The method of Amber can be found on paper Towards Secure and Practical Machine Learning via Secret Sharing and Random Permutation (Accepted by Knowledge-based Systems 2022).
Amber is not provable-secure.
Amber(A machine learning system behaved in an encrypted manner) is a library for privacy-preserving machine learning.
What is privacy-preserving machine learning? For example, suppose there are two companies, company A has some data
In a short word, PPML(privacy-preserving machine learning) is to conduct machine learning in a secure manner that the data for training models will not be exposed.
Recently, many PPML systems were created, e.g. Facebook's Crypten, Pysyft, Tensorflow's tf-encrypted, FATE, and CryptFlow. However, those PPML systems are stuck with one specific platform, heavy to install and hard to use. For example, Crypten is the lightest system among those all. However, it is hard to use it for PPML in production since its semi-honest third-party is simulated locally, which means it is unsafe. Pysyft is for the horizontal-federated tasks. tf-encrypted is hard to use since it's based on the tf 1.x's functions and there are plenty of bugs. FATE and CryptFlow are very heavy with their docker images of several GBs size. And they are also hard for beginners to use.
Different from all those PPML systems, Amber is a light-weighted system that has no forcible requirements except for Numpy. Basic computations such as addition, multiplication and machine learning models such as LR, DNN are separated. As long as one protocol supports basic tensor operations, it can be used. And even those MPC protocols can use different backends for local computation. Amber contains the following layers:
- Layer 0: Backends for basic local computations. For example, Numpy.
- Layer 1: Players. It specifies a protocol by assigning different players in the protocol different tasks. Players can use different backends to accelerate their computations. An instance of Player should support common computations such as add, mul, matmul.
- Layer2: Operators. An operator is a computation which are differentiable. That is: the operator's derivative is still an operator. It is the basic element of the computation graph.
- Layer3: Graphs. A graph consists of operators, tensors which are parameters. And it takes some tensors as input, then outputs some tensors as output. Graphs are differentiable, so for one graph, we can get the gradient of it. Then we can update the parameters in that graph, in other words, training it.