Get to Know Your Neighbors

Datasets are often siloed, as each of them needs to remain under the control of its data provider. Nevertheless, ML models have to be generated and run over these datasets. Over the last years, we have tackled this challenge in the framework of the Swiss Personalized Health Network . 

In this talk, we address the problem of privacy-preserving training and evaluation of neural networks in an N-party, federated learning setting. We propose a set of techniques that enable privacy-preserving neural network training. They rely on multiparty lattice-based cryptography to preserve the confidentiality of the training data, the model, and the evaluation data, under a passive-adversary model and collusions between up to N−1 parties. They make use of homomorphic encryption and secure multi-party computation. We also mention Lattigo, our quantum-resistant open-source cryptographic library on which these techniques are based. Our experimental results show that these techniques achieve accuracy similar to centralized (or decentralized) non-private approaches and that their computation and communication overhead scales linearly with the number of parties. 

Furthermore, we explain how we are using these techniques for the federated analysis of medical data, in particular for genome-wide association studies. We also describe MedCo, the system under deployment in Swiss hospitals and abroad.  Finally, we mention our joint work with lawyers to show GDPR compliance, and explain how our start-up Tune Insight leverages on these techniques. We have published our work notably in the following 2021 papers: Nature Communications, Nature Computational Science, NDSS, Usenix Security, Journal of Medical Internet Research, EuroCrypt, PETS and PETS.