This reliance on cloud computing poses significant security risks, particularly in areas like health care, where hospitals may be hesitant to use AI tools to analyze confidential patient data due to privacy concerns.

To tackle this pressing issue, MIT researchers have developed a security protocol that leverages the quantum properties of light to guarantee that data sent to and from a cloud server remain secure during deep-learning computations.

By encoding data into the laser light used in fiber optic communications systems, the protocol exploits the fundamental principles of quantum mechanics, making it impossible for attackers to copy or intercept the information without detection.

Moreover, the technique guarantees security without compromising the accuracy of the deep-learning models. In tests, the researcher demonstrated that their protocol could maintain 96 percent accuracy while ensuring robust security measures.

“Deep learning models like GPT-4 have unprecedented capabilities but require massive computational resources. Our protocol enables users to harness these powerful models without compromising the privacy of their data or the proprietary nature of the models themselves,” says Kfir Sulimany, an MIT postdoc in the Research Laboratory for Electronics (RLE) and lead author of a paper on this security protocol.

Sulimany is joined on the paper by Sri Krishna Vadlamani, an MIT postdoc; Ryan Hamerly, a former postdoc now at NTT Research, Inc.; Prahlad Iyengar, an electrical engineering and computer science (EECS) graduate student; and senior author Dirk Englund, a professor in EECS, principal investigator of the Quantum Photonics and Artificial Intelligence Group and of RLE. The research was recently presented at Annual Conference on Quantum Cryptography.

A two-way street for security in deep learning

The cloud-based computation scenario the researchers focused on involves two parties — a client that has confidential data, like medical images, and a central server that controls a deep learning model.

The client wants to use the deep-learning model to make a prediction, such as whether a patient has cancer based on medical images, without revealing information about the patient.

In this scenario, sensitive data must be sent to generate a prediction. However, during the process the patient data must remain secure.

Also, the server does not want to reveal any parts of the proprietary model that a company like OpenAI spent years and millions of dollars building.

“Both parties have something they want to hide,” adds Vadlamani.

In digital computation, a bad actor could easily copy the data sent from the server or the client.

Quantum information, on the other hand, cannot be perfectly copied. The researchers leverage this property, known as the no-cloning principle, in their security protocol.

For the researchers’ protocol, the server encodes the weights of a deep neural network into an optical field using laser light.

A neural network is a deep-learning model that consists of layers of interconnected nodes, or neurons, that perform computation on data. The weights are the components of the model that do the mathematical operations on each input, one layer at a time. The output of one layer is fed into the next layer until the final layer generates a prediction.

The server transmits the network’s weights to the client, which implements operations to get a result based on their private data. The data remain shielded from the server.

At the same time, the security protocol allows the client to measure only one result, and it prevents the client from copying the weights because of the quantum nature of light.

Once the client feeds the first result into the next layer, the protocol is designed to cancel out the first layer so the client can’t learn anything else about the model.

“Instead of measuring all the incoming light from the server, the client only measures the light that is necessary to run the deep neural network and feed the result into the next layer. Then the client sends the residual light back to the server for security checks,” Sulimany explains.

Due to the no-cloning theorem, the client unavoidably applies tiny errors to the model while measuring its result. When the server receives the residual light from the client, the server can measure these errors to determine if any information was leaked. Importantly, this residual light is proven to not reveal the client data.

A practical protocol

Modern telecommunications equipment typically relies on optical fibers to transfer information because of the need to support massive bandwidth over long distances. Because this equipment already incorporates optical lasers, the researchers can encode data into light for their security protocol without any special hardware.

When they tested their approach, the researchers found that it could guarantee security for server and client while enabling the deep neural network to achieve 96 percent accuracy.

The tiny bit of information about the model that leaks when the client performs operations amounts to less than 10 percent of what an adversary would need to recover any hidden information. Working in the other direction, a malicious server could only obtain about 1 percent of the information it would need to steal the client’s data.

“You can be guaranteed that it is secure in both ways — from the client to the server and from the server to the client,” Sulimany says.

“A few years ago, when we developed our demonstration of distributed machine learning inference between MIT’s main campus and MIT Lincoln Laboratory, it dawned on me that we could do something entirely new to provide physical-layer security, building on years of quantum cryptography work that had also been shown on that testbed,” says Englund. “However, there were many deep theoretical challenges that had to be overcome to see if this prospect of privacy-guaranteed distributed machine learning could be realized. This didn’t become possible until Kfir joined our team, as Kfir uniquely understood the experimental as well as theory components to develop the unified framework underpinning this work.”

In the future, the researchers want to study how this protocol could be applied to a technique called federated learning, where multiple parties use their data to train a central deep-learning model. It could also be used in quantum operations, rather than the classical operations they studied for this work, which could provide advantages in both accuracy and security.

