Secure Computation Research Articles

Privacy-Preserving Techniques in Generative AI and Large Language Models: A Narrative Review

Generative AI, including large language models (LLMs), has transformed the paradigm of data generation and creative content, but this progress raises critical privacy concerns, especially when models are trained on sensitive data. This review provides a comprehensive overview of privacy-preserving techniques aimed at safeguarding data privacy in generative AI, such as differential privacy (DP), federated learning (FL), homomorphic encryption (HE), and secure multi-party computation (SMPC). These techniques mitigate risks like model inversion, data leakage, and membership inference attacks, which are particularly relevant to LLMs. Additionally, the review explores emerging solutions, including privacy-enhancing technologies and post-quantum cryptography, as future directions for enhancing privacy in generative AI systems. Recognizing that achieving absolute privacy is mathematically impossible, the review emphasizes the necessity of aligning technical safeguards with legal and regulatory frameworks to ensure compliance with data protection laws. By discussing the ethical and legal implications of privacy risks in generative AI, the review underscores the need for a balanced approach that considers performance, scalability, and privacy preservation. The findings highlight the need for ongoing research and innovation to develop privacy-preserving techniques that keep pace with the scaling of generative AI, especially in large language models, while adhering to regulatory and ethical standards.

Confidential Computing or Cryptographic Computing?

Trade-offs between secure computation via cryptography and hardware enclaves.

Improving the CSIDH Protocol for Multi-party Cryptography: Rigorous Mathematical Analysis, Efficiency, and Security Comparison

This paper introduces a novel Distributed Key Generation (DKG) protocol based on the Commutative Supersingular Isogeny Diffie-Hellman (CSIDH) framework for secure multi-party cryptography. Our proposed protocol is designed to address scalability and security concerns, particularly in post-quantum cryptographic systems. The main contributions include the introduction of Piecewise Verifiable Proofs (PVPs) for non-interactive zero-knowledge verification of secret shares, and the provision of rigorous security analysis, including resistance to quantum adversaries via Shor’s and Grover’s algorithms. We analyze the protocol’s efficiency, ensuring low computational overhead even in large-scale systems, and compare it with other distributed cryptographic protocols such as RSA-based and lattice-based schemes. Through mathematical proofs and complexity analysis, we demonstrate that our protocol offers enhanced security, efficiency, and scalability in a post-quantum environment. The results presented in this paper provide a strong foundation for implementing secure multi-party computations in quantum-resistant systems.

Protecting Distributed Primitives Against Leakage: Equivocal Secret Sharing and more

Leakage-resilient cryptography aims to protect cryptographic primitives from so-called “side channel attacks” that exploit their physical implementation to learn their input or secret state. Starting from the works of Ishai, Sahai and Wagner (CRYPTO‘03) and Micali and Reyzin (TCC‘04), most works on leakage-resilient cryptography either focus on protecting general computations, such as circuits or multiparty computation protocols, or on specific non-interactive primitives such as storage, encryption, and signatures. This work focuses on leakage resilience for the middle ground, namely for distributed and interactive cryptographic primitives. Our main technical contribution is designing the first secret sharing scheme that is equivocal, resists adaptive probing of a constant fraction of bits from each share, while incurs only a constant blowup in share size. Equivocation is a strong leakage-resilience guarantee, recently introduced by Hazay et al. (ITC, 2021). Our construction is obtained via a general compiler which we introduce, that transforms any secret sharing scheme into an equivocal scheme against adaptive leakage. An attractive feature of our compiler is that it respects additive reconstruction; namely, if the original scheme has additive reconstruction, then the transformed scheme has linear reconstruction. We extend our compiler to a general paradigm for protecting distributed primitives against leakage and show its applicability to various primitives, including secret sharing, verifiable secret sharing, function secret sharing, distributed encryption and signatures, and distributed zero-knowledge proofs. For each of these primitives, our paradigm transforms any construction of the primitive into a scheme that resists adaptive party corruptions, as well as adaptive probing leakage of a constant fraction of bits in each share when the share is stored in memory (but not when it is used in computations). Moreover, the transformation incurs only a constant blowup in the share size and respects additive reconstruction—an important feature for several of these primitives, such as function secret sharing and distributed encryption.

