 concept project for encrypted and decentralized artificial intelligence called Open Mind. So before we begin, I'll just introduce myself a little bit. So I'm an undergraduate student at Singapore Management University, where I study information systems. So I started out in AI about four to five months ago. So far, I've been working on natural language processing and a little bit of computer vision. And also, I sort of dipped my toes in to encrypted and decentralized AI. So let's jump straight into it. So first, I'm going to talk a little bit about the AI business model as it exists today. So what companies usually do is that they acquire data about the people. So they do this by getting the users, you, to surrender your data, usually for free. So the companies then take this data, and then they train a model that does something useful. And then they sell the use of that model through an app of some sort. OK, so there are some problems that are associated with this model. The first is data privacy. People lose control of their data. And this opens them up to a lot of risks. For example, your data could be stolen. It could be resold. It could be revealed to the entire world. And it could even be used as a tool for blackmail. Keeping that in mind, it brings us to the second problem, which is the sensitive product problem. Some services are inherently creepy. They need you to give up some sensitive data, such as medical history or mental health information, or something that people are just not comfortable giving up control of. So clearly, in a situation where data privacy is an issue, sensitive products will not be possible. Another large problem has to do with data being a natural resource. So these days, in the age of deep learning, data has become a natural resource for companies. More data has translated into better models and more profits. And the companies that have access to the greatest amount of data generally tend to be the largest companies. And this becomes a barrier to entry to a lot of smaller startups who are trying to break into the industry, even if they have the best technology. They might not be able to make an impact because they don't have access to the data. And also, this results in an aggregation of power in the hands of the largest companies. So now that we've talked a little bit about the problems, let's look at the success criteria. What would a solution that solves all of these issues need to have? The first thing that we need in a solution is privacy. People need to be able to control their data. And also, it would be great if people could earn a passive income from their data. So once these two things are taken care of, sensitive products can be built, the power can be decentralized, and the companies can still sell a valuable product. OK, so this is how we're going to frame a solution. First, the first part of this talk is going to look into the ingredients for the solution. These four technologies come together to form the OpenMind platform. So I'll go through each component one by one. So the first is deep learning. Since we're in a deep learning meetup group, I'll just quickly go over this. Deep learning is nothing but quite simply put hierarchical machine learning with neural networks. I know some people will have a problem with this, but let's just assume that this is the simplest definition that we have. OK, so deep learning works like this. So first, you initialize a random function, and then you make a prediction based on some input data. You take that prediction, and you figure out, is it too high? Is it too low? Is it just right? And you learn from this prediction, and then you make an adjustment to the neural network. And then you go back to step one, and then you predict, compare, learn, and you repeat this again and again until you get a satisfactory model. So this picture quickly sums up how that works. I'll just move on. So here are some deep learning libraries that you might think you can look at. The second and the most important component of OpenMind is probably federated learning. So can we have a quick show of hands? How many people have heard of federated learning? OK, that's a pretty good number. So federated learning at its core is machine learning over a distributed dataset. So traditional machine learning requires data to be aggregated. So they usually get data from user A, B, and C. They put it all together into this giant dataset, and then they run their model over it. Federated learning flips this approach. What they do is they take the model to the users. So this is how federated learning works. So first, users will download the model, and then they'll train the model using their own data, after which they upload the gradients to the server. And then the gradients are summed up so that privacy can be protected. And after that, the model is updated in the cloud. So this becomes the new model that subsequent users get to download and repeat the same process all over again. OK, federated learning platforms are currently in use inside Apple and Google, but not much outside, not yet anyway. So the third and one of the most critical components of a solution is homomorphic encryption. Just a quick show of hands again. How many people are familiar with encryption? Encryption, yeah, a homomorphic encryption? OK, so encryption, we don't have to know a lot about it for the purposes of this talk. The only thing we need to know is that encryption works by putting in a plain text. This could be, the plain text could be anything. It could be a series of numbers. It could be a word. It could be a picture, anything. You put it inside a black box encryptor, and this will output something called a ciphertext, which is essentially a long series of numbers or gibberish. It's just gibberish to the normal human person who doesn't know how to read ciphertext. So when you want to reverse this process, you take the ciphertext, you put it into a black box decryptor, and out comes the plain text that we input in the first place. So what's different about homomorphic encryption is that you can perform mathematical operations on the ciphertext. Essentially, you can perform operations on data that you don't need to know anything about. You don't even have to know if it exists or not. And you can still perform operations. So in this example, the plain text is 3 and 5. We put it into their respective homomorphic encryptors and out comes to ciphertext, cipher A and cipher B. And then we, let's take the example of cipher A. We take cipher A and we multiply it by 2. And keep in mind, we're multiplying 2 by the gibberish. It's not, we're not multiplying 2 on the plain text. Once we do that, we put it through the decryptor and out comes the plain text, which is 6. Now you'll notice that it's the same thing as multiplying 2 against 3. But when we're actually doing the operation, we're not doing it on data that we know something about. This is great for us because we need to be able to train our models on encrypted data. And this is only possible if we can use a form of encryption that allows us to perform mathematical operations on ciphertext, which is exactly what homomorphic encryption allows us to do. Okay, so here are some homomorphic encryption libraries that you can take a picture if you want to