Skip to main content
SpringerLink
Log in

Recognition Over Encrypted Faces

  • Conference paper
  • First Online:
Mobile, Secure, and Programmable Networking (MSPN 2018)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 11005))

Abstract

Neural Networks (NN) are today increasingly used in Machine Learning where they have become deeper and deeper to accurately model or classify high-level abstractions of data. Their development however also gives rise to important data privacy risks. This observation motives Microsoft researchers to propose a framework, called Cryptonets. The core idea is to combine simplifications of the NN with Fully Homomorphic Encryptions (FHE) techniques to get both confidentiality of the manipulated data and efficiency of the processing. While efficiency and accuracy are demonstrated when the number of non-linear layers is small (e.g. 2), Cryptonets unfortunately becomes ineffective for deeper NNs which let the privacy preserving problem open in these contexts. This work successfully addresses this problem by combining several new ideas including the use of the batch normalization principle and the splitting of the learning phase in several iterations. We experimentally validate the soundness of our approach with a neural network with 6 non-linear layers. When applied to the MNIST database, it competes with the accuracy of the best non-secure versions, thus significantly improving Cryptonets. Additionally, we applied our approach to secure a neural network used for face recognition. This problem is usually considered much harder than the MNIST hand-written digits recognition and can definitely not be addressed with a simple network like Cryptonets. By combining our new ideas with an iterative (learning) approach we experimentally show that we can build an FHE-friendly network achieving good accuracy for face recognition.

C. Morel and E. Prouff—This work has been done when the author was working at Safran Identity and Security (now Idemia).

A preliminary version of this work has been presented at Real World Crypto 2017.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    A classical simple example (e.g. detailed in [25, Chap. 1]) is the recognition of handwritten digits.

  2. 2.

    For comparison, the CNN used by Google in FaceNet [29] has around 140 millions parameters to train.

  3. 3.

    Note that this database and the private one have no identity in common.

References

  1. Barni, M., Orlandi, C., Piva, A.: A privacy-preserving protocol for neural-network-based computation. In: Proceedings of the 8th Workshop on Multimedia & Security, MM&Sec 2006, pp. 146–151 (2006)

    Google Scholar 

  2. Berg, T., Belhumeur, P.N.: Tom-vs-Pete classifiers and identity-preserving alignment for face verification. In: Bowden, R., Collomosse, J.P., Mikolajczyk, K., (eds.) British Machine Vision Conference. BMVC 2012, 3–7 September 2012, pp. 1–11. BMVA Press, Surrey (2012)

    Google Scholar 

  3. Bos, J.W., Lauter, K.E., Naehrig, M.: Private predictive analysis on encrypted medical data. J. Biomed. Inform. 50, 234–243 (2014)

    Article  Google Scholar 

  4. Bost, R., Popa, R.A., Tu, S., Goldwasser, S.: Machine learning classification over encrypted data. IACR Cryptology ePrint Archive, vol. 2014, p. 331 (2014)

    Google Scholar 

  5. Chen, H., Han, K., Huang, Z., Jalali, A., Laine, K.: Simple encrypted arithmetic library v2.3.0 (2017). https://www.microsoft.com/en-us/research/project/simple-encrypted-arithmetic-library/

  6. Damgård, I., Jurik, M.: A generalisation, a simplification and some applications of Paillier’s probabilistic public-key system. In: 4th International Workshop on Practice and Theory in Public Key Cryptography Public Key Cryptography. PKC 2001, pp. 119–136 (2001)

    Chapter  Google Scholar 

  7. Dowlin, N., Gilad-Bachrach, R., Laine, K., Lauter, K.E., Naehrig, M., Wernsing, J.: Manual for using homomorphic encryption for bioinformatics. Proc. IEEE 105(3), 552–567 (2017)

    Google Scholar 

  8. Fan, J., Vercauteren, F.: Somewhat practical fully homomorphic encryption. IACR Cryptology ePrint Archive, p. 144 (2012)

    Google Scholar 

  9. Gentry, C.: A fully homomorphic encryption scheme. Ph.D. thesis, Stanford University (2009). crypto.stanford.edu/craig

