Privacy-Preserving Blockchain-Based Nonlinear SVM Classifier Training for Social Networks

With the development of social networks, there are more and more social data produced, which usually contain valuable knowledge that can be utilized in many fields, such as commodity recommendation and sentimental analysis. -e SVM classifier, as one of the most prevailing machine learning techniques for classification, is a crucial tool for social data analysis. Since training a high-quality SVM classifier usually requires a huge amount of data, it is a better choice for individuals and small enterprises to conduct collaborative training with multiple parties. Nevertheless, it causes privacy risks when sharing sensitive data with untrusted people and enterprises. Existing solutions mainly adopt the computation-intensive cryptographic methods which are not efficient for practical applications. -erefore, it is an urgent and challenging task to realize efficient SVM classifier training while protecting privacy. In this paper, we propose a novel privacy-preserving nonlinear SVM classifier training scheme based on blockchain. We first design a series of secure computation protocols which can achieve secure nonlinear SVM classifier training with minimal computation overheads. -en, leveraging these building blocks, we propose a blockchain-based secure nonlinear SVM classifier training scheme that realizes collaborative training while protecting privacy.We conduct a thorough analysis of the security properties of our scheme. Experiments over a real dataset show that our scheme achieves high accuracy and practical efficiency.


Introduction
Nowadays, social networks have been playing a significant role in reflecting and influencing human living styles. It makes people be able to keep in touch with each other and share information anytime and anywhere. e development of social networks has resulted in more and more socialrelated data being produced, which consist of various raw insights and information. With the evolution of artificial intelligence and machine learning, many individuals and companies try to train learning models by utilizing social data to learn valuable information for personal or commercial purposes. Support vector machine (SVM), as one of the most essential and important machine learning techniques for classification, can be applied to many fields, such as medical diagnosis [1], image recognition [2], and recommendation system [3]. It is also crucial for social data analysis and processing. For instance, many e-commerce companies may collect social information about potential customers and train effective SVM classifiers to conduct commodity recommendation. In addition, individuals may want to train SVM models by utilizing photos from social media to support automated image annotation, which can make it more convenient to find photos from electronic albums. To obtain an SVM classifier with high accuracy, the training process usually requires a huge amount of social data. However, it is difficult for a single party (e.g., an individual or a company) to collect plentiful and diversified data.
erefore, there has been a surge in demand for collaborative training by a group of parties. e merged dataset from multiple sources on social networks has obvious advantages on data volume and variety. erefore, it is a growing trend for companies and individuals to share information and collaboratively train a high-quality classifier. However, it causes nonnegligible privacy risks when sharing private data with untrusted parties [4]. For instance, the individuals own some private photos in social networks which only themself and their friends can access. ey want to train a classifier to support automated image annotation. However, they hesitate to share the photos with other entities that they do not trust because it may cause the leakage of personal privacy. erefore, it is a crucial problem to perform collaborative training while protecting privacy.
To address this issue, many privacy-preserving classifier training schemes have been proposed. e most common cryptographic method for protecting data is homomorphic encryption [5,6]. However, the homomorphic encryption technique is usually involved with computationally expensive cryptographic primitives, which result in heavy computation cost. Differential privacy is another method to guarantee the security of data [7,8]. Nevertheless, the differential privacy technique cannot achieve high accuracy because it protects data privacy by adding immeasurable noises to the parameters of the model. Besides, in the above privacy-preserving training schemes, the data owners completely lose control of their data when outsourcing the data to the untrusted parties. e data ownership has not been well guaranteed, which is also a potential threat of data confidentiality. Once the data are shared to the untrusted servers for training, there are potential risks that the data might be modified or replicated by the unauthorized servers. Recently, several privacy-preserving schemes are proposed to achieve privacy-preserving training by utilizing the blockchain technique due to its decentralized digital ledger property. Shen et al. [9] proposed a privacy-preserving SVM training scheme over blockchain-based encrypted IoT data. However, their scheme just fits linear data but cannot deal with classification tasks for nonlinear datasets, which are more common in practice. Moreover, they adopted the computing-intensive Paillier homomorphic encryption technique, which causes huge computation overheads.
In this paper, we propose a new privacy-preserving nonlinear SVM classifier training scheme based on blockchain. Specifically, we establish a blockchain-based data sharing and computation outsourcing mechanism which allows participants to collaboratively train the model while protecting privacy. We utilize the blockchain technique to establish a distributed data sharing environment. In our scheme, the communication of multiple parties is recorded on the blockchain. It ensures transparent delivery of training tasks and the guarantee of data ownership. e blockchain also supports fair incentives to avoid deceptive behavior. We adopt the additive secret sharing technique based on two-party computation to design the computation protocols, which can achieve secure SVM training with minimal computation overheads. e main contribution of this paper can be summarized as follows: (1) To train a high-quality nonlinear SVM classifier while protecting privacy, we propose a privacypreserving training scheme based on blockchain. We utilize the blockchain technique to design a decentralized scheme for collaborative training while ensuring the invariance and ownership of training data. e incentive mechanism of blockchain can also help to guarantee the fairness of the participants and prevent destructive behaviors of the computing parties meanwhile.
(2) We adopt the additive secret sharing techniques and design a series of arithmetic primitives such as multiplication, comparison, and natural exponential computation to realize efficient collaborative training while protecting the privacy of both the data and the model. e protocols in our scheme contain no computation-intensive cryptographic primitives and greatly reduce the computation overheads.
(3) We thoroughly analyze the security of our scheme and conduct experiments over real-world datasets. e security analysis shows that our scheme can well protect the privacy of the data and the users. We conduct comprehensive experiments, and the results demonstrate that our scheme can achieve high accuracy and obtain nonlinear SVM classifiers with practical training efficiency. e rest of this paper is organized as follows: Section 2 introduces the formulation of the problem, our design goals, and the preliminaries of our scheme. In Section 3, we present the secure computation protocols based on secret sharing. Section 4 gives the details of our privacy-preserving training scheme. Security analysis and performance evaluation are presented in Section 5 and Section 6, respectively. We conclude the paper in Section 8.

