Player is loading...
Privacy-Enhanced Computation in the Age of AI
Dr. Dimitar Jechev, Co-founder and CTO of Inpher
Wednesday, Oct. 11, 2023 · 9:01 a.m. · 19m 00s
Dimitar Jetchev, Co-founder and CTO of Inpher, is a leading figure in secure data analytics and mathematical cryptography. He's known for pioneering a Java SDK for secure cloud data sharing, Inpher's XOR platform for privacy-preserving data analytics, and for his collaborative work with leading institutions such as CHUV (University Hospital in Lausanne) on major EU Horizon projects in healthcare and data analytics. As the Swiss National Science Foundation Professor at EPFL, Dimitar's research spans arithmetic geometry, number theory, and cryptographic applications, with over 30 research publications to his name. His groundbreaking contributions include the development of the Birch and Swinnerton-Dyer conjecture formula, innovative work on isogenies in cryptography, and expertise in secure Multiparty Computation (MPC) and Fully Homomorphic Encryption (FHE). Dimitar Jetchev is dedicated to shaping the future of data security, mathematics, and privacy preservation on a global scale.
Embed
Transcriptions
Note: this content has been automatically generated.
00:00:02
thank you uh so thanks for the organ uh tends to be organised as for ah that are great event today
00:00:08
my name is the project chief um ah i'm the city
00:00:11
only found that out ah in for a privacy preserving machine learning
00:00:16
a swiss us based company i'm also on
00:00:20
affiliated professor but a couple appeared that into
00:00:23
not practical could repeat eighty people uh teaching
00:00:26
courses in ah mathematical crippled happy so um
00:00:31
today i'm gonna tell you a little bit about our premise of
00:00:34
preserving the m. l. without some specific use cases but they also uh
00:00:41
put my might poke into the context of
00:00:43
far better for coming regulations on artificial intelligence
00:00:48
so in for a while develops a platform ah called big so for privacy preserving
00:00:55
a machine link and it uses various script to block oh
00:01:00
technologies such as a circular multiparty computation pulling from our project
00:01:05
option ah they they they could well mean with the security radiation
00:01:09
ah but it also ah very recently integrated with uh
00:01:14
ah some cover security now ah features
00:01:17
are in partnership with microsoft but asia i'll
00:01:21
tell me a little bit about that so uh let's start with the basically like that
00:01:29
generalities here so accessing private data for family pick semi one
00:01:33
day i dispose already mentioned in the in the previous though
00:01:37
so they to access is uh the leading barrier to enter
00:01:41
paris uh the i. m. l. ah adoption and national security so
00:01:46
a value valuable they please distribute it
00:01:49
usually huh silos across teams leases owns it
00:01:53
set for i am the a conventional ah matt techniques such as the money musician position
00:02:00
ah encryption up enough so uh we need basically to talk now
00:02:06
about the concept of interruption in use this is what what what types of preserving computing is about
00:02:13
uh so how can we provide access to sensitive data
00:02:16
well keeping gets it you are confidential and distributed bands that
00:02:20
main problem but we're solving of course this is all
00:02:23
about privacy insecurity and there is a big getting here
00:02:28
that appear this some some about this ah
00:02:31
the regulations on artificial intelligence and that so
00:02:36
the concept of what we call today trust work here i'm
00:02:39
in that regulations so you're seeing a lot more teams men just
00:02:43
our gen been just like the same data protection so first
00:02:47
of all ah what's that the u. a. i. x. or that
00:02:52
is the walls uh i'm a bit world so first company
00:02:55
can save a a regulation and this was passed by the new
00:02:59
parliament this summer in july ah twenty twenty three and is
00:03:05
expected to be fully effective twenty twenty six so uh that's that
00:03:10
that's embodied the story so what do we mean by trust that post with the a i mean this
00:03:16
more to that that's that it could calling plus possible use okay i first of all
00:03:22
not it talks about different concepts you don't there's a mention probably the same
00:03:27
data protection so you serve ah fairness
00:03:30
and biased mitigation reject transparency didn't explain ability
00:03:35
and here i'm emphasising the word explain ability that's one of the problems that infrared
00:03:41
the company isa um in countering chin
00:03:44
