TF Encrypted is a framework for encrypted machine learning in TensorFlow. It looks and feels like TensorFlow, taking advantage of the ease-of-use of the Keras API while enabling training and prediction over encrypted data via secure multi-party computation and homomorphic encryption. TF Encrypted aims to make privacy-preserving machine learning readily available, without requiring expertise in cryptography, distributed systems, or high performance computing.
See below for more background material, explore the examples, or visit the documentation to learn more about how to use the library. You are also more than welcome to join our Slack channel for all questions around use and development.
TF Encrypted is available as a package on PyPI supporting Python 3.5+ and TensorFlow 1.12.0+:
pip3 install tf-encrypted
Creating a conda environment to run TF Encrypted code can be done using:
conda create -n tfe python=3.6 conda activate tfe conda install tensorflow notebook pip install tf-encrypted
Alternatively, installing from source can be done using:
git clone https://github.com/tf-encrypted/tf-encrypted.git cd tf-encrypted pip3 install -e .
This latter is useful on platforms for which the pip package has not yet been compiled but is also needed for development. Note that this will get you a working basic installation, yet a few more steps are required to match the performance and security of the version shipped in the pip package, see the installation instructions.
The following is an example of simple matmul on encrypted data using TF Encrypted:
import tensorflow as tf import tf_encrypted as tfe @tfe.local_computation('input-provider') def provide_input(): # normal TensorFlow operations can be run locally # as part of defining a private input, in this # case on the machine of the input provider return tf.ones(shape=(5, 10)) # define inputs w = tfe.define_private_variable(tf.ones(shape=(10,10))) x = provide_input() # define computation y = tfe.matmul(x, w) with tfe.Session() as sess: # initialize variables sess.run(tfe.global_variables_initializer()) # reveal result result = sess.run(y.reveal())
High-level APIs for combining privacy and machine learning. So far TF Encrypted is focused on its low-level interface but it's time to figure out what it means for interfaces such as Keras when privacy enters the picture.
Tighter integration with TensorFlow. This includes aligning with the upcoming TensorFlow 2.0 as well as figuring out how TF Encrypted can work closely together with related projects such as TF Privacy and TF Federated.
Support for third party libraries. While TF Encrypted has its own implementations of secure computation, there are other excellent libraries out there for both secure computation and homomorphic encryption. We want to bring these on board and provide a bridge from TensorFlow.
Background & Further Reading
The following texts provide further in-depth presentations of the project:
- Bridging Microsoft SEAL into TensorFlow takes a first step towards integrating the Microsoft SEAL homomorphic encryption library and some of the technical challenges involved (by Justin Patriquin at Dropout Labs)
- Encrypted Deep Learning Training and Predictions with TF Encrypted Keras introduces and illustrates first parts of our encrypted Keras interface (by Yann Dupis at Dropout Labs)
- Growing TF Encrypted outlines the roadmap and motivates TF Encrypted as a community project (by Morten Dahl at Dropout Labs)
- Experimenting with TF Encrypted walks through a simple example of turning an existing TensorFlow prediction model private (by Morten Dahl and Jason Mancuso at Dropout Labs)
- Private Machine Learning in TensorFlow using Secure Computation further elaborates on the benefits of the approach, outlines the adaptation of a secure computation protocol, and reports on concrete performance numbers (by Dropout Labs)
- Secure Computations as Dataflow Programs describes the initial motivation and implementation (by Morten Dahl)
Check out our contribution guide for more information, and don't hesitate to send a pull request, open an issue, or ask for help! You can do so either via GitHub or by joining our Slack channel. We use ZenHub to plan and track GitHub issues and pull requests.
We are very grateful for the significant contributions made by the following organizations!
TF Encrypted is experimental software not currently intended for use in production environments. The focus is on building the underlying primitives and techniques, with some practical security issues postponed for a later stage. However, care is taken to ensure that none of these represent fundamental issues that cannot be fixed as needed.
- Elements of TensorFlow's networking subsystem does not appear to be sufficiently hardened against malicious users. Proxies or other means of access filtering may be sufficient to mitigate this.