1 4 : 3 5 P M 1 5 : 1 0 P M C r y p Te n : A M L f r a m e w o - - PowerPoint PPT Presentation

C r y p Te n : A M L f r a m e w o r k b a s e d o n s e c u r e c o m p u t i n g t e c h n i q u e s 1 4 : 3 5 P M — 1 5 : 1 0 P M

Shubho Sengupta Facebook

Why is CrypTen the way it is?

import crypten import torch crypten.init() # sets up # communication x = torch.tensor([1.0, 2.0, 3.0]) x_enc = crypten.cryptensor(x) # encrypts tensor x_dec = x_enc.get_plain_text() # decrypts tensor assert torch.all_close(x_dec, x) # this passes! y_enc = crypten.cryptensor([2.0, 3.0, 4.0]) xy_enc = x_enc + y_enc # adds encrypted # tensors xy_dec = xy_enc.get_plain_text() assert torch.all_close(xy_dec, x + y) # this passes!

Expose the Machine Learning Community to Secure Computing Techniques

ML Centric Interface

ML Centric Interface Explainable Performance

ML Centric Interface Explainable Performance Debuggability

ML Centric Interface Explainable Performance Debuggability Interoperability

ML Centric Interface Explainable Performance Debuggability Interoperability Honest but curious

What makes an ML framework?

What makes an ML framework? Tensor

What makes an ML framework? Tensor Operators

What makes an ML framework? Tensor Operators Computation graph

What makes an ML framework? Tensor Operators Computation graph Gradients

Mul

Mul

Mul

Mul BMul

Mul BMul AccumGrad AccumGrad

Mul BMul AccumGrad AccumGrad

CrypTensor

CrypTensor MPCTensor

CrypTensor MPCTensor ArithmeticShared Tensor

CrypTensor MPCTensor ArithmeticShared Tensor BinaryShared Tensor

CrypTensor MPCTensor ArithmeticShared Tensor BinaryShared Tensor LongTensor

CrypTensor MPCTensor ArithmeticShared Tensor BinaryShared Tensor LongTensor

CrypTensor MPCTensor ArithmeticShared Tensor BinaryShared Tensor LongTensor

PyTorch

CrypTensor MPCTensor ArithmeticShared Tensor BinaryShared Tensor LongTensor

PyTorch

Interface filters up

CrypTensor MPCTensor ArithmeticShared Tensor BinaryShared Tensor LongTensor

PyTorch

Interface filters up Performance is linked

CrypTensor MPCTensor ArithmeticShared Tensor BinaryShared Tensor LongTensor

PyTorch

Interface filters up Performance is linked Communication libraries

What operations do we need for Machine Learning training?

matmul(), conv2d() What operations do we need for Machine Learning training?

matmul(), conv2d() log(), exp() What operations do we need for Machine Learning training?

matmul(), conv2d() log(), exp() div() What operations do we need for Machine Learning training?

matmul(), conv2d() log(), exp() div() pow(), sqrt() What operations do we need for Machine Learning training?

matmul(), conv2d() log(), exp() div() pow(), sqrt() relu(), max(), argmax() What operations do we need for Machine Learning training?

CrypTensor MPCTensor ArithmeticShared Tensor BinaryShared Tensor LongTensor

PyTorch

CrypTensor

CrypTensor

CrypTensor AutogradCrypTensor

CrypTensor AutogradCrypTensor

Module

CrypTensor AutogradCrypTensor

Module

Compatibility

CrypTensor AutogradCrypTensor

Module

Compatibility Use pre-trained models

CrypTensor AutogradCrypTensor

Module

Compatibility Use pre-trained models Train models from scratch

AllReduce

AllReduce Open to all

AllReduce Reduce Open to all

AllReduce Reduce Open to all Open to one

AllReduce Reduce Broadcast Open to all Open to one

AllReduce Reduce Broadcast Open to all Open to one Trusted dealer to parties

PyTorch CrypTen

import torch x = torch.tensor([1.0, 2.0, 3.0]) y = torch.tensor([2.0, 3.0, 4.0]) xy = x + y

PyTorch CrypTen

import crypten crypten.init() # sets up # communication x_enc = crypten.cryptensor([1.0, 2.0, 3.0]) y_enc = crypten.cryptensor([2.0, 3.0, 4.0]) xy_enc = x_enc + y_enc import torch x = torch.tensor([1.0, 2.0, 3.0]) y = torch.tensor([2.0, 3.0, 4.0]) xy = x + y

