In an era when data breaches are as common as traffic jams, a team at MIT has engineered a breakthrough in cloud-based security. Researchers there say they have developed a protocol that uses quantum properties of light to protect sensitive data during deep-learning computations on cloud servers. Given the rampant use of deep-learning models in critical areas like health care and finance, this new layer of quantum security could be a game-changer for protecting private information.
MIT postdoc Kfir Sulimany, leading the research effort, has called attention to the privacy risks that hospitals and financial institutions face when they rely on cloud computing to analyze sensitive data. To tackle these risks, his team's protocol encodes data into laser light used in fiber optics, a move leveraging quantum mechanics principles to create a hacker-proof communication channel. "Deep learning models like GPT-4 have unprecedented capabilities but require massive computational resources. Our protocol enables users to harness these powerful models without compromising the privacy of their data or the proprietary nature of the models themselves," Sulimany told MIT News.
The dilemma is clear: clients with confidential data want predictions from cloud-based AI without exposing patient or financial details, while servers, built by companies spending years and millions, do not want to give away their model's secrets. The researchers' solution ensures that neither the client's data nor the server's proprietary information are compromised during the transaction. With the no-cloning principle of quantum information at its core, the protocol prevents perfect copying and unauthorized interception during data transmission.
Explaining the technical details, Sulimany described how a neural network's weights are encoded by the server into an optical field, then sent to the client to compute a result without compromising data. "Instead of measuring all the incoming light from the server, the client only measures the light that is necessary to run the deep neural network and feed the result into the next layer. Then the client sends the residual light back to the server for security checks," he said, according to an interview with MIT News.
Not only does this protocol address security concerns, but it also does so while touting high accuracy rates for the deep-learning computations involved. MIT researchers put their method to the test, finding that it could support a deep neural network's performance at 96 percent accuracy. As for information leaks, the system is designed so that each party can only access a fraction of the data that would be needed to pose a security threat to the other.
Senior author and EECS professor Dirk Englund provided insight into the development of the protoco, saying, "A few years ago, when we developed our demonstration of distributed machine learning inference between MIT’s main campus and MIT Lincoln Laboratory, it dawned on me that we could do something entirely new to provide physical-layer security, building on years of quantum cryptography work that had also been shown on that testbed." The team, including Sulimany, graduate student Prahlad Iyengar, and postdocs Sri Krishna Vadlamani and Ryan Hamerly, looks forward to exploring further applications, such as in federated learning and quantum operations, according to MIT News.
Outside commentary on the research comes from Eleni Diamanti, CNRS research director at Sorbonne University, who was not involved in the study. Acknowledging the implications of this MIT development for privacy preservation, Diamanti noted on MIT News, "This work combines in a clever and intriguing way techniques drawing from fields that do not usually meet, in particular, deep learning and quantum key distribution. By using methods from the latter, it adds a security layer to the former, while also allowing for what appears to be a realistic implementation"