System Model.
In this paper, we focus on designing a scheme for privacy-preserving and efficient nonlinear SVM classifier training.
ere are three entities in our framework: the blockchain, the data providers, and the servers, as shown in Figure 1. e role of each entity is described as follows: Blockchain. e blockchain in our scheme serves as a distributed and immutable ledger. Each block of the blockchain stores a group of transactions of the training requests, the delivery of training data, and so on. e blockchain also provides an incentive mechanism to guarantee fairness. Data Providers. e data providers can be institutions, enterprises, or individuals who own some training data and participate in the collaborative training of the SVM classifier.
ey take charge of encrypting the original datasets before sending them to the servers and generating random values in the secure computation process. Servers. e servers are two computing parties which are selected from the parties in the decentralized network.
ey are incented to conduct the training tasks, like the miners in Bitcoin.
In the blockchain-based decentralized system, the servers should first register on the blockchain and join the network. Meanwhile, each party is required to commit a deposit, which is frozen in the account. e goal of freezing a deposit is to prevent dishonest behavior of the servers. It will be withheld as forfeit if the servers return deceitful results. When the data providers want to conduct collaborative training by utilizing the computing resources in the network, they should generate a transaction that contains the requests and pays. After receiving the transaction, the blockchain selects two servers as computing parties and sends the addresses and the public encryption keys of the servers to the data providers. en, each provider encrypts the training data with the respective public keys and sends the encrypted data to the servers. On receiving the encrypted data from all the participants, the servers perform the secure computation protocols and conduct the SVM classifier training. e secure computation involves some random values, which can be generated offline by the data providers. After finishing the training process, the servers send the results back to the data providers. en, each provider reconstructs the model and sends to the blockchain an acknowledgement message, with which the blockchain determines to give the servers rewards or penalties.

