parameters of the machine-learning model but does not want to reveal them to Bob, who has the data. Bob wants to use Alice{\textquoteright}s model for inference, but does not want to reveal his data. Alice and Bob agree to use confidential computing to run the inference engine without revealing either the model or the data. However, they find that fully homomorphic and order-preserving encryptions are very time-consuming and very challenging to accelerate on hardware. When the machine learning model is a decision tree, these encryptions can be made computationally efficient and can even be readily accelerated on hardware. In this paper, we reveal how Alice and Bob run the inference engine of a decision tree in full confidence and show FPGA implementations of additively homomorphic, order-preserving, and post-quantum order-preserving encryption on constrained hardware platforms. We further evaluate the resources needed to implement the ciphertext decision tree and compare them with those of a plaintext decision tree. Confidential inference tests are run on the encrypted FPGA design using the MNIST data set.",

keywords = "Combinational Circuit, Finite-State Machine, FPGA Implementation, Homomorphic Encryption, Order-Preserving Encryption, Post-Quantum Cryptosystem, Sequential Circuit",

author = "Karn, \{Rupesh Raj\} and Mizan Gebremichael and Kashif Nawaz and Elfadel, \{Ibrahim M.\}",

note = "Publisher Copyright: {\textcopyright} IFIP International Federation for Information Processing 2024.; 31st IFIP WG 10.5/IEEE International Conference on Very Large Scale Integration - System on a Chip, VLSI-SoC 2023 ; Conference date: 16-10-2023 Through 18-10-2023",

year = "2024",

doi = "10.1007/978-3-031-70947-0\_14",

language = "British English",

isbn = "9783031709463",

series = "IFIP Advances in Information and Communication Technology",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "273--297",

editor = "Elfadel, \{Ibrahim (Abe) M.\} and Lutfi Albasha",

booktitle = "VLSI-SoC 2023",

address = "Germany",

}

Karn, RR, Gebremichael, M, Nawaz, K & Elfadel, IM 2024, Confidential Inference in Decision Trees. in IM Elfadel & L Albasha (eds), VLSI-SoC 2023: Innovations for Trustworthy Artificial Intelligence - 31st IFIP WG 10.5/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2023, Revised Extended Selected Papers. IFIP Advances in Information and Communication Technology, vol. 680 IFIPAICT, Springer Science and Business Media Deutschland GmbH, pp. 273-297, 31st IFIP WG 10.5/IEEE International Conference on Very Large Scale Integration - System on a Chip, VLSI-SoC 2023, Dubai, United Arab Emirates, 16/10/23. https://doi.org/10.1007/978-3-031-70947-0_14

Confidential Inference in Decision Trees. / Karn, Rupesh Raj; Gebremichael, Mizan; Nawaz, Kashif et al.
VLSI-SoC 2023: Innovations for Trustworthy Artificial Intelligence - 31st IFIP WG 10.5/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2023, Revised Extended Selected Papers. ed. / Ibrahim (Abe) M. Elfadel; Lutfi Albasha. Springer Science and Business Media Deutschland GmbH, 2024. p. 273-297 (IFIP Advances in Information and Communication Technology; Vol. 680 IFIPAICT).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Confidential Inference in Decision Trees

AU - Karn, Rupesh Raj

AU - Gebremichael, Mizan

AU - Nawaz, Kashif

AU - Elfadel, Ibrahim M.

N1 - Publisher Copyright: © IFIP International Federation for Information Processing 2024.

PY - 2024

Y1 - 2024

N2 - In confidential computing, arithmetic algorithms operate on encrypted inputs to produce encrypted outputs. Specifically, in confidential inference, Alice has the parameters of the machine-learning model but does not want to reveal them to Bob, who has the data. Bob wants to use Alice’s model for inference, but does not want to reveal his data. Alice and Bob agree to use confidential computing to run the inference engine without revealing either the model or the data. However, they find that fully homomorphic and order-preserving encryptions are very time-consuming and very challenging to accelerate on hardware. When the machine learning model is a decision tree, these encryptions can be made computationally efficient and can even be readily accelerated on hardware. In this paper, we reveal how Alice and Bob run the inference engine of a decision tree in full confidence and show FPGA implementations of additively homomorphic, order-preserving, and post-quantum order-preserving encryption on constrained hardware platforms. We further evaluate the resources needed to implement the ciphertext decision tree and compare them with those of a plaintext decision tree. Confidential inference tests are run on the encrypted FPGA design using the MNIST data set.

AB - In confidential computing, arithmetic algorithms operate on encrypted inputs to produce encrypted outputs. Specifically, in confidential inference, Alice has the parameters of the machine-learning model but does not want to reveal them to Bob, who has the data. Bob wants to use Alice’s model for inference, but does not want to reveal his data. Alice and Bob agree to use confidential computing to run the inference engine without revealing either the model or the data. However, they find that fully homomorphic and order-preserving encryptions are very time-consuming and very challenging to accelerate on hardware. When the machine learning model is a decision tree, these encryptions can be made computationally efficient and can even be readily accelerated on hardware. In this paper, we reveal how Alice and Bob run the inference engine of a decision tree in full confidence and show FPGA implementations of additively homomorphic, order-preserving, and post-quantum order-preserving encryption on constrained hardware platforms. We further evaluate the resources needed to implement the ciphertext decision tree and compare them with those of a plaintext decision tree. Confidential inference tests are run on the encrypted FPGA design using the MNIST data set.

KW - Combinational Circuit

KW - Finite-State Machine

KW - FPGA Implementation

KW - Homomorphic Encryption

KW - Order-Preserving Encryption

KW - Post-Quantum Cryptosystem

KW - Sequential Circuit

UR - https://www.scopus.com/pages/publications/85219187195

U2 - 10.1007/978-3-031-70947-0_14

DO - 10.1007/978-3-031-70947-0_14

M3 - Conference contribution

AN - SCOPUS:85219187195

SN - 9783031709463

T3 - IFIP Advances in Information and Communication Technology

SP - 273

EP - 297

BT - VLSI-SoC 2023

A2 - Elfadel, Ibrahim (Abe) M.

A2 - Albasha, Lutfi

PB - Springer Science and Business Media Deutschland GmbH

T2 - 31st IFIP WG 10.5/IEEE International Conference on Very Large Scale Integration - System on a Chip, VLSI-SoC 2023

Y2 - 16 October 2023 through 18 October 2023

ER -

Karn RR, Gebremichael M, Nawaz K, Elfadel IM. Confidential Inference in Decision Trees. In Elfadel IM, Albasha L, editors, VLSI-SoC 2023: Innovations for Trustworthy Artificial Intelligence - 31st IFIP WG 10.5/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2023, Revised Extended Selected Papers. Springer Science and Business Media Deutschland GmbH. 2024. p. 273-297. (IFIP Advances in Information and Communication Technology). doi: 10.1007/978-3-031-70947-0_14