This work was supported, in part, by the Israeli Council for Higher Education and the Zuckerman STEM Leadership Program.

According to their new study in eBioMedicine, these mouse models are important for COVID-19 research because their cells were engineered to include two important human molecules that are involved in SARS-CoV-2 infection of human cells — and these humanized mice were generated on two different immunologic backgrounds. The new models can help shed light on how SARS-CoV-2 moves through the body and why different people experience wildly different COVID-19 symptoms.

“With these mouse models, we can model epidemiologically-relevant SARS-CoV-2 infection and vaccination settings, and we can study all relevant tissues (not just the blood) at different timepoints following infection and/or vaccination,” says LJI Professor Sujan Shresta, Ph.D., who co-led the research with LJI Histopathology Core Director Kenneth Kim, Dipl. ACVP, and the late Kurt Jarnagin, Ph.D., of Synbal, Inc.

Already, these new mouse models have helped scientists capture a clearer picture of how SARS-CoV-2 affects humans. They are also available to the wider COVID-19 research community.

“This work is part of LJI’s mission to contribute to pandemic preparedness around the world,” says Shresta.

Mouse models are a critical tool for understanding infection

Shresta’s lab is known for producing mouse models to study immune responses to infectious diseases such as dengue virus and Zika virus. In 2021, her laboratory partnered with Synbal, Inc., a preclinical biotechnology company based in San Diego, CA, to develop multi-gene, humanized mouse models for COVID-19 research. The project was also supported by Synbal CEO and LJI Board Member David R. Webb, Ph.D.

Shresta and Jarnagin collaborated to produce mice that express either human ACE2, human TMPRSS2, or both molecules in the C57BL/6 and BALB/c mouse genetic backgrounds. “Immunologists have found that these two genetic backgrounds in mice elicit different immune responses,” says Shresta.

As Shresta explains, having the flexibility to include the genes for one or both of these molecules in two different mouse genetic backgrounds gives scientists an opportunity to investigate two key areas. First, they can examine how each of these molecules contribute to infection with different SARS-CoV-2 variants. Second, they can study how the host’s genetic background might influence disease progression and immune response following infection with different variants.

Zooming into infected tissues

The researchers then took a closer look at how these models responded to actual SARS-CoV-2 infection. LJI Postdoctoral Fellow Shailendra Verma, Ph.D., worked in LJI’s High Containment (BSL-3) Facility to take tissue samples from the various mouse strains exposed to SARS-CoV-2.

“This work wouldn’t have been possible if we didn’t have a BSL-3 facility at LJI,” says Shresta, who has worked closely with LJI’s Department of Environmental Health and Safety to conduct several cutting-edge studies in the facility.

Next, Kim, a board-certified pathologist, examined the tissue samples and compared them to pathologic findings from humans with COVID-19.

Kim’s analysis showed signs of SARS-CoV-2 infection in the lungs, which are also the tissue most vulnerable to SARS-CoV-2 infection in humans. Kim could also see mouse immune cells responding to infection in a way that reflected the human immune response.

By characterizing these responses in the new mouse models, the researchers have established a foundation for understanding the immune heterogeneity — or wide range of immune responses — of SARS-CoV-2-induced disease.

“There’s no such thing as a perfect animal model, but our goal is always to make an animal model that recapitulates the human disease and immune response as much as possible,” says Shresta.

The new mouse models may prove valuable for studying responses to emerging SARS-CoV-2 variants and future coronaviruses with pandemic potential.

“Not only are these models useful for current COVID-19 studies, but if there should be another coronavirus pandemic — with a virus that utilizes the same ACE2 receptor and/or TMPRSS2 molecule for viral entry into human cells — then these mouse lines on two different genetic backgrounds will be ready,” says Kim.

Additional authors of the study, “Influence of Th1 versus Th2 immune bias on viral, pathological, and immunological dynamics in SARS-CoV-2 variant-infected human ACE2 knock-in mice,” include Erin Maule, Paolla B. A. Pinto, Chris Conner, Kristen Valentine, Dale O Cowley, Robyn Miller, Annie Elong Ngono, Linda Tran, Krithik Varghese, Rúbens Prince dos Santos Alves, Kathryn M. Hastie and Erica Ollmann Saphire.

This study was supported by the National Institutes of Health (grant U19 AI142790-02S1 and R44 AI157900), the GHR Foundation, the Arvin Gottlieb Charitable Foundation, the Overton family, and by a American Association of Immunologists Career Reentry Fellowship (FASB).

