Attacks on Image Encryption Schemes for Privacy-Preserving Deep Neural Networks
This work addresses security flaws in privacy-preserving machine learning for researchers and practitioners, but it is incremental as it builds on existing encryption schemes.
The paper tackles the vulnerability of recent image encryption schemes for privacy-preserving deep neural networks by presenting new chosen-plaintext and ciphertext-only attacks, demonstrating their effectiveness on multiple examples.
Privacy preserving machine learning is an active area of research usually relying on techniques such as homomorphic encryption or secure multiparty computation. Recent novel encryption techniques for performing machine learning using deep neural nets on images have recently been proposed by Tanaka and Sirichotedumrong, Kinoshita, and Kiya. We present new chosen-plaintext and ciphertext-only attacks against both of these proposed image encryption schemes and demonstrate the attacks' effectiveness on several examples.