Trusted Machine Learning Models Unlock Private Inference for Problems Currently Infeasible with Cryptography
Ilia Shumailov, Daniel Ramage, Sarah Meiklejohn, Peter Kairouz, Florian Hartmann, Borja Balle, Eugene Bagdasarian
2025-01-16
Summary
This paper talks about a new way to keep information private when working with untrusted parties using advanced AI models. The researchers propose using Trusted Capable Model Environments (TCMEs) as a safer and more efficient alternative to traditional cryptographic methods.
What's the problem?
When we need to share private information with people or companies we don't fully trust, it's hard to keep that information secret while still getting things done. Current methods, like complex math-based cryptography, work for simple tasks but struggle with bigger, more complicated problems. This limits what we can do securely in many important situations.
What's the solution?
The researchers suggest using powerful AI models in a special setup called Trusted Capable Model Environments (TCMEs). These AI models act like a trusted middleman, processing the private information in a way that keeps it secret from everyone else. TCMEs have strict rules about what information can go in and come out, and they don't remember anything between tasks. This setup allows for more complex private computations than traditional methods, while still keeping the information safe.
Why it matters?
This matters because it could unlock new ways to use and share sensitive information safely in our increasingly digital world. It could help with things like medical research using private health data, financial analysis without revealing personal details, or even allow companies to work together without exposing trade secrets. By making it possible to do more complex tasks privately, this approach could lead to new discoveries and innovations that were previously held back by privacy concerns.
Abstract
We often interact with untrusted parties. Prioritization of privacy can limit the effectiveness of these interactions, as achieving certain goals necessitates sharing private data. Traditionally, addressing this challenge has involved either seeking trusted intermediaries or constructing cryptographic protocols that restrict how much data is revealed, such as multi-party computations or zero-knowledge proofs. While significant advances have been made in scaling cryptographic approaches, they remain limited in terms of the size and complexity of applications they can be used for. In this paper, we argue that capable machine learning models can fulfill the role of a trusted third party, thus enabling secure computations for applications that were previously infeasible. In particular, we describe Trusted Capable Model Environments (TCMEs) as an alternative approach for scaling secure computation, where capable machine learning model(s) interact under input/output constraints, with explicit information flow control and explicit statelessness. This approach aims to achieve a balance between privacy and computational efficiency, enabling private inference where classical cryptographic solutions are currently infeasible. We describe a number of use cases that are enabled by TCME, and show that even some simple classic cryptographic problems can already be solved with TCME. Finally, we outline current limitations and discuss the path forward in implementing them.