- Shalini Banerjee ORCID:orcid.org/0000-0002-8844-042711,
- Steven D. Galbraith ORCID:orcid.org/0000-0001-7114-837711 &
- Giovanni Russello ORCID:orcid.org/0000-0001-6987-080311
Part of the book series:Lecture Notes in Computer Science ((LNCS,volume 14460))
Included in the following conference series:
195Accesses
Abstract
We present a new encoder for hiding parameters in an interval membership function. As an application, we design a simple and efficientvirtual black-box obfuscator forevasive decision trees. The security of our construction is proved in the random oracle model. Our goal is to increase the class of programs that have practical and cryptographically secure obfuscators.
This is a preview of subscription content,log in via an institution to check access.
Access this chapter
Subscribe and save
- Get 10 units per month
- Download Article/Chapter or eBook
- 1 Unit = 1 Article or 1 Chapter
- Cancel anytime
Buy Now
- Chapter
- JPY 3498
- Price includes VAT (Japan)
- eBook
- JPY 7435
- Price includes VAT (Japan)
- Softcover Book
- JPY 9294
- Price includes VAT (Japan)
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Health Insurance Portability and Accountability Act of 1996.
References
Ateniese, G., Mancini, L.V., Spognardi, A., Villani, A., Vitali, D., Felici, G.: Hacking smart machines with smarter ones: how to extract meaningful data from machine learning classifiers. Int. J. Secure. Network.10(3), 137–150 (2015)
Banerjee, S., Galbraith, S.D., Khan, T., Castellanos, J.H., Russello, G.: Preventing reverse engineering of control programs in industrial control systems. In: Proceedings of the 9th ACM Cyber-Physical System Security Workshop, pp. 48–59 (2023)
Barak, B., Bitansky, N., Canetti, R., Kalai, Y.T., Paneth, O., Sahai, A.: Obfuscation for evasive functions. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 26–51. Springer, Heidelberg (2014).https://doi.org/10.1007/978-3-642-54242-8_2
Barak, B., et al.: On the (im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001).https://doi.org/10.1007/3-540-44647-8_1
Barni, M., Failla, P., Kolesnikov, V., Lazzeretti, R., Sadeghi, A.-R., Schneider, T.: Secure evaluation of private linear branching programs with medical applications. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 424–439. Springer, Heidelberg (2009).https://doi.org/10.1007/978-3-642-04444-1_26
Barni, M., et al.: Efficient privacy-preserving classification of ECG signals. In: 2009 First IEEE International Workshop on Information Forensics and Security (WIFS), pp. 91–95. IEEE (2009)
Bartusek, J., Lepoint, T., Ma, F., Zhandry, M.: New techniques for obfuscating conjunctions. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11478, pp. 636–666. Springer, Cham (2019).https://doi.org/10.1007/978-3-030-17659-4_22
Bishop, A., Kowalczyk, L., Malkin, T., Pastro, V., Raykova, M., Shi, K.: A simple obfuscation scheme for pattern-matching with wildcards. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10993, pp. 731–752. Springer, Cham (2018).https://doi.org/10.1007/978-3-319-96878-0_25
Blurock, E.S.: Automatic learning of chemical concepts: research octane number and molecular substructures. Comput. Chem.19(2), 91–99 (1995)
Bos, J.W., Lauter, K., Naehrig, M.: Private predictive analysis on encrypted medical data. J. Biomed. Inform.50, 234–243 (2014)
Bost, R., Popa, R.A., Tu, S., Goldwasser, S.: Machine learning classification over encrypted data. Cryptology ePrint Archive (2014)
Boyle, E., Ishai, Y., Meyer, P., Robere, R., Yehuda, G.: On low-end obfuscation and learning. In: 14th Innovations in Theoretical Computer Science Conference (ITCS 2023). Schloss Dagstuhl-Leibniz-Zentrum für Informatik (2023)
Brickell, J., Porter, D.E., Shmatikov, V., Witchel, E.: Privacy-preserving remote diagnostics. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 498–507 (2007)
Canetti, R.: Towards realizing random oracles: hash functions that hide all partial information. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 455–469. Springer, Heidelberg (1997).https://doi.org/10.1007/BFb0052255
Canetti, R., Rothblum, G.N., Varia, M.: Obfuscation of hyperplane membership. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 72–89. Springer, Heidelberg (2010).https://doi.org/10.1007/978-3-642-11799-2_5
Cong, K., Das, D., Park, J., Pereira, H.V.: SortingHat: efficient private decision tree evaluation via homomorphic encryption and transciphering. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pp. 563–577 (2022)
