The incredible capabilities of deep-learning models are transforming industries—from diagnosing diseases in health care to predicting market trends in finance. However, the computational power these models require often necessitates robust cloud-based servers.
This dependence on cloud computing raises substantial security concerns, especially within health care settings where confidentiality is paramount; hospitals are understandably cautious about employing AI tools that analyze sensitive patient data.
To address these critical security challenges, researchers at MIT have introduced an innovative security protocol that harnesses the quantum properties of light, ensuring that data transmitted to and from a cloud server remains secure throughout deep-learning processes.
The protocol cleverly encodes data into the laser light used in fiber optic communication systems, utilizing fundamental quantum mechanics principles that make it virtually impossible for intruders to copy or intercept information without being detected.
Importantly, this innovative approach does not sacrifice the accuracy of deep-learning models. In rigorous tests, the researchers demonstrated that their method could sustain an impressive 96 percent accuracy while implementing formidable security measures.
“Deep learning models like GPT-4 showcase extraordinary capabilities but demand immense computational resources. Our protocol allows users to tap into these powerful models without jeopardizing the privacy of their data or the proprietary aspects of the models themselves,” explains Kfir Sulimany, an MIT postdoc at the Research Laboratory for Electronics (RLE) and the lead author of a recent paper on this security protocol.
Joining Sulimany on the paper are Sri Krishna Vadlamani, Ryan Hamerly (currently at NTT Research, Inc.), Prahlad Iyengar, an electrical engineering and computer science graduate student, and senior author Dirk Englund, a professor in EECS and head of the Quantum Photonics and Artificial Intelligence Group. Their groundbreaking research was recently presented at the Annual Conference on Quantum Cryptography.
A Mutual Security Approach in Deep Learning
The researchers primarily focused on a cloud computing scenario involving two entities—a client with sensitive data, such as medical images, and a central server that manages a deep learning model.
In such cases, clients wish to leverage the model to derive insights, like assessing cancer risk based on medical imagery, while keeping patient data secure.
During this transaction, while essential data must be transmitted for analysis, confidentiality remains non-negotiable. Conversely, the server also aims to protect its proprietary model, which could take years and significant investment to develop.
In conventional digital computation, an attacker could easily duplicate transmitted data. However, the principles of quantum information prevent perfect copying. This no-cloning principle is crucial to the researchers’ security strategy.
The process begins with the server encoding deep neural network weights into an optical field using laser light. A neural network, a type of deep learning model, consists of multiple interconnected nodes, or neurons, tasked with processing data. Each layer’s weights carry out mathematical operations on input data, layer by layer, until a final prediction emerges.
The server sends its network weights to the client, which then performs operations using its private data without exposing it to the server.
Simultaneously, this security protocol restricts the client to measuring only essential results, preventing it from copying the weights due to the inherent properties of quantum light.
Once the client inputs the first result into the subsequent layer, the protocol ensures that the initial layer is effectively erased, preventing the interpretation of any further details about the model.
“The client captures only the necessary light to execute the deep neural network and relay the outcome into the next layer. The remaining light is then sent back for security validations,” explains Sulimany.
The no-cloning theorem means that the client introduces slight errors during the measurement process. The server, upon receiving the client’s residual light, can analyze these errors to determine if unauthorized information has been transmitted. Crucially, this light reveals no client-specific data.
A Viable Security Protocol
Today’s telecommunications often rely on optical fibers to manage enormous bandwidth over long distances, allowing the researchers to integrate their new security protocol with existing optical laser technology without needing specialized hardware.
Testing revealed that their approach guarantees data security for both the server and the client while achieving a solid 96 percent accuracy in the deep neural network.
The minimal information leakage during client-side operations amounts to under 10 percent of what would be required for an adversary to reconstruct hidden data. Conversely, a malicious server would obtain only about 1 percent of what it would need to compromise client information.
“The assurance of security flows both ways—from client to server and vice versa,” states Sulimany.
Reflecting on their past developments, Englund mentions, “A few years back, we conducted a demonstration of distributed machine learning inference between MIT’s main campus and MIT Lincoln Laboratory. It sparked the realization that we could innovate to provide physical-layer security, leveraging years of quantum cryptography research that had previously been exhibited on that testbed.” He continues, “However, overcoming the deep theoretical challenges was critical to realizing privacy-protected distributed machine learning. This became feasible with Kfir’s unique understanding of both experimental and theoretical components, which was vital for forming our unified framework.”
Moving forward, the researchers are eager to investigate how their protocol might enhance federated learning—a technique allowing multiple parties to use their data for training a central deep learning model. They also plan to explore its potential applications in quantum operations, beyond the classical methods examined in this study, potentially improving both accuracy and security.
Eleni Diamanti, a CNRS research director at Sorbonne University in Paris and not involved in the study, comments, “This work uniquely intertwines techniques from fields that rarely converge—specifically, deep learning and quantum key distribution. Incorporating methods from the latter adds a layer of security to the former, presenting a seemingly realistic implementation. It’s exciting to see how this protocol performs under experimental imperfections and its path toward practical applications.”
This research received partial support from the Israeli Council for Higher Education and the Zuckerman STEM Leadership Program.
Photo credit & article inspired by: Massachusetts Institute of Technology