Zhang Qiao,Wang Cong,Xin Chunsheng,Wu Hongyi

2019-01-01

Abstract: Machine Learning as a Service (MLaaS) is enabling a wide range of smart applications on end devices. However, such convenience comes with a cost of privacy because users have to upload their private data to the cloud. This research aims to provide effective and efficient MLaaS such that the cloud server learns nothing about user data and the users cannot infer the proprietary model parameters owned by the server. This work makes the following contributions. First, it unveils the fundamental performance bottleneck of existing schemes due to the heavy permutations in computing linear transformation and the use of communication intensive Garbled Circuits for nonlinear transformation. Second, it introduces an ultra-fast secure MLaaS framework, CHEETAH, which features a carefully crafted secret sharing scheme that runs significantly faster than existing schemes without accuracy loss. Third, CHEETAH is evaluated on the benchmark of well-known, practical deep networks such as AlexNet and VGG-16 on the MNIST and ImageNet datasets. The results demonstrate more than 100x speedup over the fastest GAZELLE (Usenix Security'18), 2000x speedup over MiniONN (ACM CCS'17) and five orders of magnitude speedup over CryptoNets (ICML'16). This significant speedup enables a wide range of practical applications based on privacy-preserved deep neural networks.

Hyeri Roh,Jinsu Yeo,Yeongil Ko,Gu-Yeon Wei,David Brooks,Woo-Seok Choi

2024-01-30

Abstract:This paper presents Flash, an optimized private inference (PI) hybrid protocol utilizing both homomorphic encryption (HE) and secure two-party computation (2PC), which can reduce the end-to-end PI latency for deep CNN models less than 1 minute with CPU. To this end, first, Flash proposes a low-latency convolution algorithm built upon a fast slot rotation operation and a novel data encoding scheme, which results in 4-94x performance gain over the state-of-the-art. Second, to minimize the communication cost introduced by the standard nonlinear activation function ReLU, Flash replaces the entire ReLUs with the polynomial $x^2+x$ and trains deep CNN models with the new activation function. The trained models improve the inference accuracy for CIFAR-10/100 and TinyImageNet by 16% on average (up to 40% for ResNet-32) compared to prior art. Last, Flash proposes an efficient 2PC-based $x^2+x$ evaluation protocol that does not require any offline communication and that reduces the total communication cost to process the activation layer by 84-196x over the state-of-the-art. As a result, the end-to-end PI latency of Flash implemented on CPU is 0.02 minute for CIFAR-100 and 0.57 minute for TinyImageNet classification, while the total data communication is 0.07GB for CIFAR-100 and 0.22GB for TinyImageNet. Flash improves the state-of-the-art PI by 16-45x in latency and 84-196x in communication cost. Moreover, even for ImageNet, Flash can deliver the latency less than 1 minute on CPU with the total communication less than 1GB.

Cryptography and Security

Jaiyoung Park,Donghwan Kim,Jongmin Kim,Sangpyo Kim,Wonkyung Jung,Jung Hee Cheon,Jung Ho Ahn

DOI: https://doi.org/10.48550/arXiv.2310.16530

2023-10-25

Abstract:Incorporating fully homomorphic encryption (FHE) into the inference process of a convolutional neural network (CNN) draws enormous attention as a viable approach for achieving private inference (PI). FHE allows delegating the entire computation process to the server while ensuring the confidentiality of sensitive client-side data. However, practical FHE implementation of a CNN faces significant hurdles, primarily due to FHE's substantial computational and memory overhead. To address these challenges, we propose a set of optimizations, which includes GPU/ASIC acceleration, an efficient activation function, and an optimized packing scheme. We evaluate our method using the ResNet models on the CIFAR-10 and ImageNet datasets, achieving several orders of magnitude improvement compared to prior work and reducing the latency of the encrypted CNN inference to 1.4 seconds on an NVIDIA A100 GPU. We also show that the latency drops to a mere 0.03 seconds with a custom hardware design.

