Secure XGBoost in Jupyter#
Secure XGBoost comes with a demo Jupyter notebook that provides some insight into how one can use the library. The notebook gives an end to end demo of a complete workflow. A practical use case of Secure XGBoost would involve outsourced computation requiring at least two machines (a client who owns the data and a server where computation on the data is done), but the workflow in the notebook has been simplified to require only one machine.
The notebook is located at demo/python/jupyter/e2e-demo.ipynb
.
An End to End Workflow#
There are six main steps in the notebook:
Key Generation
The client generates a secret symmetric key.
Data Encryption
The client uses the key to encrypt its data.
User Initialization
The client creates a user object and passes in the path to its secret symmetric key, its private key, and its certificate.
Enclave Preparation
The server creates an enclave, and starts a process within it. The client attests the enclave process, and securely transfers its key to the enclave.
Data Loading
The enclave loads the client’s encrypted data.
Training
The enclave trains a model using the provided data.
Prediction
The enclave makes predictions with the model, and produces a set of encrypted results; the client decrypts the results.
Note that in the outsourced computation model, steps 1, 2, and 3 are done on the client, and 4, 5, and 6 are done on the server. Inference yielding encrypted predictions in step 7 happens on the server, and decryption of the encrypted predictions happens on the client.