  10. Gilad-Bachrach, R., Dowlin, N., Laine, K., Lauter, K.E., Naehrig, M., Wernsing, J.: Cryptonets: applying neural networks to encrypted data with high throughput and accuracy. In: Proceedings of the 33nd International Conference on Machine Learning. ICML 2016, pp. 201–210 (2016)

    Google Scholar 

  11. Graepel, T., Lauter, K., Naehrig, M.: ML confidential: machine learning on encrypted data. In: Kwon, T., Lee, M.-K., Kwon, D. (eds.) ICISC 2012. LNCS, vol. 7839, pp. 1–21. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-37682-5_1

    Chapter  Google Scholar 

  12. Graves, A., Mohamed, A., Hinton, G.E.: Speech recognition with deep recurrent neural networks. In: IEEE International Conference on Acoustics, Speech and Signal Processing. ICASSP 2013, pp. 6645–6649 (2013)

    Google Scholar 

  13. Hastie, T., Tibshirani, R., Friedman, J.: The Elements of Statistical Learning. Springer Series in Statistics. Springer, New York (2001). https://doi.org/10.1007/978-0-387-21606-5

    Book  MATH  Google Scholar 

  14. Huang, G.B., Ramesh, M., Berg, T., Learned-Miller, E.: Labeled faces in the wild: a database for studying face recognition in unconstrained environments. Technical report 07-49, University of Massachusetts, Amherst, October 2007

    Google Scholar 

  15. Ioffe, S., Szegedy, C.: Batch normalization: accelerating deep network training by reducing internal covariate shift. In: Proceedings of the 32nd International Conference on Machine Learning. ICML 2015, pp. 448–456 (2015)

    Google Scholar 

  16. Jia, Y., et al.: Caffe: convolutional architecture for fast feature embedding. arXiv preprint arXiv:1408.5093 (2014)

  17. Juvekar, C., Vaikuntanathan, V., Chandrakasan, A.: Gazelle: a low latency framework for secure neural network inference. Cryptology ePrint Archive, Report 2018/073 (2018). https://eprint.iacr.org/2018/073

  18. Krizhevsky, A., Sutskever, I., Hinton, G.E.: Imagenet classification with deep convolutional neural networks. In: Advances in Neural Information Processing Systems 25: 26th Annual Conference on Neural Information Processing Systems 2012. Proceedings of a Meeting Held 3–6 December 2012, Lake Tahoe, Nevada, United States, pp. 1106–1114 (2012)

    Google Scholar 

  19. Learned-Miller, E., Huang, G.B., RoyChowdhury, A., Li, H., Hua, G.: Labeled faces in the wild: a survey. In: Kawulok, M., Celebi, M.E., Smolka, B. (eds.) Advances in Face Detection and Facial Image Analysis, pp. 189–248. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-25958-1_8

    Chapter  Google Scholar 

  20. LeCun, Y., Haffner, P., Bottou, L., Bengio, Y.: Object recognition with gradient-based learning. Shape, Contour and Grouping in Computer Vision. LNCS, vol. 1681, pp. 319–345. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-46805-6_19

    Chapter  Google Scholar 

  21. LeCun, Y., Cortes, C.: MNIST handwritten digit database (2010). http://yann.lecun.com/exdb/mnist/

  22. Liu, J., Juuti, M., Lu, Y., Asokan, N.: Oblivious neural network predictions via MiniONN transformations. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. CCS 2017, pp. 619–631. ACM, New York (2017)

    Google Scholar 

  23. Mohassel, P., Zhang, Y.: SecureML: a system for scalable privacy-preserving machine learning. In: 2017 IEEE Symposium on Security and Privacy. SP 2017, pp. 19–38. IEEE Computer Society (2017)

    Google Scholar 

  24. Naor, M., Pinkas, B.: Oblivious transfer and polynomial evaluation. In: Proceedings of the Thirty-First Annual ACM Symposium on Theory of Computing, 1–4 May 1999, Atlanta, Georgia, USA, pp. 245–254 (1999)

