Abstract:In this paper, we present a practical solution to implement privacy-preserving CNN training based on mere Homomorphic Encryption (HE) technique. To our best knowledge, this is the first attempt successfully to crack this nut and no work ever before has achieved this goal. Several techniques combine to accomplish the task:: (1) with transfer learning, privacy-preserving CNN training can be reduced to homomorphic neural network training, or even multiclass logistic regression (MLR) training; (2) via a faster gradient variant called $\texttt{Quadratic Gradient}$, an enhanced gradient method for MLR with a state-of-the-art performance in convergence speed is applied in this work to achieve high performance; (3) we employ the thought of transformation in mathematics to transform approximating Softmax function in the encryption domain to the approximation of the Sigmoid function. A new type of loss function termed $\texttt{Squared Likelihood Error}$ has been developed alongside to align with this change.; and (4) we use a simple but flexible matrix-encoding method named $\texttt{Volley Revolver}$ to manage the data flow in the ciphertexts, which is the key factor to complete the whole homomorphic CNN training. The complete, runnable C++ code to implement our work can be found at: \href{<a class="link-external link-https" href="https://github.com/petitioner/HE.CNNtraining" rel="external noopener nofollow">this https URL</a>}{$\texttt{<a class="link-external link-https" href="https://github.com/petitioner/HE.CNNtraining" rel="external noopener nofollow">this https URL</a>}$}. We select $\texttt{REGNET\_X\_400MF}$ as our pre-trained model for transfer learning. We use the first 128 MNIST training images as training data and the whole MNIST testing dataset as the testing data. The client only needs to upload 6 ciphertexts to the cloud and it takes $\sim 21$ mins to perform 2 iterations on a cloud with 64 vCPUs, resulting in a precision of $21.49\%$.

Privacy-Preserving CNN Training with Transfer Learning: Multiclass Logistic Regression

Privacy-Preserving Convolutional Neural Networks Using Homomorphic Encryption

CryptoDL: Deep Neural Networks over Encrypted Data

Towards the AlexNet Moment for Homomorphic Encryption: HCNN, theFirst Homomorphic CNN on Encrypted Data with GPUs

HeHe: Balancing the Privacy and Efficiency in Training CNNs over the Semi-honest Cloud

Homomorphic WiSARDs: Efficient Weightless Neural Network training over encrypted data

Self-learning activation functions to increase accuracy of privacy-preserving Convolutional Neural Networks with homomorphic encryption

Encrypted Data Learning and Prediction Using a BFV-based Cryptographic Convolutional Neural Network

Privacy-Preserving Logistic Regression Training on Large Datasets

Efficient CNN Building Blocks for Encrypted Data

Verifiable Privacy-Preserving Neural Network on Encrypted Data

Privacy-Preserving 3-Layer Neural Network Training

Privacy preserving Neural Network Inference on Encrypted Data with GPUs

CHE: Channel-Wise Homomorphic Encryption for Ciphertext Inference in Convolutional Neural Network

Secure Convolution Neural Network Inference Based on Homomorphic Encryption

Optimized Privacy-Preserving CNN Inference With Fully Homomorphic Encryption

HETAL: Efficient Privacy-preserving Transfer Learning with Homomorphic Encryption

Volley Revolver: A Novel Matrix-Encoding Method for Privacy-Preserving Neural Networks (Inference)

A Secure Convolutional Neural Network Inference Model Based on Homomorphic Encryption

Secure CNN Training and Inference Based on Multi-key Fully Homomorphic Encryption