Encrypted Deep Learning Techniques With PySyft

Sourav Kumar

Published in

Secure and Private AI Writing Challenge

6 min readAug 4, 2019

Okay before we move on , let’s set up our flow in which we will be going —

Brief introduction to modular arithmetic
Secret sharing technique
Encrypted deep learning with pysyft

Modular arithmetic — why is it important here ?

Let me ask you a simple question , suppose that a clock is showing time 2'O clock , and i ask what will be time after 15 hours , you might tell the correct answer as 5'O clock.

But ask a person who don’t know how to read a clock and he might answer 17'O clock , but hey 😕 we don’t have 17 in the clock !

So , have you observed that when you do add 15 + 2 you get 17 but the thing is that clocks work on mod 12 arithmetic also represented as “%”.

Remember classical arithmetic teaches us that if we add any number “a + b”
Then we would obtain a result which will be greater than the numbers themselves but it is not the case with modular arithmetic.

Let’s see this in the context of above example , when we take 17 % 12 or 17 mod 12 then we will obtain 5 which is also in the range under 12.

So , one of the key takeaways is that whenever we take mod of some number like mod m it is guaranteed that our result will not overflow this chosen number m and all the overflowed numbers will wrap around this range.

Modular arithmetic helps in many recent technological advancements like Blockchain technology , Cryptographic techniques , Privacy preserving Deep learning , Machine learning etc.

Secret sharing technique

Let’s see this in more pythonic way (you are going to learn fascinating things about how modular arithmetic helps in encrypting numbers allowing us to perform computations over them secretly 🤐):

We see that actually we add 5 and 3 instead of 15 and 13 , thus encrypting the actual numbers and similarly for subtraction.

So , let’s say we want to perform computations over some numbers but keeping them secret.
So , we take a number say 5 and then split this number using a simple formula shown below :

Field is basically limit size or range within with we wanna wrap our numbers to stop overflowing.
Generally , we prefer it to be very large prime number.

Now we have encrypted “x” here.

But wait , how to decrypt it ?

There’s a simple elegant way of doing this in modular arithmetic -

we sum up all the shares and take mod field to get our number back.

Encrypted deep learning with Pysyft

Now what does it has to do with Deep learning of models ?

So, the thing is that there are various security and privacy issues when we train the data , what if the server on which we upload our data to train sees our model parameters and use them for training their own model to outrun us in say any online competitions , or there are organisations which are hesitating to share their model to someone else just for inference but can do so if their privacy is totally ensured.

Thus , we need a way to encrypt both our data and model so that organisations can use other’s models to get their inference (predictions) because not everyone in the industry likes to create models 🙂

So, here comes a handy library “Pysyft” which helps to secure our data and models both , allowing us to perform encrypted computations like training and inference without ever disclosing anything about data and model using all the arithmetic and secret sharing that we earlier discussed under the hood.

Okay so first we need to import all our packages so that we can get started.

(assuming you have pysyft installed , if not head over to colab for now)

Now , we need to create hook for pytorch to link it with Pysyft to extend the functionalities of pytorch so that we can use it for pysyft methods.
Also , we create a few workers (named client, bob, and alice).
We define the crypto_provider who gives all the crypto primitives we may need.

Let’s now define the learning parameters for our training loop.

Okay , now the basic setup is done.

We need to first load the data so that we can train our model and get inference later on.

Here for simplicity , we choose MNIST dataset.

Now , for inference , we need to have testloader for testing dataset and also now we need to encrypt our data so that whoever gets the model for inference doesn’t see our dataset.

At this point of time , let’s look back and understand what’s happening.

The secret sharing that we discussed earlier is being used here to privately share the dataset across the workers we have created using pysyft’s inbuilt function “fix_prec()”.

Excerpt taken from openmined blog:

“ SMPC uses crypto protocols which require to work on integers. We leverage here the PySyft tensor abstraction to convert PyTorch Float tensors into Fixed Precision Tensors using .fix_prec(). For example 0.123 with precision 2 does a rounding at the 2nd decimal digit so the number stored is the integer 12.”

okay we will define our model and train it on the MNIST dataset.

Let’s start training with 10 epochs.

Now our model is trained 🎉

Now we need to use it for inference.

so , before that we need to secure our complete model.
You might think what all things are encrypted .

The model weights, the data inputs, the prediction and the target used for scoring are all encrypted!

Let’s perform our secure evaluation on test data:

The results time -

(I have used colab for running all of the above code:)

The output is long enough , so attaching only few parts , you can check whole code with output on the notebook link in the references section below:

We achieved good accuracy on test data while encrypting our model, data and predictions 🎉

Thus , we have seen how modular arithmetic helps in secret sharing , a technique which pysyft applies under the hood for performing end to end end encryptions and giving us simple convenient functions so that we can directly use those methods without understanding what’s going on under the hood (though till now , you might have a good understanding of what’s happening!) 👏

References :

👉 Code : https://colab.research.google.com/drive/16cf5yFsYDn8dCCwVbCIilB-Ha8e9Fspt

👉 Openmined blog :