Calculation and Comparative Analysis of Common Fault Scores for Secure Computers Based on Embedded Neural Networks

With the rapid development of computer networks and information technology, government departments, financial institutions, and enterprises are increasingly dependent on software, and software security issues have become a focus of attention. In this context, how to effectively evaluate the security of software has become an important issue for research institutions both domestically and internationally. On the basis of exploring software definition, this paper not only analyzes the security and potential threats of software in computer networks, but also introduces Embedded Neural Networks (ENNs) as an evaluation tool, and combines Fuzzy Analytic Hierarchy Process (FAHP) to deeply explore a new method for software security risk assessment. By utilizing the powerful pattern recognition capability of ENNs, software logs, system call sequences, and other data can be classified and analyzed to distinguish between normal and abnormal behavior. This ability is crucial for identifying security incidents such as malicious software and unauthorized access. ENNs are designed with resource constraints in mind, which can reduce energy consumption while ensuring performance. For software systems that require long-term operation, this means higher security and stability. Practice has proven that combining ENNs with FAHP can more scientifically and effectively evaluate software security. This method not only improves the accuracy and efficiency of evaluation, but also provides a more solid theoretical foundation and technical support for software security protection.

Enhanced Data Security Using 5x5 Hill Cipher with Modular 53

This research presents an optimized approach to the Hill Cipher encryption and decryption algorithm using a 5x5 matrix and modular 53 arithmetic. The traditional Hill Cipher, a well-known symmetric key algorithm, typically utilizes smaller matrices and modular arithmetic, which may not provide sufficient security for contemporary applications. By expanding the key matrix to a 5x5 structure and adopting a larger modulus of 53, the complexity and security of the cipher are significantly enhanced. The study details the methodology for constructing and implementing the 5x5 key matrix, as well as the processes for encryption and decryption under the modular 53 system. The computational efficiency and security improvements achieved through this optimization are analyzed. Comparative assessments with the conventional Hill Cipher demonstrate that the enhanced approach offers superior resistance against cryptographic attacks while maintaining manageable computational requirements. The results of this research indicate that the proposed optimized Hill Cipher can serve as a robust encryption method suitable for securing sensitive data in various modern applications. This study contributes to the field of cryptography by providing a more secure and efficient variant of the classical Hill Cipher algorithm

Integrating AI and statistical methods for enhancing civil structural practices: current trends, practical issues, and future direction

The integration of artificial intelligence (AI) and statistical methods has revolutionized civil engineering by enhancing accuracy, efficiency, and reliability in various processes. This review systematically examines how advanced optimization techniques, including artificial neural networks (ANNs), Design of Experiments (DOE), and fuzzy logic (FL), are transforming civil engineering practices. It emphasizes the significant roles these methods play in addressing modern challenges such as structural health monitoring, damage detection, seismic design optimization, and concrete condition assessment. The review delves into case studies and real-world applications, showcasing the potential of these methods to create more resilient, sustainable, and cost-effective infrastructures. It critically examines the limitations and scalability of these techniques, identifying gaps in current research and practical challenges in real-world applications. The investigation also highlights the need for substantial computational resources, data privacy, security, and software interoperability. By addressing these issues, the review not only shows advancements in optimization techniques but also outlines future research directions, aiming to bridge the gap between theoretical developments and practical applications in civil engineering. This review serves as an essential resource for researchers, professionals, and policymakers interested in leveraging optimization techniques to advance civil engineering practices.

Communication Complexity of Entanglement-Assisted Multi-Party Computation

We consider a quantum and a classical version of a multi-party function computation problem with n players, where players 2,…,n need to communicate appropriate information to player 1 so that a “generalized” inner product function with an appropriate promise can be calculated. In the quantum version of the protocol, the players have access to entangled qudits but the communication is still classical. The communication complexity of a given protocol is the total number of classical bits that need to be communicated. When n is prime, and for our chosen function, we exhibit a quantum protocol (with complexity (n−1)(logn) bits) and a classical protocol (with complexity ((n−1)2(logn2) bits)). Furthermore, we present an integer linear programming formulation for determining a lower bound on the classical communication complexity. This demonstrates that our quantum protocol is strictly better than classical protocols.

