Despite several applications of deep-learning models, they are computationally intensive, requiring the use of powerful cloud-based servers. These computations are typically offloaded to cloud computing servers, leading to vulnerabilities that can compromise the security of the client’s data.
To tackle this pressing issue, MIT researchers have developed a security protocol that uses quantum properties of light to ensure secure data transfer from cloud servers during deep-learning computations.
This protocol encodes data using laser light in fiber optic systems, relying on quantum mechanics to make it impossible for attackers to copy or intercept the information without detection. It ensures strong security while keeping deep-learning models accurate. In tests, the researchers showed that their method maintained 96% accuracy while providing solid security.
In digital systems, an attacker can easily copy and steal the data from the server. However, quantum information can’t be perfectly copied due to the no-cloning principle. In their protocol, scientists used this property by having the server encode the weights of a deep neural network into an optical field using laser light.
The server sends the neural network’s weights to the client, who uses them to perform calculations with their private data, keeping that data hidden from the server. The security protocol ensures the client can only measure one result and prevents them from copying the weights due to the quantum nature of light. After the client processes the first result, the protocol cancels out the first layer, preventing the client from learning more about the model.
Kfir Sulimany, an MIT postdoc in the Research Laboratory for Electronics (RLE), said, “Instead of measuring all the incoming light from the server, the client only measures the light necessary to run the deep neural network and feeds the result into the next layer. Then, the client returns the residual light to the server for security checks.”
Because of the no-cloning theorem, the client inevitably introduces small errors when measuring the model’s result. When the server receives the leftover light from the client, it can analyze these errors to check if any information has been leaked. Importantly, this residual light does not reveal any information about the client’s data.
Modern telecommunications use optical fibers to transmit information, allowing for high bandwidth over long distances. Since this equipment already includes optical lasers, the researchers can use light to encode data for their security protocol without needing extra hardware.
In their tests, the researchers demonstrated that the protocol ensured security for the server and client while allowing the deep neural network to maintain 96% accuracy. Any information that leaks during client operations is less than 10% of what an attacker would need to access hidden data. Conversely, a malicious server could only gain about 1% of the information necessary to steal the client’s data.
In the future, scientists plan to explore how this protocol could be applied to federated learning, where multiple parties collaborate to train a central deep-learning model using their own data. They also want to investigate its use in quantum operations instead of the classical methods studied so far, which could enhance accuracy and security.
Eleni Diamanti, a CNRS research director at Sorbonne University in Paris, who was not involved with this work, said, “This work combines cleverly and intriguingly techniques drawing from fields that do not usually meet, in particular, deep learning and quantum key distribution.”
“Using methods from the latter adds a security layer to the former while also allowing for what appears to be a realistic implementation. This can be interesting for preserving privacy in distributed architectures. I am looking forward to seeing how the protocol behaves under experimental imperfections and its practical realization.”
Journal Reference:
- Kfir Sulimany, Sri Krishna Vadlamani, Ryan Hamerly, et al. Quantum-secure multiparty deep learning. arXiv: 2408.05629v2