Cryptography and Security,Hardware Architecture

Meng Hao,Hongwei Li,Hanxiao Chen,Pengzhi Xing,Tianwei Zhang

DOI: https://doi.org/10.1109/tifs.2023.3262149

IF: 7.231

2023-04-28

IEEE Transactions on Information Forensics and Security

Abstract:Private neural network inference has demonstrated great importance in various privacy-critical scenarios. However, the primary challenge remaining in prior works is that the evaluation on encrypted data levies prohibitively high runtime and communication overhead. In this work, we present FastSecNet, an efficient two-party cryptographic framework for private inference in the dealer-based pre-processing setting. Specifically, 1) FastSecNet provides an efficient ReLU protocol for the evalution of non-linear layers, which is built up on a recent advanced cryptographic primitive, function secret sharing (FSS). The core of this construction are an optimized ReLU representation and a customized FSS-based ReLU protocol. 2) For linear layer evaluation, we first propose an efficient PRG-based pre-processing protocol based on the fact that one of the inputs is uniformly random in the offline phase. Then, the online phase only communicates one element and consists of lightweight secret-sharing operations in a ring. Extensive evaluations conducted on 4 real-world datasets and 9 neural network models demonstrate that during the online phase, FastSecNet achieves less runtime and less communication cost compared to the state-of-the-art.

computer science, theory & methods,engineering, electrical & electronic

Chao Guo,Ke Cheng,Jiaxuan Fu,Ruolu Fan,Zhao Chang,Zhiwei Zhang,Anxiao Song

DOI: https://doi.org/10.33969/j-nana.2023.030202

2023-01-01

Journal of Networking and Network Applications

Abstract:Outsourcing convolutional neural network (CNN) inference services to the cloud is extremely beneficial, yet raises critical privacy concerns on the proprietary model parameters of the model provider and the private input data of the user. Previous studies have indicated that some cryptographic tools such as secure multi-party computation (MPC) can be used to achieve secure outsourced inferences. However, MPC-based approaches often require a large number of communication rounds across two or more non-colluding servers, which make them hard to exploit GPU acceleration. In this paper, we propose GFS-CNN, a GPU-friendly secure computation platform for convolutional neural networks. The following two specific efforts of GFS-CNN have been made by combining machine learning and cryptography techniques. Firstly, We use quadratic activation functions to replace most of the ReLU functions without losing much accuracy, so as to create a mixed linear layer for better efficiency by integrating convolution, batch normalization, and quadratic activation. Secondly, for the rest ReLU functions, we implement the secure ReLU protocol using function secret sharing, enabling GFS-CNN to evaluate the secure comparison function via a single interaction during the online phase. Extensive experiments demonstrate that GFS-CNN is accuracy-preserving and reduces online inference time by 16.4% on VGG-16 models compared to Delphi (USENIX Security’20).

English Else

Jinguo Li,Yan Yan,Kai Zhang,Chunlin Li,Peichun Yuan

DOI: https://doi.org/10.1016/j.knosys.2023.111181

IF: 8.139

2024-01-01

Knowledge-Based Systems

Abstract:Convolutional neural networks (CNNs) have been widely employed in image and video recognition tasks due to their superior performance. With the increasing popularity of machine learning as a service, CNN model owners often outsource their models to the cloud to provide inference services. However, the user data and outsourced models processed by cloud-based CNN inference applications suffer from privacy leakage issues. Therefore, several studies have proposed different privacy-preserving CNN architectures. Most of these approaches are based on heavyweight cryptographic methods, which require significant computational resources. In this study, we propose a novel scheme, a Fast Privacy-Preserving Outsourced Convolutional Neural Network with Low Bandwidth (FPCNN), to provide secure inference services on the cloud using outsourced data and models. Specifically, for linear CNN layers, FPCNN significantly reduces the bandwidth requirements between servers by applying scaled noise models and scaled secret sharing. For nonlinear CNN layers, we first optimize the multiplication operation under secret sharing to save bandwidth. Subsequently, based on the nonlinear input characteristics of CNNs, we introduce a secure parallel rectified linear unit (ReLU) computation protocol that significantly reduces the number of communication rounds. Finally, the experimental results demonstrate that FPCNN achieves a speedup of 2 . 66 × and a 32 . 8 × reduction in bandwidth compared with state-of-the-art methods.

computer science, artificial intelligence

Dongwoo Kim,Cyril Guyot

DOI: https://doi.org/10.1109/TIFS.2023.3263631

IF: 7.231

IEEE Transactions on Information Forensics and Security

Abstract:Inference of machine learning models with data privacy guarantees has been widely studied as privacy concerns are getting growing attention from the community. Among others, secure inference based on Fully Homomorphic Encryption (FHE) has proven its utility by providing stringent data privacy at sometimes affordable cost. Still, previous work was restricted to shallow and narrow neural networks and simple tasks due to the high computational cost incurred from FHE. In this paper, we propose a more efficient way of evaluating convolutions with FHE, where the cost remains constant regardless of the kernel size, resulting in 12–<inline-formula> <tex-math notation="LaTeX">$46\times $ </tex-math></inline-formula> timing improvement on various kernel sizes. Combining our methods with FHE bootstrapping, we achieve at least 18.9% (and 48.1%) timing reduction in homomorphic evaluation of 20-layer CNN classifiers (and a part of it) on CIFAR10/100 (and ImageNet, respectively) datasets. Furthermore, in consideration of our methods being effective for evaluating CNNs with intensive convolutional operations and exploring such CNNs, we achieve at least <inline-formula> <tex-math notation="LaTeX">$5\times $ </tex-math></inline-formula> faster inference on CIFAR10/100 with FHE than the prior works having the same or less accuracy.

Computer Science

Karthik Garimella,Nandan Kumar Jha,Zahra Ghodsi,Siddharth Garg,Brandon Reagen

DOI: https://doi.org/10.48550/arXiv.2111.02583

2022-07-18

Abstract:The privacy concerns of providing deep learning inference as a service have underscored the need for private inference (PI) protocols that protect users' data and the service provider's model using cryptographic methods. Recently proposed PI protocols have achieved significant reductions in PI latency by moving the computationally heavy homomorphic encryption (HE) parts to an offline/pre-compute phase. Paired with recent optimizations that tailor networks for PI, these protocols have achieved performance levels that are tantalizingly close to being practical. In this paper, we conduct a rigorous end-to-end characterization of PI protocols and optimization techniques and find that the current understanding of PI performance is overly optimistic. Specifically, we find that offline storage costs of garbled circuits (GC), a key cryptographic protocol used in PI, on user/client devices are prohibitively high and force much of the expensive offline HE computation to the online phase, resulting in a 10-1000$\times$ increase to PI latency. We propose a modified PI protocol that significantly reduces client-side storage costs for a small increase in online latency. Evaluated end-to-end, the modified protocol outperforms current protocols by reducing the mean PI latency by $4\times$ for ResNet18 on TinyImageNet. We conclude with a discussion of several recently proposed PI optimizations in light of the findings and note many actually increase PI latency when evaluated from an end-to-end perspective.

Cryptography and Security

Jianqiao Mo,Karthik Garimella,Negar Neda,Austin Ebel,Brandon Reagen

DOI: https://doi.org/10.1145/3587135.3592169

2023-07-09

Abstract:Privacy and security have rapidly emerged as first order design constraints. Users now demand more protection over who can see their data (confidentiality) as well as how it is used (control). Here, existing cryptographic techniques for security fall short: they secure data when stored or communicated but must decrypt it for computation. Fortunately, a new paradigm of computing exists, which we refer to as privacy-preserving computation (PPC). Emerging PPC technologies can be leveraged for secure outsourced computation or to enable two parties to compute without revealing either users' secret data. Despite their phenomenal potential to revolutionize user protection in the digital age, the realization has been limited due to exorbitant computational, communication, and storage overheads. This paper reviews recent efforts on addressing various PPC overheads using private inference (PI) in neural network as a motivating application. First, the problem and various technologies, including homomorphic encryption (HE), secret sharing (SS), garbled circuits (GCs), and oblivious transfer (OT), are introduced. Next, a characterization of their overheads when used to implement PI is covered. The characterization motivates the need for both GCs and HE accelerators. Then two solutions are presented: HAAC for accelerating GCs and RPU for accelerating HE. To conclude, results and effects are shown with a discussion on what future work is needed to overcome the remaining overheads of PI.

Cryptography and Security,Machine Learning

Yuke Zhang,Dake Chen,Souvik Kundu,Haomei Liu,Ruiheng Peng,Peter A. Beerel

2023-04-26

Abstract:Recently, private inference (PI) has addressed the rising concern over data and model privacy in machine learning inference as a service. However, existing PI frameworks suffer from high computational and communication costs due to the expensive multi-party computation (MPC) protocols. Existing literature has developed lighter MPC protocols to yield more efficient PI schemes. We, in contrast, propose to lighten them by introducing an empirically-defined privacy evaluation. To that end, we reformulate the threat model of PI and use inference data privacy attacks (IDPAs) to evaluate data privacy. We then present an enhanced IDPA, named distillation-based inverse-network attack (DINA), for improved privacy evaluation. Finally, we leverage the findings from DINA and propose C2PI, a two-party PI framework presenting an efficient partitioning of the neural network model and requiring only the initial few layers to be performed with MPC protocols. Based on our experimental evaluations, relaxing the formal data privacy guarantees C2PI can speed up existing PI frameworks, including Delphi [1] and Cheetah [2], up to 2.89x and 3.88x under LAN and WAN settings, respectively, and save up to 2.75x communication costs.

Cryptography and Security

Jing Wang,Debiao He,Aniello Castiglione,Brij B. Gupta,Marimuthu Karuppiah,Libing Wu

DOI: https://doi.org/10.1109/tnse.2022.3177755

IF: 6.6

2022-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Deploying convolutional neural network (CNN) inference on resource-constrained devices remains a remarkable challenge for industrial Internet of Things (IIoT). Although the cloud computing shows great promise in machine learning training and prediction, outsourcing data to remote cloud always incurs privacy risk and high latency. Therefore, we design a new framework for efficient and privacy-preserving CNN inference based on cloud-edge-client collaboration $( m{named} , ext{PCNN}_{ ext{CEC}})$. In $ ext{PCNN}_{ ext{CEC}} $, the model of cloud and the data of client in IIoT are split into two shares and sent to two non-colluded edge servers. By applying the arithmetic secret sharing and pre-computation of beaver&#x27;s triplets, the two edge servers can jointly calculate the predicting results without learning anything about the model and data. To speed up the pre-computation of offline phase and not sacrifice security, the task of triplets generation is delegated to the cloud, so that the edge servers do not require frequent interactions to generate triplets themselves or introducing additional trusted party. The experimental results show the proposed private comparison protocol achieves a better tradeoff between low latency and high throughput, when it is compared with garbled circuit based protocols and other secret sharing based protocols. Additionally, the benchmarks conducted on realistic MNIST and CIFAR-10 datasets demonstrate that $ ext{PCNN}_{ ext{CEC}} $ costs less communication and runtime than two recently related schemes under the same security level.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Gordon Y. K. Ng,Susan R. George

DOI: https://doi.org/10.1016/0922-4106(94)90044-2

IF: 5.195

1994-11-15

European Journal of Pharmacology

Abstract:

Shaohua Li,Kaiping Xue,Chenkai Ding,Xindi Gao,David S L Wei,Tao Wan,Feng Wu

DOI: https://doi.org/10.48550/arXiv.1811.08257

2018-11-20

Abstract:Machine learning as a service has been widely deployed to utilize deep neural network models to provide prediction services. However, this raises privacy concerns since clients need to send sensitive information to servers. In this paper, we focus on the scenario where clients want to classify private images with a convolutional neural network model hosted in the server, while both parties keep their data private. We present FALCON, a fast and secure approach for CNN predictions based on Fourier Transform. Our solution enables linear layers of a CNN model to be evaluated simply and efficiently with fully homomorphic encryption. We also introduce the first efficient and privacy-preserving protocol for softmax function, which is an indispensable component in CNNs and has not yet been evaluated in previous works due to its high complexity. We implemented the FALCON and evaluated the performance on real-world CNN models. The experimental results show that FALCON outperforms the best known works in both computation and communication cost.

Cryptography and Security

Chiraag Juvekar,Vinod Vaikuntanathan,Anantha Chandrakasan

DOI: https://doi.org/10.48550/arXiv.1801.05507

2018-01-16

Cryptography and Security

Abstract:The growing popularity of cloud-based machine learning raises a natural question about the privacy guarantees that can be provided in such a setting. Our work tackles this problem in the context where a client wishes to classify private images using a convolutional neural network (CNN) trained by a server. Our goal is to build efficient protocols whereby the client can acquire the classification result without revealing their input to the server, while guaranteeing the privacy of the server's neural network. To this end, we design Gazelle, a scalable and low-latency system for secure neural network inference, using an intricate combination of homomorphic encryption and traditional two-party computation techniques (such as garbled circuits). Gazelle makes three contributions. First, we design the Gazelle homomorphic encryption library which provides fast algorithms for basic homomorphic operations such as SIMD (single instruction multiple data) addition, SIMD multiplication and ciphertext permutation. Second, we implement the Gazelle homomorphic linear algebra kernels which map neural network layers to optimized homomorphic matrix-vector multiplication and convolution routines. Third, we design optimized encryption switching protocols which seamlessly convert between homomorphic and garbled circuit encodings to enable implementation of complete neural network inference. We evaluate our protocols on benchmark neural networks trained on the MNIST and CIFAR-10 datasets and show that Gazelle outperforms the best existing systems such as MiniONN (ACM CCS 2017) by 20 times and Chameleon (Crypto Eprint 2017/1164) by 30 times in online runtime. Similarly when compared with fully homomorphic approaches like CryptoNets (ICML 2016) we demonstrate three orders of magnitude faster online run-time.

Daniel Takabi,Robert Podschwadt,Jeff Druce,Curt Wu,Kevin Procopio

DOI: https://doi.org/10.48550/arXiv.1911.11377

2019-11-26

Cryptography and Security

Abstract:Machine Learning as a Service (MLaaS) has become a growing trend in recent years and several such services are currently offered. MLaaS is essentially a set of services that provides machine learning tools and capabilities as part of cloud computing services. In these settings, the cloud has pre-trained models that are deployed and large computing capacity whereas the clients can use these models to make predictions without having to worry about maintaining the models and the service. However, the main concern with MLaaS is the privacy of the client's data. Although there have been several proposed approaches in the literature to run machine learning models on encrypted data, the performance is still far from being satisfactory for practical use. In this paper, we aim to accelerate the performance of running machine learning on encrypted data using combination of Fully Homomorphic Encryption (FHE), Convolutional Neural Networks (CNNs) and Graphics Processing Units (GPUs). We use a number of optimization techniques, and efficient GPU-based implementation to achieve high performance. We evaluate a CNN whose architecture is similar to AlexNet to classify homomorphically encrypted samples from the Cars Overhead With Context (COWC) dataset. To the best of our knowledge, it is the first time such a complex network and large dataset is evaluated on encrypted data. Our approach achieved reasonable classification accuracy of 95% for the COWC dataset. In terms of performance, our results show that we could achieve several thousands times speed up when we implement GPU-accelerated FHE operations on encrypted floating point numbers.