Quantum Universally Composable Oblivious Linear Evaluation

Oblivious linear evaluation is a generalization of oblivious transfer, whereby two distrustful parties obliviously compute a linear function, f(x)=ax+b, i.e., each one provides their inputs that remain unknown to the other, in order to compute the output f(x) that only one of them receives. From both a structural and a security point of view, oblivious linear evaluation is fundamental for arithmetic-based secure multi-party computation protocols. In the classical case, oblivious linear evaluation protocols can be generated using oblivious transfer, and their quantum counterparts can, in principle, be constructed as straightforward extensions using quantum oblivious transfer. Here, we present the first, to the best of our knowledge, quantum protocol for oblivious linear evaluation that, furthermore, does not rely on quantum oblivious transfer. We start by presenting a semi-honest protocol, and then extend it to the dishonest setting employing a commit−and−open strategy. Our protocol uses high-dimensional quantum states to obliviously compute f(x) on Galois Fields of prime and prime-power dimension. These constructions utilize the existence of a complete set of mutually unbiased bases in prime-power dimension Hilbert spaces and their linear behaviour upon the Heisenberg-Weyl operators. We also generalize our protocol to achieve vector oblivious linear evaluation, where several instances of oblivious linear evaluation are generated, thus making the protocol more efficient. We prove the protocols to have static security in the framework of quantum universal composability.

Enhancing data privacy in federated learning using artificial intelligence

Federated Learning (FL) is a decentralised approach to machine learning that enables model training on local devices without the need to share raw data. While FL inherently provides some level of privacy, significant challenges remain in fully protecting sensitive information. This article explores advanced artificial intelligence (AI) techniques for improving privacy in federated learning. I propose novel methods that include differential privacy, homomorphic encryption, and secure multiparty computation, enhanced by AI-driven optimizations. My empirical studies and theoretical analyses demonstrate the effectiveness and efficiency of these techniques in maintaining data protection.

Privacy-friendly evaluation of patient data with secure multiparty computation in a European pilot study

In multicentric studies, data sharing between institutions might negatively impact patient privacy or data security. An alternative is federated analysis by secure multiparty computation. This pilot study demonstrates an architecture and implementation addressing both technical challenges and legal difficulties in the particularly demanding setting of clinical research on cancer patients within the strict European regulation on patient privacy and data protection: 24 patients from LMU University Hospital in Munich, Germany, and 24 patients from Policlinico Universitario Fondazione Agostino Gemelli, Rome, Italy, were treated for adrenal gland metastasis with typically 40 Gy in 3 or 5 fractions of online-adaptive radiotherapy guided by real-time MR. High local control (21% complete remission, 27% partial remission, 40% stable disease) and low toxicity (73% reporting no toxicity) were observed. Median overall survival was 19 months. Federated analysis was found to improve clinical science through privacy-friendly evaluation of patient data in the European health data space.

Federated learning-based natural language processing: a systematic literature review

Federated learning (FL) is a decentralized machine learning (ML) framework that allows models to be trained without sharing the participants’ local data. FL thus preserves privacy better than centralized machine learning. Since textual data (such as clinical records, posts in social networks, or search queries) often contain personal information, many natural language processing (NLP) tasks dealing with such data have shifted from the centralized to the FL setting. However, FL is not free from issues, including convergence and security vulnerabilities (due to unreliable or poisoned data introduced into the model), communication and computation bottlenecks, and even privacy attacks orchestrated by honest-but-curious servers. In this paper, we present a systematic literature review (SLR) of NLP applications in FL with a special focus on FL issues and the solutions proposed so far. Our review surveys 36 recent papers published in relevant venues, which are systematically analyzed and compared from multiple perspectives. As a result of the survey, we also identify the most outstanding challenges in the area.