PyTorch CrypTen

PyTorch CrypTen

pt = torch.tensor([1.0, 2.0, 3.0]) ct = AutogradCrypTensor(crypten.cryptensor(pt)) ct_loss = ct.cross_entropy() ct_loss.backward() pt = torch.tensor([1.0, 2.0, 3.0]) pt_loss = pt.cross_entropy() pt_loss.backward()

How do we work with real model and datasets?

import crypten import torchvision.datasets as datasets import torchvision.models as models crypten.init()

How do we work with real model and datasets?

import crypten import torchvision.datasets as datasets import torchvision.models as models crypten.init() # download and set up ImageNet dataset: transform = transforms.Compose([ transforms.Resize(256), transforms.CenterCrop(224), transforms.ToTensor(), transforms.Normalize(mean=[0.48, 0.45, 0.41], std=[0.23, 0.22, 0.23]), ]) dataset = datasets.ImageNet(imagenet_folder, transform=transform)

How do we work with real model and datasets?

import crypten import torchvision.datasets as datasets import torchvision.models as models crypten.init() # download and set up ImageNet dataset: transform = transforms.Compose([ transforms.Resize(256), transforms.CenterCrop(224), transforms.ToTensor(), transforms.Normalize(mean=[0.48, 0.45, 0.41], std=[0.23, 0.22, 0.23]), ]) dataset = datasets.ImageNet(imagenet_folder, transform=transform) # download pre-trained ResNet-18 model and encrypt it: model = models.resnet18(pretrained=True) encrypted_model = crypten.nn.from_pytorch(model, dataset[0])

How do we work with real model and datasets?

import crypten import torchvision.datasets as datasets import torchvision.models as models crypten.init() # download and set up ImageNet dataset: transform = transforms.Compose([ transforms.Resize(256), transforms.CenterCrop(224), transforms.ToTensor(), transforms.Normalize(mean=[0.48, 0.45, 0.41], std=[0.23, 0.22, 0.23]), ]) dataset = datasets.ImageNet(imagenet_folder, transform=transform) # download pre-trained ResNet-18 model and encrypt it: model = models.resnet18(pretrained=True) encrypted_model = crypten.nn.from_pytorch(model, dataset[0]) # do inference on encrypted images with encrypted model: encrypted_image = crypten.cryptensor(dataset[1]) encrypted_output = encrypted_model(encrypted_image)

How do we work with real model and datasets?

import crypten import torchvision.datasets as datasets import torchvision.models as models crypten.init() # download and set up ImageNet dataset: transform = transforms.Compose([ transforms.Resize(256), transforms.CenterCrop(224), transforms.ToTensor(), transforms.Normalize(mean=[0.48, 0.45, 0.41], std=[0.23, 0.22, 0.23]), ]) dataset = datasets.ImageNet(imagenet_folder, transform=transform) # download pre-trained ResNet-18 model and encrypt it: model = models.resnet18(pretrained=True) encrypted_model = crypten.nn.from_pytorch(model, dataset[0]) # do inference on encrypted images with encrypted model: encrypted_image = crypten.cryptensor(dataset[1]) encrypted_output = encrypted_model(encrypted_image)

• utput = encrypted_output.get_plain_text() # this works!

How do we work with real model and datasets?

Improving Performance

Improving Performance More Secure TTP

Improving Performance More Secure TTP Support for other techniques?

Improving Performance More Secure TTP Support for other techniques? Quantifying information leakage?

ILSVRC Challenge

ILSVRC Challenge

Train on a million images

ILSVRC Challenge

Train on a million images Classify with high accuracy

ILSVRC Challenge

Train on a million images Classify with high accuracy Done in minutes

ILSVRC Challenge

Train on a million images Classify with high accuracy Done in minutes

Question?

ILSVRC Challenge

Train on a million images Classify with high accuracy Done in minutes

Question?

Train on a million encrypted images

ILSVRC Challenge

Train on a million images Classify with high accuracy Done in minutes

Question?

Train on a million encrypted images Classify with high accuracy

ILSVRC Challenge

Train on a million images Classify with high accuracy Done in minutes

Question?

Train on a million encrypted images Classify with high accuracy Done in a week

CrypTen Team at Facebook

CrypTen Team at Facebook

Awni

CrypTen Team at Facebook

Awni Brian

CrypTen Team at Facebook

Awni Brian Laurens

CrypTen Team at Facebook

Awni Brian Laurens Mark

CrypTen Team at Facebook

Awni Brian Laurens Mark Shobha

CrypTen Team at Facebook

Awni Brian Laurens Mark Shobha Shubho

CrypTen Team at Facebook

Awni Brian Laurens Mark Shobha Shubho Vini

CrypTen Team at Facebook

Awni Brian Laurens Mark Shobha Shubho Vini Xing

T H A N K S