Attacking ML inference via malicious MPC party

Abstract

Secure Multi Party Computation (MPC) in a three-party honest majority setting is currently the most used cryptographic primitive for running machine learning algorithms in a privacy-preserving manner. Although MPC typically operates with integers, it becomes necessary to extend its functionality to support machine learning algorithms, which involve arithmetic operations on decimal numbers. To address this requirement, fixed-point arithmetic is used for running machine learning algorithms. Consequently, a secure truncation protocol is essential after every multiplication to preserve precision. Recently a maliciously secure truncation protocol named MaSTer was proposed. This protocol however lets the malicious adversary add some error with high probability to each instantiation of multiplication without getting detected. This project aims to design an attack exploiting this vulnerability in machine learning inference from the perspective of a malicious MPC party, with a conclusion dependent on fixed-point precision. The attack method we have chosen is attacking with adversarial examples. We have given an attack strategy with a weaker assumption and discussed the results of this strategy. We have mentioned the idea of generalizing this strategy for a more general case.