reat Model.
In this paper, we assume that the servers are noncolluding and there are secure channels among the nodes in the decentralized network. We consider the servers to be honest but curious. It means that the servers would execute the designed task honestly, but they are curious to infer sensitive information from the encrypted data and the interactive messages. e privacy threats mainly come from two aspects: (1) the encrypted original datasets. e original datasets may contain lots of sensitive information about the data providers. e adversaries can still infer valuable information about the local data through the training process.
(2) e training results. e results of training, i.e., the SVM model, can be used for some commercial benefit. us, the results could be embezzled by the computing parties or adversaries.
Specifically, to better evaluate the security of our scheme, we consider two levels of threat as follows: Level 1. e computing parties can learn nothing about the original datasets. ey are assumed to only know the split shares of the datasets and the immediate results of each step in the training protocol. Level 2. Apart from the information in Level 1, the computing parties can also obtain part of original datasets from certain data providers among the multiple participants of the collaborative training.

Design Goals.
To implement privacy-preserving and efficient nonlinear SVM classifier training, our scheme should meet the following goals: Security. Our scheme is supposed to protect the information and resist the potential adversities introduced in the threat model. Besides, even if some data providers collude with the servers, the privacy of datasets of other data providers stored on the servers is still preserved.
Correctness. Our training algorithm should be designed correctly to obtain a high-quality SVM classifier model. e privacy-preserving classifier ought to be almost equally effective as those obtained in the plaintext domain, and the accuracy should be high enough for practical use. Efficiency. High efficiency is the premise for a training algorithm to be used in practical applications. For this purpose, the encryption technique we adopt should not contain computation-intensive cryptographic primitives, and our scheme ought to achieve minimal computing overhead.

SVM Classifier.
e support vector machine (SVM) is a widely used learning method based on the structural risk minimization [10]. e objective of SVM is to find an optimal separating hyperplane with the maximum margin that distinctly classifies the data points. Suppose that ( i is a vector containing attributes of the i th instance and y i is the class label which satisfies e optimization problem of the SVM classifier is described as arg min In practice, the sample data are not linear separable in some classification tasks. at is, there exists no hyperplane Data providers which separates the data points. e nonlinear SVM can map the training data from the low-dimensional space into a higher dimensional space through a kernel function. e corresponding decision function is e commonly used kernel functions include linear kernel, polynomial kernel, and Gaussian kernel. In this paper, we choose the Gaussian kernel which function is

Blockchain.
Blockchain is a kind of distributed ledger technology (DLT) on a peer-to-peer (P2P) network which makes the history of any digital transactions unalterable and transparent through the use of decentralization and cryptographic hashing [11,12]. e transactions are stored in blocks which are linked as a chain. Blockchain has been originally proposed for constructing a public-distributed ledger for transactions in Bitcoin [13], which is a worldwide electronic payment system. Blockchain is well known for its decentralization, transparency, and tamper-proof property. It is built with no need for a trusted third party or a central administrator. ere is no singlepoint-of-failure since the blockchain is not maintained by a single party but kept by all parties. e transactions that occur in the network would be recorded on the digital ledger, and no one can modify it. Blockchain usually adopts consensus protocols to manage the right of creating new blocks. ere are three kinds of common consensus protocols, i.e., Proof-of-Work (PoW), Proof-of-Stake (PoS), and Practical Byzantine Fault Tolerance (PBFT). Recently, there are lots of attempts of applying blockchain into different scenarios, such as solving trust crisis, simplifying various procedures, and verifying digital identities.