various ah big enterprise client applications a into
00:03:49
actually be on the privacy we're developing also privacy presenting features
00:03:54
for mobile explain ability you mentioned just a little bit more
00:03:58
it's particularly important for example if you are using come a i'd based diagnosis
00:04:03
tool we've adopted he's using that tool and they're multiple features coming into that too
00:04:09
how do we know exactly which feature is accountable for that
00:04:13
explains the production ah same for predictive maintenance imagine that you're trying
00:04:18
to do predictive maintenance are in in any of the industrial fields
00:04:24
and then uh you want to understand you want to do it
00:04:27
would cost analysis so that's that's where ah you you cannot
00:04:31
again should discuss their lesson biased mitigation again a big topic ah
00:04:37
about the view especially those who work in a i know about
00:04:40
that robustness and reliability and accountability and they are that's that's also
00:04:46
a big topic so these are among the main themes are far that the u. a. i
00:04:51
uh at uh we will um see more details later this year on that are coming up so
00:04:59
now let me tell me a little bit about the in for ah pricing constant
00:05:04
technology approach so a lot of people who know a little bit about paying for
00:05:11
ah often thing that we're done in p. c. company in pieces then swap secure multiparty
00:05:16
computation and in fact that's not exactly what
00:05:20
we are we are we use secure multiparty computation
00:05:25
which of state of the art technology scalable deployed in production uh but ah that is not the
00:05:32
only technology that that is used so the the yeah ah our our company vision at least is that
00:05:39
ah real world use cases cannot be addressed with a single privacy enhancing technology you need to put the
00:05:45
combination of books so you need to put the
00:05:48
combination of s. n. p. c. differential privacy ah uh
00:05:53
but the rated learning or ah ah even plus that execution environment so think about the
00:05:59
federated learning work will so it's very complex
00:06:04
from a security analysis perspective right so you've
00:06:07
got all these like ah private data sources
00:06:12
sage devices whatever your palate silence ah ah
00:06:16
so hard in all but the daycare is protected from the server the server receives updates
00:06:23
from from local mobile updates of local gradient updates from all of these devices so ah
00:06:30
it's it's very difficult to also so there are various attacks out there like model invention attacks
00:06:37
that could be essentially cover the local beat up each of
00:06:40
the local data sources so we need to talk about security regulation
00:06:44
how do you do security should use other pets
00:06:48
use other privacy preserving technologist like how marketing corruption
00:06:53
or secure multiparty computation you can also use the financial privacy
00:06:58
to to to protect global models when you communicate them back to
00:07:02
their to their ah the local plants so ah securing federated link
00:07:09
as simple as it might sound is an extremely picky question
00:07:15
and like you have to be very careful when you
00:07:18
ah even described or security models work work wine so
00:07:23
uh that is what you've got is so how does
00:07:25
it work impact this uh so we kept up the um
00:07:31
i'm not just portal on the left so this is where the data analyst with no knowledge of
00:07:36
triple a. p. sets it interacts via standard pipe
00:07:41
from o. s. t. p. ice so you writer
00:07:43
call in the same way is you would write the program ah ah you you would like the
00:07:49
problem cited where um or yeah not pounders they'd the planes on the stand up a. p. ice
00:07:56
then what you do is you sent the so this program gets compiled by ideas of
00:08:01
service and usually on the crowd hosted by
00:08:04
infrared so that our dot dot dot compiler
00:08:09
that doesn't see ah anything about private data you just
00:08:14
use the code compiles it then it has to be it
00:08:18
the uh the cold to the more people probably would be to silos where
00:08:22
you execute the computation interested that is all on the uh on the well
00:08:28
on the analyst pop so that's kind of fun and very high level
00:08:32
how you're going to orchestrate the course there's a lot of details here
00:08:37
probably when he orchestration hobbling sure that you
00:08:40
get on multiple computations how do you uh huh
00:08:44
so so so how do you orchestrate and even more complex work
00:08:48
for where you have to a local computations uh on each of
00:08:52
these um uh because i was how do you orchestrate the pretty
00:08:57
lady polemic approach where you may chip like millions of devices and pure
00:09:01
ah model can become very complex like uh the models that
00:09:06
were mentioned in in slots uh told before so a lot
00:09:10
but but but there's always that he leaned the details of the implementation of this this system so so if you can still
00:09:17
ah but on a very high level this is what this is what
00:09:21
we provide so far and basically the focus of the company is clearly around
00:09:28
and only takes machine learning can in a i that's what we know we know how to do well um so
00:09:35
let me tell you a little bit about ah on on on a very high level so
00:09:41
oh basically are i'll show you a particular use case in shelter at the end
00:09:47
of my talk about the art as i mentioned to you are you are so weak
00:09:55
first of all support so in this mobile we do support
00:09:59
capability computing and what does it mean that we support group
00:10:04
to be happy computing capability computing just a neat think who
00:10:08
secretly you turn on the lights based on mathematical arguments impure it's
00:10:15
uh that's working confidential compute think is anything that provide some crap works you
00:10:22
and some people out there are all che to use confidential computing
00:10:29
but for other applications especially government competition
00:10:33
computing is not enough so what what we
00:10:38
amen invasion to provide with that platform is in fact the capability
00:10:44
that if you have very strong mathematical security models at the same time
00:10:50
depending on your scale ability requirements and your security
00:10:55
requirements you should have the flexibility in the options
00:10:59
to deploy more highly scalable ah solution
00:11:04
right so well on the a big advantage here is that for most of these applications to
00:11:11
see one particular use case you don't have to move data your data can reside on premise
00:11:17
or it can be in the clock or you may collaborate on beta in the hybrid passions
00:11:23
some some of the data might be in the crowd some of the data might be imprints so
00:11:28
there are his ability is very important here isn't mentioned data scientists they
00:11:36
should not know all the details of triple reputation was this lab probation because
00:11:41
the security in the implementation but they should not our be able in any
00:11:47
way to explicitly interact with the security and set security parameters it's it so
00:11:54
that and and at the end of the day like the enterprise that that's very important
00:11:58
because obviously want to be able to deploy it automatically you want to be able to our
00:12:04
that support sufficiently many machine learning complex machine learning
00:12:08
corporations you need to get that type interfaces especially now
00:12:12
with or without ice of generative pay i ah you you you do shape
00:12:17
your you you do need very special ah a. p. i. is that could
00:12:22
easily support the work tools okay so what's important here to mention on legislation
00:12:28
perspective so that european data protection board
00:12:33
recommends some of these republican security uh
00:12:39
technologies for g. d. p. r. compliance specifically
00:12:44
and using an example with secure multiparty computation
00:12:48
so infrared is a company his being seven involved in
00:12:53
ah foundational work can fully from a marketing corruption as well
00:12:58
so i'll let you can see that already descriptive gothic
00:13:02
security ah technologist they are not in the sense huh
00:13:07
consider to be due to poor comply so some of the use cases which is which is
00:13:15
ah also topic but i would like to our budget on so
00:13:19
we should have ah obviously use cases in asset management would go
00:13:23
customers some of these use cases of public we which of them on
00:13:26
the blog post we can use cases in a advertisement technologist banking life
00:13:33
sciences manufacturing can semiconductors and government
00:13:38
so like what are the typical banking
00:13:41
cues cases for instance so on collaborative role models this was mentioned already
00:13:47
credit mobile link anti money laundering ah
00:13:50
use g. benchmarking played matching are within our
00:13:55
asset management now obviously so uh if you ever catch from or if you're an asset
00:14:02
manager you may want to bring some external
00:14:04
data to improve your forecasting models so off
00:14:09
the generation that was one of the use cases that we shared with c. p. p.