Dogs respond to human speech, even though they themselves cannot produce human sounds. To better understand how people and pups communicate, the scientists analyzed the vocal sounds of 30 dogs. They also analyzed the sounds of 27 humans across five languages speaking to other people, and 22 humans across those languages speaking to dogs. The scientists also used electroencephalography (EEG) to examine the brain responses to speech in humans and dogs.

Humans are much faster ‘talkers’ than dogs, the study showed, with a speech rate of about four syllables per second, while dogs bark, growl, woof, and whine at a rate of about two vocalizations per second. When talking to dogs, the humans slowed their speech to around three syllables per second. EEG signals of humans and canines showed that dogs’ neural responses to speech are focused on delta rhythms, while human responses to speech are focused on faster theta rhythms. The authors suggest that humans and dogs have different vocal processing systems, and that slowing down our speech when speaking to pets may have ultimately helped us better connect with them.

The authors add, “What’s further interesting, is that while dogs use slow rhythm to process speech and contrary to popular beliefs, they need both content and prosody to successfully comprehend it.”

The research also found that drinking more than four cups of coffee per day also increases the risk of stroke.

The findings come from two analyses of the INTERSTROKE research project which have been published — the effects of fizzy drinks, fruit juice/drink and water was reported in the Journal of Stroke; and the findings related to tea and coffee in the International Journal of Stroke.

Stroke occurs when the blood supply to part of the brain is cut-off and damages brain cells — it can either be ischemic stroke, which is usually due to a blood clot, or when there intracerebral haemorrhage, which is bleeding into the brain tissue.

INTERSTROKE is one of the largest international studies of risk factors for stroke, involving almost 27,000 people, in 27 countries, including almost 13,500 people who experienced their first stroke.

Those who took part in the study came from a broad range of geographical and ethnic backgrounds, with different cardiovascular risk profiles, including Ireland and the UK.

The study which focused on people’s consumption of fizzy drinks and fruit juice found:

• Fizzy drinks, including both sugar-sweetened and artificially sweetened such as diet or zero sugar, were linked with a 22% increased chance of stroke, and the risk increased sharply with two or more of these drinks a day
• The link between fizzy drinks and chance of stroke was greatest in Eastern/Central Europe and Middle East, Africa, and South America
• The research noted that many products marketed as fruit juice are made from concentrates and contain added sugars and preservatives, which may offset the benefits usually linked with fresh fruit, and actually increase stroke risk
• Fruit juice drinks were linked with a 37% increase in chance of stroke due to bleeding (intracranial haemorrhage). With two of these drinks a day, the risk triples
• Women show the greatest increased chance of stroke due to bleeding (intracranial haemorrhage) linked to fruit juice/drinks
• Drinking more than 7 cups of water a day was linked with a reduced odds of stroke caused by a clot

Lead researcher on both studies Professor Andrew Smyth, Professor of Clinical Epidemiology at University of Galway and Consultant Physician at Galway University Hospitals, said: “Not all fruit drinks are created equal — freshly squeezed fruit juices are most likely to bring benefits, but fruit drinks made from concentrates, with lots of added sugars and preservatives, may be harmful. Our research also shows that the chance of stroke increases the more often someone consumes fizzy drinks.

“As a doctor and as someone who has researched the risk of stroke, we would encourage people to avoid or minimise their consumption of fizzy and fruit drinks, and to consider switching to water instead.”

The study which focused on people’s consumption of coffee and tea found:

• Drinking more than four cups of coffee a day increased chance of stroke by 37%, but not associated with stroke risk for lower intakes
• Drinking tea was linked with a reduced chance of stroke by 18-20%
• Drinking 3-4 cups per day of black tea — including Breakfast and Earl Grey teas, but not green tea or herbal teas — was linked with a 29% lower chance of stroke
• Drinking 3-4 cups per day of green tea was linked with a 27% lower chance of stroke
• Adding milk may reduce or block the beneficial effects of antioxidants that can be found in tea. The reduced chance of stroke from drinking tea was lost for those that added milk
• There were important geographical differences in the findings — tea was linked with lower chance of stroke in China and South America but higher chance of stroke in South Asia

Professor Martin O’Donnell, Executive Dean of College of Medicine, Nursing and Health Sciences at University of Galway and Consultant Stroke Physician at Galway University Hospitals, co-leads the INTERSTROKE study in partnership with Professor Salim Yusuf of the Population Health Research Institute at McMaster University, Canada.

Professor O’Donnell said: “A key goal of the INTERSTROKE study is to provide usable information on how to reduce one’s risk of stroke. While hypertension is the most important risk factor, our stroke risk can also be lowered through healthy lifestyle choices in diet and physical activity. The current study adds further information on what constitutes healthy choices on daily intake of beverages.”