Decaestecker, C., et al.: Methodological aspects of using decision trees to characterise leiomyomatous tumors. Cytometry J. Int. Soc. Anal. Cytol.24(1), 83–92 (1996)
Fredrikson, M., Jha, S., Ristenpart, T.: Model inversion attacks that exploit confidence information and basic countermeasures. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1322–1333 (2015)
Galbraith, S.D., Zobernig, L.: Obfuscated fuzzy hamming distance and conjunctions from subset product problems. In: Hofheinz, D., Rosen, A. (eds.) TCC 2019. LNCS, vol. 11891, pp. 81–110. Springer, Cham (2019).https://doi.org/10.1007/978-3-030-36030-6_4
Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. SIAM J. Comput.45(3), 882–929 (2016)
Goyal, R., Koppula, V., Waters, B.: Lockable obfuscation. In: 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS), pp. 612–621. IEEE (2017)
Karnouskos, S.: Stuxnet worm impact on industrial cyber-physical system security. In: 37th Annual Conference of the IEEE Industrial Electronics Society, IECON 2011, pp. 4490–4494. IEEE (2011)
Kesarwani, M., Mukhoty, B., Arya, V., Mehta, S.: Model extraction warning in MLaaS paradigm. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 371–380 (2018)
Lee, T., Edwards, B., Molloy, I., Su, D.: Defending against model stealing attacks using deceptive perturbations. arXiv preprintarXiv:1806.00054 (2018)
Tai, R.K.H., Ma, J.P.K., Zhao, Y., Chow, S.S.M.: Privacy-preserving decision trees evaluation via linear functions. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 494–512. Springer, Cham (2017).https://doi.org/10.1007/978-3-319-66399-9_27
Pal, S., Gupta, Y., Shukla, A., Kanade, A., Shevade, S., Ganapathy, V.: A framework for the extraction of deep neural networks by leveraging public data. arXiv preprintarXiv:1905.09165 (2019)
Quiring, E., Arp, D., Rieck, K.: Forgotten siblings: unifying attacks on machine learning and digital watermarking. In: 2018 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 488–502. IEEE (2018)
Silverstein, C., Shieber, S.M.: Predicting individual book use for off-site storage using decision trees. Libr. Q.66(3), 266–293 (1996)
Tramèr, F., Zhang, F., Juels, A., Reiter, M.K., Ristenpart, T.: Stealing machine learning models via prediction APIs. In: 25th USENIX Security Symposium (USENIX Security 2016), pp. 601–618 (2016)
Wee, H.: On obfuscating point functions. In: Proceedings of the Thirty-Seventh Annual ACM Symposium on Theory of Computing, pp. 523–532 (2005)
Wichs, D., Zirdelis, G.: Obfuscating compute-and-compare programs under LWE. In: 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS), pp. 600–611. IEEE (2017)
Zheng, H., Ye, Q., Hu, H., Fang, C., Shi, J.: BDPL: a boundary differentially private layer against machine learning model extraction attacks. In: Sako, K., Schneider, S., Ryan, P.Y.A. (eds.) ESORICS 2019. LNCS, vol. 11735, pp. 66–83. Springer, Cham (2019).https://doi.org/10.1007/978-3-030-29959-0_4
Acknowledgements
We thank Phillip Rogaway for discussions on methods for obfuscating inequalities. We thank the Marsden Fund of the Royal Society of New Zealand for supporting this research. We thank the reviewers of INDOCRYPT 2023 for their insightful comments.
Author information
Authors and Affiliations
University of Auckland, Auckland, New Zealand
Shalini Banerjee, Steven D. Galbraith & Giovanni Russello
- Shalini Banerjee
You can also search for this author inPubMed Google Scholar
- Steven D. Galbraith
You can also search for this author inPubMed Google Scholar
- Giovanni Russello
You can also search for this author inPubMed Google Scholar
Corresponding author
Correspondence toShalini Banerjee.
Editor information
Editors and Affiliations
Nanyang Technological University, Singapore, Singapore
Anupam Chattopadhyay
Nanyang Technological University, Singapore, Singapore
Shivam Bhasin
Radboud University, Nijmegen, The Netherlands
Stjepan Picek
Indian Institute of Technology Madras, Chennai, India
Chester Rebeiro
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Banerjee, S., Galbraith, S.D., Russello, G. (2024). Obfuscating Evasive Decision Trees. In: Chattopadhyay, A., Bhasin, S., Picek, S., Rebeiro, C. (eds) Progress in Cryptology – INDOCRYPT 2023. INDOCRYPT 2023. Lecture Notes in Computer Science, vol 14460. Springer, Cham. https://doi.org/10.1007/978-3-031-56235-8_5
Download citation
Published:
Publisher Name:Springer, Cham
Print ISBN:978-3-031-56234-1
Online ISBN:978-3-031-56235-8
eBook Packages:Computer ScienceComputer Science (R0)
Share this paper
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative