Lingchen Zhao,Qian Wang,Qin Zou,Yan Zhang,Yanjiao Chen

DOI: https://doi.org/10.1109/tifs.2019.2939713

2018-01-01

Abstract:With powerful parallel computing GPUs and massive user data, neural-network-based deep learning can well exert its strong power in problem modeling and solving, and has archived great success in many applications such as image classification, speech recognition and machine translation etc. While deep learning has been increasingly popular, the problem of privacy leakage becomes more and more urgent. Given the fact that the training data may contain highly sensitive information, e.g., personal medical records, directly sharing them among the users (i.e., participants) or centrally storing them in one single location may pose a considerable threat to user privacy. In this paper, we present a practical privacy-preserving collaborative deep learning system that allows users to cooperatively build a collective deep learning model with data of all participants, without direct data sharing and central data storage. In our system, each participant trains a local model with their own data and only shares model parameters with the others. To further avoid potential privacy leakage from sharing model parameters, we use functional mechanism to perturb the objective function of the neural network in the training process to achieve $\epsilon $ -differential privacy. In particular, for the first time, we consider the existence of unreliable participants , i.e., the participants with low-quality data, and propose a solution to reduce the impact of these participants while protecting their privacy. We evaluate the performance of our system on two well-known real-world datasets for regression and classification tasks. The results demonstrate that the proposed system is robust against unreliable participants, and achieves high accuracy close to the model trained in a traditional centralized manner while ensuring rigorous privacy protection.

Qiao Zhang,Cong Wang,Hongyi Wu,Chunsheng Xin,Tran V. Phuong

DOI: https://doi.org/10.24963/ijcai.2018/547

2018-01-01

Abstract:Privacy is a fundamental challenge for a variety of smart applications that depend on data aggregation and collaborative learning across different entities. In this paper, we propose a novel privacy-preserved architecture where clients can collaboratively train a deep model while preserving the privacy of each client's data. Our main strategy is to carefully partition a deep neural network to two non-colluding parties. One party performs linear computations on encrypted data utilizing a less complex homomorphic cryptosystem, while the other executes non-polynomial computations in plaintext but in a privacy-preserved manner. We analyze security and compare the communication and computation complexity with the existing approaches. Our extensive experiments on different datasets demonstrate not only stable training without accuracy loss, but also 14 to 35 times speedup compared to the state-of-the-art system.

Longfei Zheng,Chaochao Chen,Yingting Liu,Bingzhe Wu,Xibin Wu,Li Wang,Lei Wang,Jun Zhou,Shuang Yang

2020-01-01

Abstract:Deep Neural Network (DNN) has been showing great potential in kinds of real-world applications such as fraud detection and distress prediction. Meanwhile, data isolation has become a serious problem currently, i.e., different parties cannot share data with each other. To solve this issue, most research leverages cryptographic techniques to train secure DNN models for multi-parties without compromising their private data. Although such methods have strong security guarantee, they are difficult to scale to deep networks and large datasets due to its high communication and computation complexities. To solve the scalability of the existing secure Deep Neural Network (DNN) in data isolation scenarios, in this paper, we propose an industrial scale privacy preserving neural network learning paradigm, which is secure against semi-honest adversaries. Our main idea is to split the computation graph of DNN into two parts, i.e., the computations related to private data are performed by each party using cryptographic techniques, and the rest computations are done by a neutral server with high computation ability. We also present a defender mechanism for further privacy protection. We conduct experiments on real-world fraud detection dataset and financial distress prediction dataset, the encouraging results demonstrate the practicalness of our proposal.

Fei Dai,Guozhi Liu,Bi Huang,Xiaolong Xu,Chaochao Chen,Zhangbing Zhou,Xiaokang Zhou

DOI: https://doi.org/10.1109/ithings-greencom-cpscom-smartdata-cybermatics55523.2022.00070

2022-01-01

Abstract:Industrial Internet of Things (IIoT) systems can leverage deep learning (DL) models to provide intelligent applications. However, the training process of such DL models tends to leak privacy when the training data contain sensitive operational and management information. Most studies about privacy-preserving DL require a trusted data collector and thus are not suitable in an untrusted environment. In this paper, we propose a distributed privacy-preserving framework for DL with edge-cloud computing, where direct privacy leakage and indirect privacy leakage of training data are both considered. First, a pre-trained convolutional neural network (CNN) is partitioned into two parts for limiting direct privacy leakage of raw data, namely the feature module and the classification module. The feature module consisting of the lower layers of the CNN is deployed on an edge server, which is used to attract the feature of raw data. The feature data is fed to the classification module consisting of the higher layers of the CNN, which is deployed on the cloud server to compute image classification tasks. Second, a perturbation module between the feature module and the classification module is designed for limiting indirect privacy leakage during feature data transmission. The perturbation module uses local differential privacy (LDP) to produce noise in the feature data. Third, to further improve the accuracy, we retrain the classification module with the randomized feature data from edge servers. Experimental results show that the proposed framework achieves high accuracy under low privacy budgets.

Chuan Zhang,Chenfei Hu,Tong Wu,Liehuang Zhu,Ximeng Liu

DOI: https://doi.org/10.1109/TDSC.2022.3208706

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:The neural network has been widely used to train predictive models for applications such as image processing, disease prediction, and face recognition. To produce more accurate models, powerful third parties (e.g., clouds) are usually employed to collect data from a large number of users, which however may raise concerns about user privacy. In this paper, we propose an Efficient and Privacy-preserving Neural Network scheme, named EPNN, to deal with the privacy issues in cloud-based neural networks. EPNN is designed based on a two-cloud model and techniques of data perturbation and additively homomorphic cryptosystem. This scheme enables two clouds to cooperatively perform neural network training and prediction in a privacy-preserving manner and significantly reduces the computation and communication overhead among participating entities. Through a detailed analysis, we demonstrate the security of EPNN. Extensive experiments based on real-world datasets show EPNN is more efficient than existing schemes in terms of computational costs and communication overhead.

Meng Li,Liangzhen Lai,Naveen Suda,Vikas Chandra,David Z. Pan

DOI: https://doi.org/10.48550/arxiv.1709.06161

2017-01-01

Abstract:Massive data exist among user local platforms that usually cannot support deep neural network (DNN) training due to computation and storage resource constraints. Cloud-based training schemes provide beneficial services but suffer from potential privacy risks due to excessive user data collection. To enable cloud-based DNN training while protecting the data privacy simultaneously, we propose to leverage the intermediate representations of the data, which is achieved by splitting the DNNs and deploying them separately onto local platforms and the cloud. The local neural network (NN) is used to generate the feature representations. To avoid local training and protect data privacy, the local NN is derived from pre-trained NNs. The cloud NN is then trained based on the extracted intermediate representations for the target learning task. We validate the idea of DNN splitting by characterizing the dependency of privacy loss and classification accuracy on the local NN topology for a convolutional NN (CNN) based image classification task. Based on the characterization, we further propose PrivyNet to determine the local NN topology, which optimizes the accuracy of the target learning task under the constraints on privacy loss, local computation, and storage. The efficiency and effectiveness of PrivyNet are demonstrated with the CIFAR-10 dataset.

Guoqiang Deng,Xuefeng Duan,Min Tang,Yuhao Zhang,Ying Huang

DOI: https://doi.org/10.1016/j.future.2023.03.036

IF: 7.307

2023-01-01

Future Generation Computer Systems

Abstract:Fast and reliable modeling of distributed data with sensitive information is a major goal of privacy-preserving machine learning (PPML). Artificial Neural Networks (ANNs) are powerful and scalable, making them suitable to settle large-scale and highly complex machine learning tasks. Since a large number of neurons and various non-linear functions are embedded in ANNs, it is still a huge challenge to train an ANNs model in the encrypted-domain. Majority of existing approaches for PPML require multiple communications among data owners and cloud servers, leading to a substantial overhead of computation and data transmission costs, and are restricted to approximation models by polynomials or piecewise linear functions. Here, to facilitate the integration of any training data from any data owner without violating privacy constraints, we introduce a non-interactive and lossless ANNs training approach that unites mask matrix, function encryption for inner-product and coordination while maintaining confidentiality with the help of Internet Service Providers (ISPs), thereby going beyond those schemes with interactive fashion and using approximation substitutions. To illustrate the feasibility and efficiency of using our method to develop ANNs classifiers using distributed data, we choose two well-known MNIST datasets with a large amount of image data with high dimensionality in PPML field. We show the protocol is feasible to use in practice while achieving high accuracy. Furthermore, the evaluation reveals that the computational efficiency is improved at least 25 times compared with the state-of-the-art privacy-preserving ANNs approach.

Rui Wang,Xiangyun Tang,Meng Shen,Liehuang Zhu

DOI: https://doi.org/10.1109/icc45855.2022.9838847

2022-01-01

Abstract:The growing popularity of Machine learning (ML) that appreciates high quality training datasets collected from multiple organizations raises natural questions about the privacy guarantees that can be provided in such settings. Our work tackles this problem in the context of multi-party secure ML wherein multiple organizations provide their sensitive datasets to a data user and train a Naive Bayes (NB) model with the data user. We propose PPNB, a privacy-preserving scheme for training NB models, based on Homomorphic Cryptosystem (HC) and Differential Privacy (DP). PPNB achieves a balance performance between efficiency and accuracy in multi-party secure ML, enabled flexible switch among different tradeoffs by parameter tuning. Extensive experimental results validate the effectiveness of PPNB.

Lifeng Liu,Yifan Hu,Jiawei Yu,Fengda Zhang,Gang Huang,Jun Xiao,Chao Wu

DOI: https://doi.org/10.1145/3387168.3387211

2019-01-01

Abstract:Currently, training neural networks often requires a large corpus of data from multiple parties. However, data owners are reluctant to share their sensitive data to third parties for modelling in many cases. Therefore, Federated Learning (FL) has arisen as an alternative to enable collaborative training of models without sharing raw data, by distributing modelling tasks to multiple data owners. Based on FL, we premodel sent a novel and decentralized approach to training encrypted models with privacy-preserved data on Blockchain. In our approach, Blockchain is adopted as the machine learning environment where different actors (i.e., the model provider, the data provider) collaborate on the training task. During the training process, an encryption algorithm is used to protect the privacy of data and the trained model. Our experiments demonstrate that our approach is practical in real-world applications.

Jialu Chen,Jun Zhou,Zhenfu Cao,Athanasios Vasilakos,Xiaolei Dong,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/jiot.2019.2942165

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:Machine learning, particularly the neural network (NN), is extensively exploited in dizzying applications. In order to reduce the burden of computing for resource-constrained clients, a large number of historical private datasets are required to be outsourced to the semi-trusted or malicious cloud for model training and evaluation. To achieve privacy preservation, most of the existing work either exploited the technique of public key fully homomorphic encryption (FHE) resulting in considerable computational cost and ciphertext expansion, or secure multiparty computation (SMC) requiring multiple rounds of interactions between user and cloud. To address these issues, in this article, a lightweight privacy-preserving model training and evaluation scheme LPTE for discretized NNs (DiNNs) is proposed. First, we put forward an efficient single key fully homomorphic data encapsulation mechanism (SFH-DEM) without exploiting public key FHE. Based on SFH-DEM, a series of atomic calculations over the encrypted domain, including multivariate polynomial, nonlinear activation function, gradient function, and maximum operations are devised as building blocks. Furthermore, a lightweight privacy-preserving model training and evaluation scheme LPTE for DiNNs is proposed, which can also be extended to convolutional NN. Finally, we give the formal security proofs for dataset privacy, model training privacy, and model evaluation privacy under the semi-honest environment and implement the experiment on real dataset MNIST for recognizing handwritten numbers in DiNN to demonstrate the high efficiency and accuracy of our proposed LPTE.

Zhengqiang Ge,Zhipeng Zhou,Dong Guo,Qiang Li

DOI: https://doi.org/10.48550/arXiv.2104.04709

2021-04-10

Cryptography and Security

Abstract:Neural networks, with the capability to provide efficient predictive models, have been widely used in medical, financial, and other fields, bringing great convenience to our lives. However, the high accuracy of the model requires a large amount of data from multiple parties, raising public concerns about privacy. Privacy-preserving neural network based on multi-party computation is one of the current methods used to provide model training and inference under the premise of solving data privacy. In this study, we propose a new two-party privacy-preserving neural network training and inference framework in which privacy data is distributed to two non-colluding servers. We construct a preprocessing protocol for mask generation, support and realize secret sharing comparison on 2PC, and propose a new method to further reduce the communication rounds. Based on the comparison protocol, we construct building blocks such as division and exponential, and realize the process of training and inference that no longer needs to convert between different types of secret sharings and is entirely based on arithmetic secret sharing. Compared with the previous works, our work obtains higher accuracy, which is very close to that of plaintext training. While the accuracy has been improved, the runtime is reduced, considering the online phase, our work is 5x faster than SecureML, 4.32-5.75x faster than SecureNN, and is very close to the current optimal 3PC implementation, FALCON. For secure inference, as far as known knowledge is concerned, we should be the current optimal 2PC implementation, which is 4-358x faster than other works.

Yong Li,Yipeng Zhou,Alireza Jolfaei,Dongjin Yu,Gaochao Xu,Xi Zheng

DOI: https://doi.org/10.1109/jiot.2020.3022911

IF: 10.6

2021-04-15

IEEE Internet of Things Journal

Abstract:Federated learning (FL) is a promising new technology in the field of IoT intelligence. However, exchanging model-related data in FL may leak the sensitive information of participants. To address this problem, we propose a novel privacy-preserving FL framework based on an innovative chained secure multiparty computing technique, named chain-PPFL. Our scheme mainly leverages two mechanisms: 1) single-masking mechanism that protects information exchanged between participants and 2) chained-communication mechanism that enables masked information to be transferred between participants with a serial chain frame. We conduct extensive simulation-based experiments using two public data sets (MNIST and CIFAR-100) by comparing both training accuracy and leak defence with other state-of-the-art schemes. We set two data sample distributions (IID and NonIID) and three training models (CNN, MLP, and L-BFGS) in our experiments. The experimental results demonstrate that the chain-PPFL scheme can achieve practical privacy preservation (equivalent to differential privacy with $epsilon $ approaching zero) for FL with some cost of communication and without impairing the accuracy and convergence speed of the training model.

computer science, information systems,telecommunications,engineering, electrical & electronic

Qian Chen,Zilong Wang,Wenjing Zhang,Xiaodong Lin

DOI: https://doi.org/10.1016/j.cose.2022.102966

2022-10-24

Abstract:The concept of Federated Learning (FL), which is vital to the development of machine learning, has emerged as a convergence of machine learning, information, and communication technology. However, general FL settings cannot meet requirements in decentralized environments, especially in peer-to-peer (P2P) networks, where a fully connected central server is unavailable due to limited communication ranges. In this paper, to satisfy the requirements of security, privacy preservation, and robustness in the context of FL in P2P networks, we propose a decentralized global model training protocol, named PPT. Particularly, PPT aggregates local model update parameters in a single-hop manner and uses the symmetric cryptosystem to ensure secure communications between network nodes where an enhanced Eschenauer-Gligor (E-G) scheme is proposed for secure key distribution. Further, PPT generates random noise for privacy preservation without reducing the model accuracy since the noise is eliminated ultimately. PPT also adopts game theory to resist collusion attacks. In addition, PPT has elaborate designs in terms of communication efficiency and dropout-robustness. Through extensive analysis, we demonstrate that PPT can resist various security threats and preserve user privacy. Ingenious experiments on Trec05, Trec06p, Trec07, and SMS Spam Collection v.1 confirm the 20 × and 12 × improvement of computation efficiency that PPT achieves compared to Google's Secure Aggregation and Local Differential Privacy (LDP)-based FL methods. More importantly, the global model trained by PPT is better than that trained by LDP-based FL methods in terms of prediction performance (about 14% and 1% improvement in convergence rate and accuracy).

computer science, information systems

Jiaqi Zhao,Hui Zhu,Fengwei Wang,Rongxing Lu,Hui Li,Jingwei Tu,Jie Shen,Jiaqi Zhao,Hui Zhu,Fengwei Wang,Rongxing Lu,Hui Li,Jingwei Tu,Jie Shen

DOI: https://doi.org/10.1016/j.ins.2022.04.052

IF: 8.1

2022-07-01

Information Sciences

Abstract:With the advance of machine learning technology and especially the explosive growth of big data, federated learning, which allows multiple participants to jointly train a high-quality global machine learning model, has gained extensive attention. However, in federated learning, it has been proved that inference attacks could reveal sensitive information from both local updates and global model parameters, which threatens user privacy greatly. Aiming at the challenge, in this paper, a privacy-preserving and lossless federated learning scheme, named CORK, is proposed for deep neural network. With CORK, multiple participants can train a global model securely and accurately with the assistance of an aggregation server. Specifically, we first design a drop-tolerant secure aggregation algorithm FTSA, which ensures the confidentiality of local updates. Then, a lossless model perturbation mechanism PTSP is proposed to protect sensitive data in global model parameters. Furthermore, the neuron pruning operation in PTSP can reduce the scale of models, which thus improves the computation and communication efficiency significantly. Detailed security analysis shows that CORK can resist inference attacks on both local updates and global model parameters. In addition, CORK is implemented with real MNIST and CIFAR-10 datasets, and the experimental results demonstrate that CORK is indeed effective and efficient.

computer science, information systems

Tong Li,Jin Li,Xiaofeng Chen,Zheli Liu,Wenjing Lou,Y. Thomas Hou

DOI: https://doi.org/10.1109/tdsc.2020.2971598

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:In the recent decade, deep learning techniques have been widely adopted for founding artificial Intelligent applications, which led to successes in many data analysis tasks, such as risk assessment, medical predictions, and face recognition. Since the effectiveness of deep learning is directly proportional to the amount of data available, a large-scale collection of massive data is essential. Considering privacy and security concerns often prevent data owners from contributing sensitive data for training, researchers proposed several techniques to provide privacy guarantees of data in machine learning systems that contains multiple parties. However, all these works incurred frequent interactions between data owners during training, such that they came at a high communicational cost for data owners. To this end, in this article, we propose a new server-aid framework called non-interactive privacy-preserving multi-party machine learning (NPMML), which supports secure machine learning tasks without the participation of data owners. The NPMML framework significantly reduces data owners' communicational overheads in multi-party machine learning. Moreover, we design a concrete construction for multi-layer neural networks based on NPMML. Finally, we evaluate the performance of NPMML by prototype implementation. The experimental result demonstrates that NPMML is communicational-efficient for data owners.

Guoqiang Deng,Min Tang,Yuhao Zhang,Ying Huang,Xuefeng Duan

DOI: https://doi.org/10.3390/app122412873

2022-01-01

Applied Sciences

Abstract:Artificial neural network (ANN) is powerful in the artificial intelligence field and has been successfully applied to interpret complex image data in the real world. Since the majority of images are commonly known as private with the information intended to be used by the owner, such as handwritten characters and face, the private constraints form a major obstacle in developing high-precision image classifiers which require access to a large amount of image data belonging to multiple users. State-of-the-art privacy-preserving ANN schemes often use full homomorphic encryption which result in a substantial overhead of computation and data traffic for the data owners, and are restricted to approximation models by low-degree polynomials which lead to a large accuracy loss of the trained model compared to the original ANN model in the plain domain. Consequently, it is still a huge challenge to train an ANN model in the encrypted-domain. To mitigate this problem, we propose a privacy-preserving ANN system for secure constructing image classifiers, named IPPNN, where the server is able to train an ANN-based classifier on the combined image data of all data owners without being able to observe any images using primitives, such as randomization and functional encryption. Our system achieves faster training time and supports lossless training. Moreover, IPPNN removes the need for multiple communications among data owners and servers. We analyze the security of the protocol and perform experiments on a large scale image recognition task. The results show that the IPPNN is feasible to use in practice while achieving high accuracy.

Guanghui He,Yanli Ren,Gang He,Guorui Feng,Xinpeng Zhang

DOI: https://doi.org/10.1109/tsc.2024.3399648

IF: 11.019

2024-01-01

IEEE Transactions on Services Computing

Abstract:Outsourced inference services have greatly promoted the popularization of deep learning, and neural network models can help users customize a series of personalized applications, e.g., face recognition, image classification, etc. However, untrustworthy service providers also bring a variety of security issues, such as data privacy, network model privacy, etc. Meanwhile, the malicious example will result in the output of model incorrectly. For the above concerns, this paper proposes a privacy-reserving neural network inference against adversarial example attack (PPNNI) under two non-colluding cloud servers, where a series of efficient security protocols are designed to realize private prediction based on the additive secret sharing protocol. In the semi-honest model, the servers implement the neural network's private inference in the context of an unknown input and network model. Moreover, in order to prevent malicious examples from affecting the model accuracy, we produce a method of kernel density estimation and uncertainty value in the last layer of the hidden layer to determine whether the input is adversarial examples in the domain of ciphertext. The proposed PPNNI protocol is the first effort to efficiently detect adversarial attack behaviors under the ciphertexts. The theoretical analysis illustrate that the protocol can guarantee the privacy of input data, model parameters and the inference result. The results of the experiments demonstrate that the model accuracy are about 89% and 83% respectively with malicious examples on MNIST and CIFAR10 in the domain of ciphertext and they are nearly same as 91% and 85% in the domain of plaintext, which shows the effectiveness of our protocol.