00:14:14
investment supply chain shop crossbow culpable your positions
00:14:19
so in manufacturing can semiconductor one major use
00:14:22
case predictive maintenance in you optimisation so you might
00:14:26
of our trip about the challenges of semiconductor
00:14:29
manufacturers were here to exchange data between there are
00:14:35
so so or if you're semiconductor manufacturer you ship obviously a lot of
00:14:40
trade secrets and then at the same time using machines that your sense of sweet sensitive data so the data
00:14:46
collaboration is very complex in this uh use cases in to the end of the day what you want to do
00:14:53
you are want to do defect detection in the process and
00:14:57
also make sure that you optimise your parameters of the system
00:15:01
so that you get the optimal e. so there are so
00:15:05
cool you optimisation problem so that's one of the problems that
00:15:09
we as a as a as a company can solve our
00:15:13
government of course intelligence community difference law enforcement unfortunately i can't
00:15:18
talk too much about these use cases due to their obvious
00:15:22
proprietary nature and last but not least we'll hear a lot
00:15:27
today about that that's life sciences like or a john lose going to talk later about that but uh
00:15:34
ah he awoke evidence clinical trials like developments dynamics
00:15:39
so i'm gonna show you one specific use case
00:15:42
right now which is are funded by one of the biggest
00:15:46
our european union projects you horizon pays for for a i
00:15:50
specifically focused on child care and that use cases in our collaboration which should
00:15:57
ah in was on and they're not specifically about how the border paper new imaging
00:16:04
well i'm so the use cases about a digital diagnosis of alzheimer's
00:16:10
disease early diagnosis of all time and there are two aspects of
00:16:15
it so the uh uh do the research group in shoe views
00:16:19
developed this uh software call based on a technique called statistical parametric mapping
00:16:26
so they get a lot of images from patients camera images and if you want
00:16:31
to do statistics on that the first task is to map them to a standard space
00:16:38
so that you can the statistical comparisons obviously you have to individuals the brains brain may just
00:16:44
very different the queries we need to do some mathematical transformation are there other use cases where essentially
00:16:52
you may have the same individuals but over time being on
00:16:55
that over time so these are the so called temporal images
00:17:00
so i'm not their techniques and r. transformations that allow you to produce a d. i. p. image uh
00:17:07
that first of all maps uh all of these images dimple standard space and then it but it it allows
00:17:14
for a statistics and then you can monitor over time
00:17:18
how the volume of certain parts of the brain involved
00:17:21
but i don't have the brain you both for example here on the uh you have like an quite ah
00:17:30
contrast on these derived images in they don't show you where they have like a violation of some of
00:17:37
their ah ah some of the different regions of the buttons in this case the the tentacles for that
00:17:43
mike either be due to page rank or it might be
00:17:47
due to uh some ah new would generate produces like the
00:17:51
men sure or ah alzheimer so you want to know statistically
00:17:56
like what what the schools in that village and that's exactly
00:18:01
the statistical analysis that you would need to do on these
00:18:03
images soul um from one perspective the first problem so the
00:18:09
two problems to solve here there is the biomedical research perspective
00:18:14
where you want to identify very perky to with the agents
00:18:17
of the brain that who's ah changes over time account to
00:18:24
put pension account for alzheimer and the second perspective is the
00:18:30
clinician perspective where you're building confederate a tool that can enable
00:18:36
you to a bit tech barely alzheimer based on these images
00:18:40
and potentially other clinical date so building these tools is the
00:18:45
goal of this are about you know in a collaborative harder
00:18:48
it pushes the goal of their ah you face for a
Conference Program
(Keynote Talk) Privacy-Preserving Machine Learning : theoretical and practical considerations
Prof. Slava Voloshynovskiy, University of Geneva, professor with the Department of Computer Science and head of the Stochastic Information Processing group
Oct. 11, 2023 · 7:55 a.m.
2509 views
5 minutes Q&A - Privacy-Preserving Machine Learning : theoretical and practical considerations
Prof. Slava Voloshynovskiy, University of Geneva, professor with the Department of Computer Science and head of the Stochastic Information Processing group
Oct. 11, 2023 · 8:40 a.m.
Enabling Digital Sovereignity With ML
Vladimir Vujovic, Senior Digital Innovation Manager, SICPA
Oct. 11, 2023 · 8:44 a.m.
5 minutes Q&A - Enabling Digital Sovereignity With ML
Vladimir Vujovic, Senior Digital Innovation Manager, SICPA
Oct. 11, 2023 · 8:58 a.m.
Privacy-Enhanced Computation in the Age of AI
Dr. Dimitar Jechev, Co-founder and CTO of Inpher
Oct. 11, 2023 · 9:01 a.m.
138 views
