The tf-shell library supports privacy preserving machine learning with
homomorphic encryption via the
SHELL library and tensorflow.
This is not an officially supported Google product.
pip install tf-shellSee ./examples/ for how to use the library.
Homomorphic encryption allows computation on encrypted data. For example, given
two ciphertexts a and b representing the numbers 3 and 4, respectively,
one can compute a ciphertext c representing the number 7 without decrypting
a or b. This is useful for privacy preserving machine learning because it
allows training a model on encrypted data.
The SHELL encryption library supports homomorphic encryption with respect to addition and multiplication. This means that one can compute the sum of two ciphertexts or the product of two ciphertexts without decrypting them. SHELL does not support fully homomorphic encryption, meaning computing functions of ciphertexts with arbitrary depth. That said, because machine learning models are of bounded depth, the performance benefits of leveled schemes (without bootstrapping, e.g. SHELL) outweight limitations in circuit depth.
This library has two modules, tf_shell which supports Tensorflow Tensors
containing ciphertexts with homomorphic properties, and tf_shell_ml some (very)
simple machine learning tools supporting privacy preserving training.
tf-shell is designed for Label-DP SGD where training data is vertically
partitioned, e.g. one party holds features while another party holds labels. The
party who holds the features would like to train a model without learning the
labels. The resultant trained model is differentially private with respect to
the labels.
-
Install Bazelisk and python3 or use the devcontainer.
-
Run the tests.
bazelisk test --config test ...
-
Build the code.
bazelisk build --config release //:wheel bazelisk run //:wheel_rename
-
(Optional) Install the wheel, e.g. to try out the
./examples/. You may first need to copy the wheel out of the devcontainer's filesystem.cp -f bazel-bin/*.whl ./ # Run in devcontainer if using.
Then install.
pip install tf_shell-...-manylinux.whl # Run in target environment.
Note the cpython api is not compatible across minor python versions (e.g. 3.10, 3.11) so the wheel must be rebuilt for each python version.
bazelisk run //:bazel_formatter
bazelisk run //:python_formatter
bazelisk run //:clang_formattercloc ./ --fullpath --not-match-d='/(bazel-.*|.*\.venv)/'Update requirements.in and run the following to update the requirements files for each python version.
for ver in 3_9 3_10 3_11; do
touch requirements_${ver}.txt
bazelisk run //:requirements_${ver}.update
done
bazelisk clean --expungeIf updating the tensorflow dependency, other dependencies may also need to
change, e.g. abseil (see MODULE.bazel). This issue usually manifests as a
missing symbols error in the tests when trying to import the tensorflow DSO. In
this case, c++filt will help to decode the mangled symbol name and nm --defined-only .../libtensorflow_framework.so | grep ... may help find what the
symbol changed to, and which dependency is causing the error.
See CONTRIBUTING.md for details.
Apache 2.0; see LICENSE for details.
This project is not an official Google project. It is not supported by Google and Google specifically disclaims all warranties as to its quality, merchantability, or fitness for a particular purpose.