Periodic Reporting for period 2 - HARPOCRATES (Federated Data Sharing and Analysis for Social Utility)
Periodo di rendicontazione: 2024-04-01 al 2025-09-30
Availability of large volumes of data combined with tailored data analysis present a unique opportunity for organizations to adapt and finetune their services according to individual needs. Having shown remarkable results in analyzing data, Machine Learning (ML) models attracted global interest and are applied in a wide range of application areas including medical diagnostics, pattern recognition, and threat intelligence. However, it might come with privacy losses. Furthermore, practice showed that systems using ML models incorporate proxies that are often inexact, biased and unfair. To address these challenges HARPOCRATES focused on setting the foundations of digitally blind analysis and evaluation systems that by design eliminate proxies such as geography, gender, race, and others and eventually have a tangible impact on building fairer, democratic and unbiased societies. To do so, HARPOCRATES designed several cryptographic schemes: Functional Encryption (FE) and Hybrid Homomorphic Encryption (HHE) for analyzing data in a privacy-preserving way using Machine Learning (ML). Besides processing data in a privacy-preserving way, HARPOCRATES outputs also enabled a richer, more balanced and comprehensive approach where data analytics and cryptography go hand in hand with a shift towards increased privacy and security. HARPOCRATES first, showed how to effectively combine cryptography with Differential Privacy (DP) to secure and privatise databases. Second, the project built Privacy Preserving Machine Learning (PPML) models that are able to classify encrypted data performing high accuracy predictions directly on ciphertexts across federated data spaces. Finally, HARPOCRATES demonstrated how these solutions respond to users’ needs implementing two real-world cross-border data sharing scenarios related to health data analysis for sleep medicine (Sleep Medicine demonstrator) and threat identification for local authorities (Threat Intelligence demonstrator).
HARPOCRATES addressed the following objectives:
Objective 1. Designing efficient function-hiding FE schemes
Objective 2. Combining FE and DP for private encrypted databases
Objective 3. Designing a practical multi-client HHE scheme
Objective 4. Building a PPML framework by combining FE and HHE
Objective 5. Creating Byzantine-robust FL scheme with data privacy guarantees
Objective 6. Real-world case studies and contribution to Open Science and Reproducible Research
Objective 7. Contributing to Scalable Automated GDPR Compliance.
HARPOCRATES addressed the following objectives:
Objective 1. Designing efficient function-hiding FE schemes
Objective 2. Combining FE and DP for private encrypted databases
Objective 3. Designing a practical multi-client HHE scheme
Objective 4. Building a PPML framework by combining FE and HHE
Objective 5. Creating Byzantine-robust FL scheme with data privacy guarantees
Objective 6. Real-world case studies and contribution to Open Science and Reproducible Research
Objective 7. Contributing to Scalable Automated GDPR Compliance.
HARPOCRATES made significant advances towards all of its scientific objectives.
Objective 1. Designing efficient function-hiding FE schemes
The project defined a novel formal threat model applicable to any FE scheme. It identified information that may leak during the run of FE schemas and quantified this leakage in FE schemes. HARPOCRATES designed three multi-client FE schemes including a lightweight multi-client FE scheme based on elliptic curves, a verifiable multi-client FE scheme tailored for inner products providing users and key curators with enhanced management of ciphertexts accessible by analysts. The project also defined a new scheme agnostic function-hiding framework that combines FE and HHE.
Objective 2. Combining FE and DP for private encrypted databases
The project described the criteria and methods for noise and randomness generation across different schemes. It combined DP with FE focusing on the utilisation of specific noise generation functions applicable in FE constructions to provide an even stronger privacy guarantee to users.
Objective 3. Designing a practical multi-client HHE scheme
The project analyzed several HE and HHE schemes in Multi-Party Computation (MPC) environments. This investigation identified Split Learning (SL) privacy concerns in MPC environments because clients might leak information. To address these concerns the project developed hybrid schemes combining SL, HHE and MPC to enable secure model training and data analysis.
Objective 4. Building a PPML framework by combining FE and HHE
The project designed several Privacy Preserving Machine Learning (PPML) protocols to support classification of encrypted data, such as images, videos, etc. It elaborated a hybrid FE-(H)HE transciphering construction to allow switching between a FE encrypted cipher to a (H)HE while providing function-hiding to the underlying FE scheme. It implemented a framework that supports combining FE and HHE.
Objective 5. Creating Byzantine-robust FL scheme with data privacy guarantees
The project evaluated existing secure aggregation schemes for Federated Learning (FL) parameter updates. Based on this it developed a novel MPC scheme to create a Privacy-Preserving Byzantine-robust Federated Learning service to offer global data privacy.
Objective 6. Designing and implementing real-world case studies
The project created two demonstrators: Sleep Medicine and Threat Intelligence demonstrator. Using privacy preserving components of the HARPOCRATES Toolbox they can analyze encrypted sleep records and computer system data using ML models.
Objective 1. Designing efficient function-hiding FE schemes
The project defined a novel formal threat model applicable to any FE scheme. It identified information that may leak during the run of FE schemas and quantified this leakage in FE schemes. HARPOCRATES designed three multi-client FE schemes including a lightweight multi-client FE scheme based on elliptic curves, a verifiable multi-client FE scheme tailored for inner products providing users and key curators with enhanced management of ciphertexts accessible by analysts. The project also defined a new scheme agnostic function-hiding framework that combines FE and HHE.
