Abstract
- Privacy-Preserving Machine Learning has become an important field in the age of Big Data and AI Hype. Methods like Differential Privacy and Homomorphic Encryption (HE) have become key ideas to preserve privacy and to counter well-known attacks. Yet, practice shows, that both approaches are not without pitfalls. HE suffers from severe computational overhead, which makes the training of larger Machine Learning models as encrypted circuits not feasible. However, training shallow or sparse networks, like Prototype-Based Models may be realized. In this work, we present a proof-of-concept for the realization of Learning Vector Quantization - 1 (LVQ-1) - a shallow Nearest Prototype Classifier (NPC) - as an encrypted circuit by using TFHE as the encryption scheme. Our results indicate, that the feasibility is influenced by the dimensionality of the dataset and its respective encoding, but also that both, feasibility and performance, depend on the chosen distance function. Beyond our practical work, we provide an overview of TFHE and how LVQ may violate privacy.