Private Machine Learning in TensorFlow using Secure Computation

Nov. 1, 2018, 8:36 p.m. By: Kirti Bakshi


In this paper, you are presented a framework for experimenting directly in TensorFlow with secure multi-party computation. By doing so the users are benefited from several properties that turn out to be valuable to both researchers and practitioners, including high-level abstractions for expressing complex algorithms and protocols, tight integration with ordinary machine learning processes, existing optimizations for distributed computation in TensorFlow and an expanded set of familiar tooling.

This paper gives you an open source implementation of a state-of-the-art protocol and report on concrete benchmarks making the use of typical models from private machine learning.

A deeper Insight:

There are several fields that come together in private machine learning and as a result, researchers and practitioners developing scalable solutions may find themselves facing a task that might require many diverse skill sets and expertise. Also, Adapting machine learning models in a way that allows for privacy-preserving prediction and training on its own is quite complex and non-trivial.

The basic concepts of modularity and extensibility are crucial for effective experimentation in any area. As one may come across a large implementation challenge, potentially having to stitch together several otherwise independent systems or from both fields re-implement complex methods.

On the contrary, an individual must not only be taking advantage of diverse multi-core architectures that optimize local computations, but also the distributed processes inherent in secure computation, including how best to orchestrate the joint execution on multiple machines and across the network minimize the overhead of sending large amounts of data.

But building all of this at the right level of abstraction often comes at the cost of extensibility and code readability and therefore makes experimentation harder.

Hence, for even small-scale solutions it is highly valuable to have access to tools for visual inspection, debugging, and profiling such as TensorBoard in order to identify issues and bottlenecks in both the protocol and the machine learning model.

This paper illustrates to you the benefits of embedding protocols directly into TensorFlow in order to show that it can serve as a platform for easily experimenting with secure computation for private machine learning.


  • Presentation of tf-encrypted, an open source library built on top of TensorFlow with the aim of making private machine learning more accessible to researchers and practitioners coming from either cryptography or machine learning, and without the need to be an expert in distributed systems or high-performance computing.

  • Adapting and implementing a state-of-the-art secure computation protocol for tensor oriented applications.

  • Reporting on benchmarks using common models from the literature and highlight additional properties of this approach that are found of value.

Now, Moving onto The Properties of this Approach:

The main properties of this approach are:

  • Usability: By leveraging TensorFlow, they obtain a familiar and comprehensive platform for building scalable solutions.

  • Integration: By reducing all secure computations to TensorFlow graphs, it becomes straight-forward to mix these with ordinary computations for hybrid approaches.

  • Extensibility: Making the use of TensorFlow’s high-level abstractions makes it easier to experiment with and develop new secure protocols on top of optimized primitives while maintaining code readability.

  • Performance: Achievement of high runtime efficiency without sacrificing other properties via TensorFlow’s distributed execution engine heavily optimized for networking, parallel execution, and scalability.

  • Benchmarking: Combining all of the above the result is a common framework for comparable private machine learning.


The paper brings to you an open source framework for experimenting with secure computation in TensorFlow, and an illustration of how implementation of such protocols can be easily expressed using high level abstractions.

This additionally allows private machine learning to be expressed in an interface similar to ordinary TensorFlow while maintaining good performance.

In the full version of this paper they also elaborate on the results, and present a modular extension of the concrete protocol presented that adds features from Wagh et al. [2018] in order to compute exact ReLU and MaxPooling.

For related work, experiments and more refer to the link mentioned in the end.

Link To The Paper: Click Here