Objective 2. Combining FE and DP for private encrypted databases
The project described the criteria and methods for noise and randomness generation across different schemes. It combined DP with FE focusing on the utilisation of specific noise generation functions applicable in FE constructions to provide an even stronger privacy guarantee to users.
Objective 3. Designing a practical multi-client HHE scheme
The project analyzed several HE and HHE schemes in Multi-Party Computation (MPC) environments. This investigation identified Split Learning (SL) privacy concerns in MPC environments because clients might leak information. To address these concerns the project developed hybrid schemes combining SL, HHE and MPC to enable secure model training and data analysis.
Objective 4. Building a PPML framework by combining FE and HHE
The project designed several Privacy Preserving Machine Learning (PPML) protocols to support classification of encrypted data, such as images, videos, etc. It elaborated a hybrid FE-(H)HE transciphering construction to allow switching between a FE encrypted cipher to a (H)HE while providing function-hiding to the underlying FE scheme. It implemented a framework that supports combining FE and HHE.
Objective 5. Creating Byzantine-robust FL scheme with data privacy guarantees
The project evaluated existing secure aggregation schemes for Federated Learning (FL) parameter updates. Based on this it developed a novel MPC scheme to create a Privacy-Preserving Byzantine-robust Federated Learning service to offer global data privacy.
Objective 6. Designing and implementing real-world case studies
The project created two demonstrators: Sleep Medicine and Threat Intelligence demonstrator. Using privacy preserving components of the HARPOCRATES Toolbox they can analyze encrypted sleep records and computer system data using ML models.
Functional Encryption with Function Hiding.
The project designed the first FE scheme based on Elliptic Curve Cryptography (ECC). Its efficiency demonstrated through performance evaluation on two commercially available resource-constrained devices. It also implemented a novel verifiable multi-client FE scheme. The project proposed a blockchain-based payment protocol between curators and analysts, facilitating the exchange of functional output for an appropriate amount. This payment protocol ensures fairness and atomicity of payments without relying on trust in the curator or other third parties.
Multi-client Hybrid Homomorphic Encryption scheme.
The project developed new hybrid MPC schemes that uses Split Learning (SL), a distributed Machine Learning approach. It allows clients to compute part of the model locally before outsourcing the remaining parts to a Cloud Service Provider.
Privacy Preserving Machine Learning combined with Functional Encryption and Hybrid Homomorphic Encryption
The project designed several (PPML protocols to support classification of encrypted data, such as images, videos, etc. It implemented a hybrid FE-(H)HE transciphering construction to allow switching between a FE encrypted cipher to a (H)HE one while providing function-hiding to the underlying FE scheme.
Byzantine-robust Federated Learning scheme.
HARPOCRATES elaborated a new weight tuning mechanism, which has been integrated in a FL set-up to enhance aggregation robustness by assigning adaptive trust weights to mitigate the impact of malicious model updates. This weight tuner outperforms leading approaches such as, Krum, Trimmed Mean, and Median.
HARPOCRATES Confidential Computing Framework and Toolbox
The main exploitable result is a set of enablers (or components) : Privacy Preserving Machine Learning through Hybrid Homomorphic Encryption, Privacy Preserving Machine Learning through Functional Encryption, Privacy Preserving Federated Learning, Privacy Preserving Machine Learning with Differential Privacy-based data synthetization, Robust Federated Learning with weight tuning, and Privacy Preserving Machine Learning with Homomorphic Encryption.
The project designed the first FE scheme based on Elliptic Curve Cryptography (ECC). Its efficiency demonstrated through performance evaluation on two commercially available resource-constrained devices. It also implemented a novel verifiable multi-client FE scheme. The project proposed a blockchain-based payment protocol between curators and analysts, facilitating the exchange of functional output for an appropriate amount. This payment protocol ensures fairness and atomicity of payments without relying on trust in the curator or other third parties.
Multi-client Hybrid Homomorphic Encryption scheme.
The project developed new hybrid MPC schemes that uses Split Learning (SL), a distributed Machine Learning approach. It allows clients to compute part of the model locally before outsourcing the remaining parts to a Cloud Service Provider.
Privacy Preserving Machine Learning combined with Functional Encryption and Hybrid Homomorphic Encryption
The project designed several (PPML protocols to support classification of encrypted data, such as images, videos, etc. It implemented a hybrid FE-(H)HE transciphering construction to allow switching between a FE encrypted cipher to a (H)HE one while providing function-hiding to the underlying FE scheme.
Byzantine-robust Federated Learning scheme.
HARPOCRATES elaborated a new weight tuning mechanism, which has been integrated in a FL set-up to enhance aggregation robustness by assigning adaptive trust weights to mitigate the impact of malicious model updates. This weight tuner outperforms leading approaches such as, Krum, Trimmed Mean, and Median.
HARPOCRATES Confidential Computing Framework and Toolbox
The main exploitable result is a set of enablers (or components) : Privacy Preserving Machine Learning through Hybrid Homomorphic Encryption, Privacy Preserving Machine Learning through Functional Encryption, Privacy Preserving Federated Learning, Privacy Preserving Machine Learning with Differential Privacy-based data synthetization, Robust Federated Learning with weight tuning, and Privacy Preserving Machine Learning with Homomorphic Encryption.