Arjun Roy,Kaushik Roy

2024-08-28

Abstract:The convergence of fully homomorphic encryption (FHE) and machine learning offers unprecedented opportunities for private inference of sensitive data. FHE enables computation directly on encrypted data, safeguarding the entire machine learning pipeline, including data and model confidentiality. However, existing FHE-based implementations for deep neural networks face significant challenges in computational cost, latency, and scalability, limiting their practical deployment. This paper introduces DCT-CryptoNets, a novel approach that leverages frequency-domain learning to tackle these issues. Our method operates directly in the frequency domain, utilizing the discrete cosine transform (DCT) commonly employed in JPEG compression. This approach is inherently compatible with remote computing services, where images are usually transmitted and stored in compressed formats. DCT-CryptoNets reduces the computational burden of homomorphic operations by focusing on perceptually relevant low-frequency components. This is demonstrated by substantial latency reduction of up to 5.3$\times$ compared to prior work on image classification tasks, including a novel demonstration of ImageNet inference within 2.5 hours, down from 12.5 hours compared to prior work on equivalent compute resources. Moreover, DCT-CryptoNets improves the reliability of encrypted accuracy by reducing variability (e.g., from $\pm$2.5\% to $\pm$1.0\% on ImageNet). This study demonstrates a promising avenue for achieving efficient and practical privacy-preserving deep learning on high resolution images seen in real-world applications.

Cryptography and Security,Computer Vision and Pattern Recognition,Machine Learning

Lucien K. L. Ng,Sherman S. M. Chow,Anna P. Y. Woo,Donald P. H. Wong,Yongjun Zhao

DOI: https://doi.org/10.1609/aaai.v35i17.17746

2021-05-18

Proceedings of the AAAI Conference on Artificial Intelligence

Abstract:Deep learning unlocks applications with societal impacts, e.g., detecting child exploitation imagery and genomic analysis of rare diseases. Deployment, however, needs compliance with stringent privacy regulations. Training algorithms that preserve the privacy of training data are in pressing need. Purely cryptographic approaches can protect privacy, but they are still costly, even when they rely on two or more non-colluding servers. Seemingly-"trivial" operations in plaintext quickly become prohibitively inefficient when a series of them are "crypto-processed," e.g., (dynamic) quantization for ensuring the intermediate values would not overflow. Slalom, recently proposed by Tramer and Boneh, is the first solution that leverages both GPU (for efficient batch computation) and a trusted execution environment (TEE) (for minimizing the use of cryptography). Roughly, it works by a lot of pre-computation over known and fixed weights, and hence it only supports private inference. Five related problems for private training are left unaddressed. Goten, our privacy-preserving training and prediction framework, tackles all five problems simultaneously via our careful design over the "mismatched" cryptographic and GPU data types (due to the tension between precision and efficiency) and our round-optimal GPU-outsourcing protocol (hence minimizing the communication cost between servers). It 1) stochastically trains a low-bitwidth yet accurate model, 2) supports dynamic quantization (a challenge left by Slalom), 3) minimizes the memory-swapping overhead of the memory-limited TEE and its communication with GPU, 4) crypto-protects the (dynamic) model weight from untrusted GPU, and 5) outperforms a pure-TEE system, even without pre-computation (needed by Slalom). As a baseline, we build CaffeScone that secures Caffe using TEE but not GPU; Goten shows a 6.84x speed-up of the whole VGG-11. Goten also outperforms Falcon proposed by Wagh et al., the latest secure multi-server cryptographic solution, by 132.64x using VGG-11. Lastly, we demonstrate Goten's efficacy in training models for breast cancer diagnosis over sensitive images.

