A Distributed Trust Framework for Privacy-Preserving Machine Learning

When training a machine learning model, it is standard procedure for the researcher to have full knowledge of both the data and model. However, this engenders a lack of trust between data owners and data scientists. Data owners are justifiably reluctant to relinquish control of private information to third parties. Privacy-preserving techniques distribute computation in order to ensure that data remains in the control of the owner while learning takes place. However, architectures distributed amongst multiple agents introduce an entirely new set of security and trust complications, including data poisoning and model theft. This paper outlines a distributed infrastructure which can be used to facilitate peer-to-peer trust between entities; collaboratively performing a privacy-preserving workflow. Our outlined prototype enables the initialisation of industry gatekeepers and governance bodies as credential issuers under a certain application domain. Before participating in the distributed learning workflow, malicious actors must first negotiate valid credentials from these gatekeepers. We detail a proof of concept using Hyperledger Aries, Decentralised Identifiers (DIDs) and Verifiable Credentials (VCs) to establish a distributed trust architecture during a privacy-preserving machine learning experiment. Specifically, we utilise secure and authenticated DID communication channels in order to facilitate a federated learning workflow related to mental health care data.