On-device Training: A First Overview on Existing Systems

The recent breakthroughs in machine learning (ML) and deep learning (DL) have catalyzed the design and development of various intelligent systems over wide application domains. While most existing machine learning models require large memory and computing power, efforts have been made to deploy some models on resource-constrained devices as well. A majority of the early application systems focused on exploiting the inference capabilities of ML and DL models, where data captured from different mobile and embedded sensing components are processed through these models for application goals such as classification and segmentation. More recently, the concept of exploiting the mobile and embedded computing resources for ML/DL model training has gained attention, as such capabilities allow (i) the training of models via local data without the need to share data over wireless links, thus enabling privacy-preserving computation by design, (ii) model personalization and environment adaptation, and (iii) deployment of accurate models in remote and hardly accessible locations without stable internet connectivity. This work summarizes and analyzes state-of-the-art systems research that allows such on-device model training capabilities and provides a survey of on-device training from a systems perspective.

Matching radar signals and fingerprints with MPC

Vessels can be recognised by their navigation radar due to the characteristics of the emitted radar signal. This is particularly useful if one wants to build situational awareness without revealing one's own presence. Most countries maintain databases of radar fingerprints but will not readily share these due to national security regulations. Sharing of such information will generally require some form of information exchange agreement. However, all parties in a coalition benefit from correct identification. We use secure multiparty computation to match a radar signal measurement against secret databases and output plausible matches with their likelihoods. We also provide a demonstrator using MP-SPDZ.

Amortizing Circuit-PSI in the Multiple Sender/Receiver Setting

Private set intersection (PSI) is a cryptographic functionality for two parties to learn the intersection of their input sets, without leaking any other information. Circuit-PSI is a stronger PSI functionality where the parties learn only a secret-shared form of the desired intersection, thus without revealing the intersection directly. These secret shares can subsequently serve as input to a secure multiparty computation of any function on this intersection. In this paper we consider several settings in which parties take part in multiple Circuit-PSI executions with the same input set, and aim to amortize communications and computations. To that end, we build up a new framework for Circuit-PSI around generalizations of oblivious (programmable) PRFs that are extended with offline setup phases. We present several efficient instantiations of this framework with new security proofs for this setting. As a side result, we obtain a slight improvement in communication and computation complexity over the state-of-the-art semi-honest Circuit-PSI protocol by Bienstock et al. (USENIX '23). Additionally, we present a novel Circuit-PSI protocol from a PRF with secret-shared outputs, which has linear communication and computation complexity in the parties' input set sizes, and is able to realize a stronger security notion. Lastly, we derive the potential amortizations over multiple protocol executions, and observe that each of the presented instantiations is favorable in at least one of the multiple-execution settings.

The Multiple Millionaires' Problem: New Algorithmic Approaches and Protocols

We study a fundamental problem in Multi-Party Computation, which we call the Multiple Millionaires Problem (MMP). Given a set of private integer inputs, the problem is to identify the subset of inputs that equal the maximum (or minimum) of that set, without revealing any further information on the inputs beyond what is implied by the desired output. Such a problem is a natural extension of the Millionaires Problem, which is the very first Multi-Party Computation problem that was presented in Andrew Yaos seminal work (FOCS 1982). A closely related problem is MaxP, in which the value of the maximum is sought. We study these fundamental problems and describe several algorithmic approaches and protocols for their solution. In addition, we compare the performance of the protocols under several selected settings. As applications of privacy-preserving computation are more and more commonly implemented in industrial systems, MMP and MaxP become important building blocks in privacy-preserving statistics, machine learning, auctions and other domains. One of the prominent advantages of the protocols that we present here is their simplicity. As they solve fundamental problems that are essential building blocks in various application scenarios, we believe that the presented solutions to those problems, and the comparison between them, will serve well future researchers and practitioners of secure distributed computing.