Peng Zhang,Zhiyuan Hu,Yu Wang,Liquan Chen

DOI: https://doi.org/10.1109/WCCCT60665.2024.10541346

2024-04-12

Abstract:The utilization of convolutional neural network (CNN) inference models has gained widespread adoption across various domains; however, it raises concerns regarding user privacy and security due to the requirement of plaintext information during the inference process. Homomorphic encryption has been proposed as a viable solution to address CNN’s security issues. Nevertheless, this encryption algorithm encounters certain limitations such as significant ciphertext expansion, restricted nonlinear computing power, and limited number of multiplications, which hinder its application in CNN inference models. In this paper, we present an inference model framework that leverages the single instruction multiple data and ciphertext rotation functions of homomorphic encryption along with the additive secret sharing (ASS) concept to design and transform each network layer of CNN. Our approach effectively mitigates ciphertext expansion rate while enhancing computational efficiency and reducing communication volume without compromising on inference accuracy.

Computer Science

Pengbo Li,Huifang Huang,Ting Gao,Jin Guo,Jinqiao Duan

DOI: https://doi.org/10.48550/arXiv.2309.09025

2023-09-16

Abstract:With the rapid development of AI technology, we have witnessed numerous innovations and conveniences. However, along with these advancements come privacy threats and risks. Fully Homomorphic Encryption (FHE) emerges as a key technology for privacy-preserving computation, enabling computations while maintaining data privacy. Nevertheless, FHE has limitations in processing continuous non-polynomial functions as it is restricted to discrete integers and supports only addition and multiplication. Spiking Neural Networks (SNNs) operate on discrete spike signals, naturally aligning with the properties of FHE. In this paper, we present a framework called FHE-DiCSNN. This framework is based on the efficient TFHE scheme and leverages the discrete properties of SNNs to achieve high prediction performance on ciphertexts. Firstly, by employing bootstrapping techniques, we successfully implement computations of the Leaky Integrate-and-Fire neuron model on ciphertexts. Through bootstrapping, we can facilitate computations for SNNs of arbitrary depth. This framework can be extended to other spiking neuron models, providing a novel framework for the homomorphic evaluation of SNNs. Secondly, inspired by CNNs, we adopt convolutional methods to replace Poisson encoding. This not only enhances accuracy but also mitigates the issue of prolonged simulation time caused by random encoding. Furthermore, we employ engineering techniques to parallelize the computation of bootstrapping, resulting in a significant improvement in computational efficiency. Finally, we evaluate our model on the MNIST dataset. Experimental results demonstrate that, with the optimal parameter configuration, FHE-DiCSNN achieves an accuracy of 97.94% on ciphertexts, with a loss of only 0.53% compared to the original network's accuracy of 98.47%. Moreover, each prediction requires only 0.75 seconds of computation time

Cryptography and Security,Computers and Society

Tianshi Xu,Meng Li,Runsheng Wang,Ru Huang

2023-08-25

Abstract:Efficient networks, e.g., MobileNetV2, EfficientNet, etc, achieves state-of-the-art (SOTA) accuracy with lightweight computation. However, existing homomorphic encryption (HE)-based two-party computation (2PC) frameworks are not optimized for these networks and suffer from a high inference overhead. We observe the inefficiency mainly comes from the packing algorithm, which ignores the computation characteristics and the communication bottleneck of homomorphically encrypted depthwise convolutions. Therefore, in this paper, we propose Falcon, an effective dense packing algorithm for HE-based 2PC frameworks. Falcon features a zero-aware greedy packing algorithm and a communication-aware operator tiling strategy to improve the packing density for depthwise convolutions. Compared to SOTA HE-based 2PC frameworks, e.g., CrypTFlow2, Iron and Cheetah, Falcon achieves more than 15.6x, 5.1x and 1.8x latency reduction, respectively, at operator level. Meanwhile, at network level, Falcon allows for 1.4% and 4.2% accuracy improvement over Cheetah on CIFAR-100 and TinyImagenet datasets with iso-communication, respecitvely.

Cryptography and Security,Artificial Intelligence