refer to it. Okay, I'll move on. So the fourth component is blockchain smart contracts. For the purposes of this talk, we don't have to know a lot about it. All that we need to know is this. Blockchain is a large distributed data set. It's essentially a decentralized data set, a database. Two things to remember. No one can edit or delete an old entry and no one can fake a new entry. Smart contracts are just data sets that's stored on the blockchain. It allows for decentralized computation. So if you want to know more about how blockchains work, this is a link that you can refer to. You can check it out if you want. Okay, so that brings us to the second part of our solution. Sorry, second part of the talk. That now we have to put all of our component technologies together and let's see how each addition solves the problems that we discussed earlier. So first we'll just look at deep learning plus federated learning and let's see how the AI architecture pans out now. So assuming that we're using only deep learning and federated learning, this is how the architecture would look like. AI Incorporated is just some AI startup we can assume. So what they do now is that they send over their old model from the cloud to Joe and Joe takes the model, he runs the old model, he trains the old model using his own data and then he updates the gradients to the AI Incorporated cloud server where the gradients are summed and the new model is updated onto AI Incorporated. After that, Jane and Jack can do the same thing all over again. Pretty much standard federated learning. And the good thing here is that people can keep their data secret but there are still a lot of disadvantages as you can see. Gradients can give hints about the data. The companies can still figure out what kind of data that the user is training on. The second issue is that people can just steal the model and sell it themselves because there's nothing stopping them from doing that. The third issue is that no one's getting paid for their data. I mean, they're providing a service but they're not getting anything in return. The third issue is deep learning, sorry, not the third issue. So now we introduce homomorphic encryption into the whole equation and let's see how the architecture pans out this time. Okay, so AI Incorporated now homomorphically encrypts its model in the cloud and then it sends it over to Joe. Now Joe performs his training on the model but he doesn't know what the model is like or he doesn't know anything about the model because it's homomorphically encrypted. He's able to train the model using his data without knowing anything about the model. So now after training, Joe sends back the model to AI Incorporated where it's updated as usual. But the difference this time is that Joe cannot steal the model because he doesn't know anything about it. He can't make it useful. So as you can see, there are a few advantages. People can keep their data secret as before. People cannot steal the encrypted models and this allows for a profitable business because now you're actually creating value as a business. The disadvantages are that AI Incorporated AI Inc can still steal data without being discovered. They can still reverse engineer the user's data and no one is still getting paid for their data. Okay, now we put in the last piece of technology into the architecture and that's smart contracts. So this time there's a little difference. Before AI Incorporated can send the model over to the users, it does this one little thing. So it just sends over this thing called model specification which contains the type of model that needs to be sent over and also something called the bounty. So the bounty is the amount that AI Incorporated is willing to pay for users' data. So this is sent to the smart contract. In the case, if you're wondering what Sonar is, that's just the smart contract service by open mind. So this time AI Incorporated sends over the model specification and the smart contract takes it and it initializes the model using its own weights and these weights are available publicly and it's completely transparent. The advantage of this is that AI Incorporated can no longer insert any malicious information into the model so that it can use that to track users' data. This is no longer possible because the initialization is done by the smart contract. Okay, now that the smart contract has received the model specification, pretty much goes on as usual. It encrypts the model, it sends it over to Joe. Joe performs his training and then he sends back the gradients to the smart contract and the smart contract checks for the validity of the gradients and if the gradients are valid, then the smart contract sends over the bounty in the form of cryptocurrency. Once that is done, this whole process is repeated with Jane and Jack and any other users. So now, as we can see, there are a lot of advantages. People have successfully kept their data secret. People cannot steal the models and the business is profitable and AI Incorporated cannot maliciously read the data either and now people are actually getting paid for giving up their data to be trained. So if you're wondering how can I build something like this for myself? The answer is OpenMind as I've been describing. So OpenMind is an encrypted decentralized artificial intelligence platform. It's completely open source. You can find it on openmind.org.org. You can find the description and it's on GitHub so you can find all sorts of guides to learn how to install it and use it on your own. So the four main components of OpenMind are SIFT, which is a homomorphically encrypted deep learning library. There's Sonar, which takes care of the federated learning server. There's Mine, which is a federated learning client and Capsule is just a blockchain article that takes care of the RSA public-private key generation. It just makes sure that everything is secure. Okay, so I'll just show you around OpenMind for a bit. Okay, yes. Okay, it seems that we are having a few issues. Do we have time? We're almost done, but do we have time? Can we just skip over to the end? You can show it, you've got like 10 minutes left. Oh, okay. Okay, so I'm not able to get this up. So basically, the OpenMind website has a bunch of tutorials. There's a detailed tutorial on how you can deploy your neural network on the OpenMind architecture. It's got an accompanying YouTube video as well. Right now you can learn how to add a CPU-powered function to TensorFlow as well. But keep in mind that not all of the functions are up yet because it's still in the pre-alpha stage. For now, this is how much is up, but there's a lot coming up. So if you wanna contribute, please do join as well. It's a large project that requires a lot of people to contribute, so please do contribute if you want. Okay, so that brings us to the end. So if you've got any questions, please do email me so that I can think, deliberate on the questions properly and give you a decent answer than if you put me on the spot. So there's my email, please do email me. Do follow me on Twitter, that's my handle over there. I like to think I post some fun stuff about artificial intelligence in there, so I hope you enjoy that too. So, well, thank you for your attention and we'll have fun at the other talks as well.