Toward A Practical Multi-party Private Set Union

This paper studies a multi-party private set union (mPSU), a fundamental cryptographic problem that allows multiple parties to compute the union of their respective datasets without revealing any additional information. We propose an efficient mPSU protocol which is secure in the presence of any number of colluding semi-honest participants. Our protocol avoids computationally expensive homomorphic operations or generic multi-party computation, thus providing an efficient solution for mPSU. The crux of our protocol lies in the utilization of new cryptographic tool, namely, Membership Oblivious Transfer (mOT). We believe that the mOT may be of independent interest. We implement our mPSU protocol and evaluate its performance. Our protocol shows an improvement of up to $80.84 times$ in terms of running time and $405.73 times$ bandwidth cost compared to the existing state-of-the-art protocols.

Practical and Robust Federated Learning With Highly Scalable Regression Training.

Privacy-preserving federated learning, as one of the privacy-preserving computation techniques, is a promising distributed and privacy-preserving machine learning (ML) approach for Internet of Medical Things (IoMT), due to its ability to train a regression model without collecting raw data of data owners (DOs). However, traditional interactive federated regression training (IFRT) schemes rely on multiple rounds of communication to train a global model and are still under various privacy and security threats. To overcome these problems, several noninteractive federated regression training (NFRT) schemes have been proposed and applied in a variety of scenarios. However, there are still several challenges: 1) how to protect the privacy of DOs' local dataset; 2) how to realize highly scalable regression training without linear dependence on sample dimension; 3) how to tolerate DOs' dropout; and 4) how to enable DOs to verify the correctness of aggregated results returned from the cloud service provider (CSP). In this article, we propose two practical noninteractive federated learning schemes with privacy-preserving for IoMT, named homomorphic encryption based NFRT (HE-NFRT) and double-masking protocol based NFRT (Mask-NFRT), respectively, which are based on a comprehensive consideration of NFRT, privacy concerns, high-efficiency, robustness, and verification mechanism. The security analyses display that our proposed schemes are able to protect the privacy of DOs' local training data, resist collusion attack, and support strong verification to each DO. The performance evaluation results demonstrate that our proposed HE-NFRT scheme is desirable for a high-dimensional and high-security IoMT application while Mask-NFRT scheme is desirable for a high-dimensional and large-scale IoMT application.

Privacy-preserving data analysis

With the ever-increasing volume of data being generated and shared across various platforms, the challenge of maintaining privacy while extracting value from this data has become paramount. This paper delves into the realm of Privacy-Preserving Data Analysis (PPDA), examining its current landscape and the pivotal techniques shaping it. Using datasets from diverse domains, we evaluated four leading PPDA techniques—Differential Privacy, Homomorphic Encryption, Secure Multi-Party Computation (SMPC), and Data Obfuscation—to discern their efficacy and trade-offs in terms of data utility and privacy breach risk. Our findings underscore the strengths and constraints of each method, guiding researchers and practitioners in choosing the optimal approach for specific scenarios. As data continues to be an invaluable asset in the digital age, the tools and techniques to analyze it privately will play a critical role in shaping future data-driven decision-making processes.

Privacy-Preserving Electric Vehicle Charging Recommendation by Incorporating Full Homomorphic Encryption and Secure Multi-Party Computing

Electric vehicle (EV) charging recommendation can significantly improve global planning performance, corresponding to an increasing risk of privacy leakage. Based on this, this paper investigates the privacy data preservation strategy during the interaction between EVs and charging facilities. It proposes a privacy preservation strategy that aims to ensure EV information security. In a cloud computing environment, users do not want other users and cloud providers to have access to their personal information, which is precisely the problem that secure multi-party computing (SMPC) can solve. At present, full homomorphic encryption (FHE) can solve the problem of user data privacy preservation in cloud computing and big data environments and can realize the whole encryption process. Therefore, a more reasonable charging station selection scheme is provided under the computation of privacy preservation strategies incorporating the FHE-SMPC method. The effectiveness and implementation feasibility of the designed privacy preservation strategy in practical applications is verified through testing and comparative analysis. The results show that the developed strategy can significantly reduce the risk of privacy leakage with limited communication resources and computation time consumption. The results provide new perspectives and methodologies for interactive privacy preservation between EVs and charging stations, with application potential.