Secure Multiparty Computation.
Secure multiparty computation (SMC) originates from the secure two-party computation (2PC) in 1982 (for the so-called Millionaires' Problem) introduced by Yao [14]. SMC is a central cryptographic task that allows multiple parties to jointly compute some function over their inputs while protecting the privacy. Specifically, there are multiple participants P 1 , P 2 , . . . P n . Each participant P i holds its input x i , and the participants agree on some function f that takes the n inputs. eir goal is to compute y � f(x 1 , x 2 , . . . , x n ) while satisfying the following two conditions: (i) Correctness: the value of y is correctly computed (ii) Privacy: the participants cannot learn anything about the inputs of others Most of the SMC architectures are based on some cryptographic tools such as homomorphic encryption (HE), garbled circuits (GC), and oblivious transfer (OT). However, these frameworks are computationally expensive and difficult to be deployed for processing large-scale data sets. By contrast, SMC frameworks based on secret sharing do not involve any cryptographic primitives. erefore, they could obtain a better performance.

Secret Sharing-Based Secure Computing Protocols
In this section, we mainly introduce the secure computation protocols used in our scheme which are based on additive secret sharing. Additive secret sharing is a kind of cryptography technique that means all intermediate values are additively shared between the chosen worker servers. Given two inputs a and b, they will be randomly split into two shares, i.e., a � a 1 + a 2 and b � b 1 + b 2 , which are outsourced to two servers S 1 and S 2 , respectively. Here, we denote 〈a〉 1 and 〈a〉 2 as the two shares stored on S 1 and S 2 , respectively. To cooperatively work out f (a, b), S 1 outputs f 1 and S 2 outputs f 2 . f 1 and f 2 satisfy that f 1 + f 2 � f. During the computation, S 1 and S 2 learn no information about the value of a, b, and the result f.

Secure Addition/Subtraction Protocol.
Given two values a and b, the addition/subtraction protocol is to jointly compute a ± b. It is obvious that the computation can be executed by S 1 and S 2 independently since (〈a〉 Note that there is no interaction between the two servers during the computation.

Secure Multiplication Protocol.
e multiplication protocol is to calculate the product of two given values a and b. We adopt the Beaver's precomputed multiplication triplets [15] technique to realize multiplication protocol. e steps of our secure multiplication protocol SecMul(·) are given as follows.
To obtain c � a × b, the algorithm utilizes a pregenerated triplet (u, v, w), where u and v are randomly generated and w � u × v.
e shares of u, v, and w are u i , v i , and w i (i � 1, 2), which are stored in S i , respectively. e servers S i then calculate 〈e〉 i � 〈a〉 i − 〈u〉 i and 〈f〉 i � 〈b〉 i − 〈v〉 i locally. After that, they send 〈e〉 i and 〈f〉 i to each other and reconstruct e and f. Finally, S i computes and outputs the shared results as us, the product c can be reconstructed simply by adding the respective results of S 1 and S 2 as c � 〈c〉 1 + 〈c〉 2 . Protocol. Given a value a and b, the secure comparison protocol SecComp(·) is used to judge whether a < b. Specifically, the function outputs 1 if and only if a < b and outputs 0 otherwise. We adopt the bit-decomposition method in [16] and follow the comparison protocol proposed by Huang et al. [17] which is based on additively secret sharing.

Secure Comparison
We first transform the real-number shares into integers. Specifically, we multiply the numbers by 10 p and truncate the remaining decimal parts. en, we utilize the two's complement representation, where the most significant bit (MSB) of a number indicates whether it is a positive or negative. For an l-bit signed number c, its binary complement form can be denoted as c (l− 1) , c (l− 2) , . . . , c (0) . Correspondingly, c can be reconstructed as Suppose that the l-bit shares of c are c 1 and c 2 , and the protocol performs bitwise operations over c 1 and c 2 to compute the sign of c. us, the protocol can compare a and b by computing the sign of a − b.

The Proposed Scheme
In this section, we present the framework of our privacypreserving nonlinear SVM classifier training scheme. Our scheme contains two main parts: the blockchain design and the privacy-preserving SVM classifier training. e details are as follows.