    Google Scholar 

  25. Nielsen, M.A.: Neural Networks and Deep Learning. Determination Press (2015)

    Google Scholar 

  26. Nikolaenko, V., Weinsberg, U., Ioannidis, S., Joye, M., Boneh, D., Taft, N.: Privacy-preserving ridge regression on hundreds of millions of records. In: 2013 IEEE Symposium on Security and Privacy. SP 2013, 19–22 May 2013, Berkeley, CA, USA, pp. 334–348 (2013)

    Google Scholar 

  27. Orlandi, C., Piva, A., Barni, M.: Oblivious neural network computing via homomorphic encryption. EURASIP J. Inf. Secur. 2007, 037343 (2007)

    Article  Google Scholar 

  28. Riazi, M.S., Weinert, C., Tkachenko, O., Songhori, E.M., Schneider, T., Koushanfar, F.: Chameleon: a hybrid secure computation framework for machine learning applications. IACR Cryptology ePrint Archive, vol. 2017, p. 1164 (2017)

    Google Scholar 

  29. Schroff, F., Kalenichenko, D., Philbin, J.: FaceNet: a unified embedding for face recognition and clustering. In: IEEE Conference on Computer Vision and Pattern Recognition. CVPR 2015, pp. 815–823 (2015)

    Google Scholar 

  30. Wu, D., Haven, J.: Using homomorphic encryption for large scale statistical analysis. Technical report, Stanford University (2012). http://cs.stanford.edu/people/dwu4/FHE-SI Report.pdf

  31. Xie, P., Bilenko, M., Finley, T., Gilad-Bachrach, R., Lauter, K.E., Naehrig, M.: Crypto-Nets: neural networks over encrypted data. CoRR, abs/1412.6181 (2014)

    Google Scholar 

  32. Yao, A.C.: Protocols for secure computations (extended abstract). In: 23rd Annual Symposium on Foundations of Computer Science, 3–5 November 1982, Chicago, Illinois, USA, pp. 160–164 (1982)

    Google Scholar 

  33. Yuan, J., Yu, S.: Privacy preserving back-propagation neural network learning made practical with cloud computing. IEEE Trans. Parallel Distrib. Syst. 25(1), 212–221 (2014)

    Article  Google Scholar 

  34. Zhang, Q., Yang, L.T., Chen, Z.: Privacy preserving deep computation model on cloud for big data feature learning. IEEE Trans. Comput. 65(5), 1351–1362 (2016)

    Article  MathSciNet  Google Scholar 

Download references

Acknowledgment

This work was partly supported by the TREDISEC project (G.A. no 644412), funded by the European Union (EU) under the Information and Communication Technologies (ICT) theme of the Horizon 2020 (H2020) research and innovation programme. This work has also been supported in part by the CRYPTOCOMP french FUI17 project.

Author information

Authors and Affiliations

  1. Idemia, Paris, France

    Hervé Chabanne, Roch Lescuyer, Jonathan Milgram & Constance Morel

  2. Télécom Paristech, Paris, France

    Hervé Chabanne

  3. ANSSI, Paris, France

    Emmanuel Prouff

Authors
  1. Hervé Chabanne
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Roch Lescuyer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jonathan Milgram
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Constance Morel
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Emmanuel Prouff
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hervé Chabanne .

Editor information

Editors and Affiliations

  1. Télécom SudParis, Évry, France

    Éric Renault

  2. Conservatoire National des Arts et Métiers, Paris, France

    Selma Boumerdassi

  3. Conservatoire National des Arts et Métiers, Paris, France

    Samia Bouzefrane

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chabanne, H., Lescuyer, R., Milgram, J., Morel, C., Prouff, E. (2019). Recognition Over Encrypted Faces. In: Renault, É., Boumerdassi, S., Bouzefrane, S. (eds) Mobile, Secure, and Programmable Networking. MSPN 2018. Lecture Notes in Computer Science(), vol 11005. Springer, Cham. https://doi.org/10.1007/978-3-030-03101-5_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-03101-5_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-03100-8

  • Online ISBN: 978-3-030-03101-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation