# Private Predictions with TFE Keras

# Step 3: Private Prediction using TFE Keras - Serving (Client)

After training your model with normal Keras and securing it with TFE Keras, you are ready to request some private predictions.

In [1]:
import numpy as np
import tensorflow as tf
import tf_encrypted as tfe

from tensorflow.keras.datasets import mnist

  _np_qint8 = np.dtype([("qint8", np.int8, 1)])
  _np_quint8 = np.dtype([("quint8", np.uint8, 1)])
  _np_qint16 = np.dtype([("qint16", np.int16, 1)])
  _np_quint16 = np.dtype([("quint16", np.uint16, 1)])
  _np_qint32 = np.dtype([("qint32", np.int32, 1)])
  np_resource = np.dtype([("resource", np.ubyte, 1)])
  _np_qint8 = np.dtype([("qint8", np.int8, 1)])
  _np_quint8 = np.dtype([("quint8", np.uint8, 1)])
  _np_qint16 = np.dtype([("qint16", np.int16, 1)])
  _np_quint16 = np.dtype([("quint16", np.uint16, 1)])
  _np_qint32 = np.dtype([("qint32", np.int32, 1)])
  np_resource = np.dtype([("resource", np.ubyte, 1)])








## Data

Here, we preprocess our MNIST data. This is identical to how we preprocessed during training.

In [2]:
import pickle
file = open('../normal_test.pkl', 'rb')
# dump information to that file
test_normal = pickle.load(file)
# close the file
file.close()

file = open('../pneumonia_test.pkl', 'rb')
# dump information to that file
test_pneumonia = pickle.load(file)
# close the file
file.close()

In [3]:
y_normal_t = np.zeros((234,), dtype=int)
y_pneumonia_t = np.ones((390,), dtype=int)

x_test = np.concatenate((test_normal, test_pneumonia))
y_test = np.concatenate((y_normal_t, y_pneumonia_t))
from sklearn.utils import shuffle
x_test, y_test = shuffle(x_test, y_test, random_state=0)
x_test.shape

(624, 150, 125)

In [4]:
rows = x_test.shape[0]
rows_req = (rows//50)*50
x_test = x_test[:rows_req,:,:]
y_test = y_test[:rows_req]

In [5]:
# input image dimensions
img_rows, img_cols = 150, 125

x_test = x_test.reshape(x_test.shape[0], img_rows, img_cols, 1)
input_shape = (img_rows, img_cols, 1)

x_test = x_test.astype('float32')
x_test /= 255

In [6]:
x_test

array([[[[0.7647059 ],
         [0.7647059 ],
         [0.73333335],
         ...,
         [0.26666668],
         [0.28627452],
         [0.26666668]],

        [[0.7764706 ],
         [0.7490196 ],
         [0.7176471 ],
         ...,
         [0.28235295],
         [0.28627452],
         [0.28627452]],

        [[0.7882353 ],
         [0.74509805],
         [0.70980394],
         ...,
         [0.25882354],
         [0.32156864],
         [0.25882354]],

        ...,

        [[0.0627451 ],
         [0.05490196],
         [0.04705882],
         ...,
         [0.06666667],
         [0.06666667],
         [0.06666667]],

        [[0.0627451 ],
         [0.05490196],
         [0.04705882],
         ...,
         [0.0627451 ],
         [0.06666667],
         [0.06666667]],

        [[0.0627451 ],
         [0.05490196],
         [0.04705882],
         ...,
         [0.0627451 ],
         [0.06666667],
         [0.06666667]]],


       [[[0.14117648],
         [0.14901961],
         [0.15

## Set up `tfe.serving.QueueClient`


Before querying the model, we just have to connect to it. To do so, we can create a client with `tfe.serving.QueueClient`. This creates a TFE queueing server on the client side that connects to the queueing server set up by `tfe.serving.QueueServer` in **Secure Model Serving**. The queue will be responsible for secretly sharing the plaintext data before submitting the shares in a prediction request.

Note that we have to use the same configuration as used by the server, including player configuration and protocol.

In [7]:
config = tfe.RemoteConfig.load("/tmp/tfe.config")

tfe.set_config(config)
tfe.set_protocol(tfe.protocol.SecureNN())

In [8]:
input_shape = (1, 150, 125, 1)
output_shape = (1, 2)

In [9]:
client = tfe.serving.QueueClient(
    input_shape=input_shape,
    output_shape=output_shape)







In [10]:
sess = tfe.Session(config=config)











INFO:tf_encrypted:Starting session on target 'grpc://localhost:4000' using config graph_options {
}



## Query Model

You are ready to get some private predictions! Calling `client.run` will insert the image into the queue created above, secret share the data locally, and submit the shares to the model server in **Secure Model Serving**.

In [11]:
# User inputs
num_tests = 25
images, expected_labels = x_test[100:num_tests+100], y_test[100:num_tests+100]

In [12]:
for image, expected_label in zip(images, expected_labels):
    
    res = client.run(
        sess,
        image.reshape(1, 150, 125, 1))
    
    predicted_label = np.argmax(res)
    
    print("The image had label {} and was {} classified as {}".format(
        expected_label,
        "correctly" if expected_label == predicted_label else "incorrectly",
        predicted_label))

The image had label 1 and was correctly classified as 1
The image had label 1 and was correctly classified as 1
The image had label 0 and was incorrectly classified as 1
The image had label 0 and was incorrectly classified as 1
The image had label 1 and was correctly classified as 1
The image had label 0 and was incorrectly classified as 1
The image had label 1 and was correctly classified as 1
The image had label 0 and was incorrectly classified as 1
The image had label 0 and was incorrectly classified as 1
The image had label 1 and was correctly classified as 1
The image had label 1 and was correctly classified as 1
The image had label 0 and was incorrectly classified as 1
The image had label 1 and was correctly classified as 1
The image had label 0 and was incorrectly classified as 1
The image had label 1 and was correctly classified as 1
The image had label 0 and was incorrectly classified as 1
The image had label 1 and was correctly classified as 1
The image had label 1 and was co

We are able to classify these three images correctly! But what's special about these predictions is that we haven't revealed any private information to get this service. The model host never saw your input data or your predictions, and you never downloaded the model. You were able to get private predictions on encrypted data with an encrypted model!