Registering.
e parties that want to join the decentralized network and become computing parties should first create a registering transaction in the blockchain. Each party would send a register request to the blockchain which is supposed to own at least $ deposit in the account, which is to be frozen by the contract when registering. It is used to avoid malicious behaviors during the computing period. Specifically, the servers may reduce the quantity of training data to save computation resources. ey may also forge inaccurate results and return them to the data providers.

Consensus Protocol.
In the decentralized network, a consensus protocol is necessary to make all the nodes in the network reach a consensus. We adopt the Proof-of-Work (PoW) protocol as the consensus protocol in our scheme. e computing nodes increment a nonce in the block and compute the hash value of the block header. e first and the second nodes that find such a value that meets the predefined requirement by the contract would broadcast their results in the blockchain. After the other nodes verify the correctness of the results, the two nodes are accepted as the computing parties, and the first node has the right to create a new block.

Computing Request.
e data provider who wants to outsource computation tasks to the computing nodes should first generate a transaction as Tran req � (protocols, $ payment), in which protocols are the computing functions for the servers to execute and $ pay is the payment. en, the data owner publishes the request transaction on the blockchain.
After receiving the request from the data provider, the blockchain selects two servers for computing from the nodes in the network by PoW protocol and publishes the addresses addr i (i � 1, 2) and the public key pk i (i � 1, 2) of the two computing nodes.

Payment.
If there are multiple data providers who own a set of training data and want to perform collaborative training, they should first reach a consensus about their payments of the training. In a practical scenario, each data provider usually owns different amounts of training data. e payments ought to be decided based on the amounts of data that the providers contribute. Specifically, the data provider who contributes a larger amount of training data ought to give less payment for the collaborative training. Once the data providers receive the results and believe the results can meet their requirements, they would send an acknowledgement message to the blockchain. If the blockchain receives more than two-thirds of the acknowledgement messages from data providers, it splits the total payment and distributes the payments to the two computing servers, respectively. Otherwise, the blockchain would return the payments to the data providers and deduct the fine from the deposits of the computing servers. e criterion of rewards and punishments can be adjusted in the consensus protocol before training.

System Initialization.
Suppose that there are n data providers DP j (1 ≤ j ≤ n) who own some training data, respectively, and want to collaboratively train an SVM classifier with a kernel function. e data providers first reach a consensus on the training protocols, parameters, and payments. en, they send the transactions of request to the blockchain and thereafter receive the addresses and public keys of the computing servers.
After that, the data providers first encrypt the training data by randomly splitting each element into two shares. en, they encrypt the shares with the corresponding public key pk i of the two computing servers and obtain the encrypted training datasets 〈D j 〉 i . Finally, the data providers send the encrypted datasets to the two servers, respectively, and then publish the transactions on the blockchain.

Training.
After receiving all the encrypted datasets from the data providers, the servers decrypt the shares by utilizing their corresponding private key sk i and perform the Security and Communication Networks training protocol. In our SVM model, we choose the Gaussian kernel function, which is depicted in equation (2), to achieve nonlinear separation. e function can be interactively calculated by the two servers. e steps of calculating the Gaussian kernel are shown in Algorithm 1.
To train the SVM classifier, we adopt the gradient descent (GD) as the optimization method, which is utilized in [9]. Compared with another optimization algorithm that is also frequently used in plaintext tasks, i.e., the sequential minimal optimization (SMO), GD contains less complex computation. us, it is regarded to be more suitable for the training in the encrypted domain. By introducing a hinge loss, the optimization problem of the SVM is converted to e protocol firsts executes SecComp(·) to compare , the servers update α and b by calculating the derivatives of the margin and the hinge loss. e steps of privacy-preserving training are shown in Algorithm 2. e dataset for training and the SVM model is well protected during the training process. e servers and other adversaries cannot infer any information except the respective shares obtained in each step.

Security Analysis
In this section, we present the security strength of our proposed scheme under the two-level threat models. First, we analyze the security of our scheme under the Level 1 threat model based on the universal composability (UC) framework [18], which is regarded to guarantee strong security properties. To prove the security of our scheme, we first give some definitions as follows.

Definition 1.
A protocol is secure if there exists a probabilistic polynomial-time simulator S that can generate a view for the adversary A in the real world which is computationally indistinguishable from its real view.
Due to the secret sharing-based protocols, the addition and subtraction operations which are computed locally on the servers can be easily simulated. We prove the security of other computing protocols in our scheme.

Theorem 1.
e protocol SecMul(·) is secure under the honest but curious model.

Proof.
e view of S 1 is view 1 � (a 1 , b 1 , u 1 , v 1 , w 1 , e 2 , f 2 ). It is obvious that a 1 and b 1 are randomly split from a and b and u 1 , v 1 , and w 1 are uniformly random values. e 2 and f 2 are also random values because they are generated as e 2 � a 2 − u 2 and f 2 � b 2 − v 2 . e output of S 1 is view 1 � f · a 1 + e · b 1 + w 1 , which is also uniformly random. Note that both the input and output of S 1 are random values, so they can be perfectly simulated by S. e view of adversary A and its real view are computationally indistinguishable. Similarly, the input and output of S 2 can also be perfectly simulated.

Theorem 2.
e protocol SecComp(·) is secure under the honest but curious model.
Proof. For the comparison protocol SecComp(·), the view 1 and view 2 of S 1 and S 2 are view 1 � (a 1 , u 1 , v 2 ) and . e values are random and simulatable. e bitwise addition can be deployed by secure addition and secure multiplication, which has been proved to be simulatable. erefore, it can be proved that the comparison protocol can be simulated by a simulator S.

Theorem 3.
e protocol SecExp(·) is secure under the honest but curious model.

Proof.
e SecExp(·) protocol in our scheme only involves natural exponential computation, subtraction, and secure multiplication.
e first two operations are implemented locally on the servers. e secure multiplication is proved that it can be simulated. us, the secure natural exponential computation is simulatable. A view can be generated for the adversary A, and the view is computationally indistinguishable with its real view. e privacy-preserving training protocol is composed of the above computing protocols, which are proved to be secure. us, our privacy-preserving nonlinear SVM classifier training scheme is secure against the Level 1 threat. In the Level 2 threat model, the servers can obtain some original training data from certain data providers. However, the shares of other training data are still randomly generated.
us, for the datasets from other data providers, the simulator S can still generate the view that is computationally indistinguishable from its real view. erefore, the security of the other training data and the protocols can still be guaranteed under the Level 2 threat model.

Performance Evaluation
In this section, we evaluate the performance of our scheme by conducting experiments over real-word datasets. We use a real-world dataset about social network advertising collected from a trusted website. e dataset contains 400 instances. Each instance is with 4 features and labeled as purchased or not purchased. We also use the Breast Cancer Wisconsin Database (BCWD) from the UCI machine learning repository. e dataset contains 699 instances, and each instance contains nine features. e instances in the dataset are labeled as benign or malignant. We implement the experiments on a PC with a 32-core Intel i7 CPU @ 1.80 GHz and 16 GB RAM. e algorithms are programmed with Python 2.7. Specifically, we investigate the performance through accuracy and efficiency.

Accuracy.
e precision rate and the recall rate are two key parameters to evaluate the accuracy of a classifier. We calculate the two parameters by utilizing both our proposed privacy-preserving SVM classifier and the traditional SVM classifier over plaintext. e results are shown in Table 1. We can see that our scheme can achieve nearly the same accuracy with the SVM classifier over plaintext. It demonstrates that the cryptographic methods in our scheme do not influence the classification functionality. Our scheme can maintain high accuracy while protecting privacy.

Efficiency.
In this section, we evaluate the efficiency of our scheme. Specifically, we investigate the time consumption both on the data providers and the servers by utilizing cross-validation. We evaluate the time consumption with different percentage of instances for training and ALGORITHM 1: Secure Gaussian kernel function.
) for p from 1 to m do (11) for q from 1 to m do (12) S S i locally compute 〈s p 〉 i ⟵〈s p 〉 i + 〈g p 〉 i . (14) end for (15) S i locally compute 〈f p 〉 i ⟵〈s p 〉 i + 〈b p 〉 i .  testing, as shown in Figure 2. Specifically, we take several percentages of instances for training and the others for testing. We can see that the time consumption of training data encryption is positively correlated with the percentage of instances for training because more instances mean a larger number of computation both on the data provider side and the server side. Overall, the efficiency of our scheme is acceptable for practical use.  Table 2. We can see that our scheme can achieve higher accuracy than Shen's scheme. It is because our scheme adopts the nonlinear kernel, which makes the scheme more adaptive to the datasets that contain nonlinear data. As for the efficiency, it is shown in Table 3

Related Work
Classification is a fundamental task of machine learning and applied to many fields, such as face recognition, speech recognition [19], and financial prediction. To protect the privacy of individuals and enterprises, there have been many privacy-preserving classifier training schemes proposed. ese schemes focus on training classifiers and performing classification tasks over encrypted data while protecting user privacy. Bos et al. [20] proposed a scheme to privately conduct medical predictive analysis tasks on encrypted data. However, their scheme cannot protect the model from being exposed to the users. In addition, the scheme leaks much information of the patients. Raphael Bost et al. [5] proposed privacy-preserving protocols for three common classifiers, i.e., hyperplane decision, Naïve Bayes, and decision trees. González-Serrano et al. [21] proposed a privacy-preserving semiparametric SVM scheme by utilizing a partial homomorphic cryptosystem. Recently, Shen et al. [9] proposed a privacy-preserving SVM training scheme based on the blockchain for secure IoT data sharing. ey utilized the Paillier encryption technique to design secure building blocks and achieve secure SVM training. However, these schemes all adopt the homomorphic encryption and contain computationally expensive cryptographic primitives, which make the schemes inefficient.
Some existing schemes are based on a combination of homomorphic encryption and multiparty computation. Barni et al. [22] proposed a privacy-preserving neural network classification scheme. In their algorithm, the neural networks contain a series of scalar products which are encrypted by utilizing the homomorphic encryption. e activation functions are calculated based on the secure multiparty computation. Subsequently, Orlandi et al. [23] enhanced the scheme of Barni. ey masked the scalar product results and protected the intermediate results from revealing to the client. However, these schemes also suffered heavy computation overheads.
ere are also a number of privacy-preserving training schemes that adopt differential privacy. Pathak and Raj [24] presented a scheme to learn a discriminatively trained multiclass Gaussian mixture model-based classifier that preserves differential privacy using a large margin loss    [25] designed a privacy-preserving decision tree classification construction model based on a differential privacy-protection mechanism. Nevertheless, in these schemes, there have been conflicts between privacy and accuracy. e differential privacy-protection technology by adding immeasurable noises influences the accuracy of the models.

Conclusion
In this paper, we proposed a new privacy-preserving nonlinear SVM classifier training scheme for social networks.
We utilize the blockchain technique to design a decentralized framework for data sharing and training while ensuring the invariance of datasets. We adopt additive secret sharing based on secure two-party computation and design a suite of secure computing protocols to conduct the training process with no information leakage. Our training scheme is proved to be secure through comprehensive analysis. Experiments over real datasets demonstrate that our scheme can achieve high accuracy and efficiency for practical applications.

Data Availability
e data used to support the findings of this study are available at https://github.com/JIANAN17/privacypreserving-SVM.

Conflicts of Interest
e authors declare that they have no conflicts of interest.