Yichuan Liu,Chungen Xu,Lei Xu,Lin Mei,Xing Zhang,Cong Zuo

DOI: https://doi.org/10.32604/jihpp.2021.026944

2021-01-01

Journal of Information Hiding and Privacy Protection

Abstract:The widespread acceptance of machine learning, particularly of neural networks leads to great success in many areas, such as recommender systems, medical predictions, and recognition. It is becoming possible for any individual with a personal electronic device and Internet access to complete complex machine learning tasks using cloud servers. However, it must be taken into consideration that the data from clients may be exposed to cloud servers. Recent work to preserve data confidentiality has allowed for the outsourcing of services using homomorphic encryption schemes. But these architectures are based on honest but curious cloud servers, which are unable to tell whether cloud servers have completed the computation delegated to the cloud server. This paper proposes a verifiable neural network framework which focuses on solving the problem of data confidentiality and training integrity in machine learning. Specifically, we first leverage homomorphic encryption and extended diagonal packing method to realize a privacy-preserving neural network model efficiently, it enables the user training over encrypted data, thereby protecting the user’s private data. Then, considering the problem that malicious cloud servers are likely to return a wrong result for saving cost, we also integrate a training validation modular Proof-of-Learning, a strategy for verifying the correctness of computations performed during training. Moreover, we introduce practical byzantine fault tolerance to complete the verification progress without a verifiable center. Finally, we conduct a series of experiments to evaluate the performance of the proposed framework, the results show that our construction supports the verifiable training of PPNN based on HE without introducing much computational cost.

Peng Yang,Jun-bin Fang,Z. L. Jiang,Hongxiao Wang,Shiqi Gao,Jiehang Zhuang,S. Yiu,Yulin Wu

Abstract:. This Paper proposes FssNN, a communication-efficient secure two-party computation framework for evaluating privacy-preserving neural network via function secret sharing (FSS) in semi-honest adversary setting. In FssNN, two parties with input data in secret sharing form perform secure linear computations using additive secret haring and non-linear computations using FSS, and obtain secret shares of model parameters without disclosing their input data. To decrease communication cost, we split the protocol into online and offline phases where input-independent correlated randomness is generated in offline phase while only lightweight “non-cryptographic” computations are executed in online phase. Specifically, we propose BitXA to reduce online communication in linear computation, DCF to reduce key size of the FSS scheme used in offline phase for nonlinear computation. To further support neural network training, we enlarge the input size of neural network to 2 32 via “MPC-friendly” PRG. We implement the framework in Python and evaluate the end-to-end system for private training between two parties on standard neural networks. FssNN achieves on MNIST dataset an accuracy of 98.0%, with communication cost of 27 . 52GB and runtime of 0 . 23h per epoch in the LAN settings. That shows our work advances the state-of-the-art secure computation protocol for neural networks

Computer Science

Jun Zhou,Longfei Zheng,Chaochao Chen,Yan Wang,Xiaolin Zheng,Bingzhe Wu,Cen Chen,Li Wang,Jianwei Yin

DOI: https://doi.org/10.1145/3501809

IF: 5

2022-01-01

ACM Transactions on Intelligent Systems and Technology

Abstract:Deep Neural Networks (DNNs) have achieved remarkable progress in various real-world applications, especially when abundant training data are provided. However, data isolation has become a serious problem currently. Existing works build privacy-preserving DNN models from either algorithmic perspective or cryptographic perspective. The former mainly splits the DNN computation graph between data holders or between data holders and server, which demonstrates good scalability but suffers from accuracy loss and potential privacy risks. In contrast, the latter leverages time-consuming cryptographic techniques, which has strong privacy guarantee but poor scalability. In this article, we propose SPNN-a Scalable and Privacy-preserving deep Neural Network learning framework, from an algorithmic-cryptographic co-perspective. From algorithmic perspective, we split the computation graph of DNN models into two parts, i.e., the private-data-related computations that are performed by data holders and the rest heavy computations that are delegated to a semi-honest server with high computation ability. From cryptographic perspective, we propose using two types of cryptographic techniques, i.e., secret sharing and homomorphic encryption, for the isolated data holders to conduct private-data-related computations privately and cooperatively. Furthermore, we implement SPNN in a decentralized setting and introduce user-friendly APIs. Experimental results conducted on real-world datasets demonstrate the superiority of our proposed SPNN.