Qiao Zhang,Cong Wang,Hongyi Wu,Chunsheng Xin,Tran V. Phuong

DOI: https://doi.org/10.24963/ijcai.2018/547

2018-01-01

Abstract:Privacy is a fundamental challenge for a variety of smart applications that depend on data aggregation and collaborative learning across different entities. In this paper, we propose a novel privacy-preserved architecture where clients can collaboratively train a deep model while preserving the privacy of each client's data. Our main strategy is to carefully partition a deep neural network to two non-colluding parties. One party performs linear computations on encrypted data utilizing a less complex homomorphic cryptosystem, while the other executes non-polynomial computations in plaintext but in a privacy-preserved manner. We analyze security and compare the communication and computation complexity with the existing approaches. Our extensive experiments on different datasets demonstrate not only stable training without accuracy loss, but also 14 to 35 times speedup compared to the state-of-the-art system.

Jinguo Li,Yan Yan,Kai Zhang,Chunlin Li,Peichun Yuan

DOI: https://doi.org/10.1016/j.knosys.2023.111181

IF: 8.139

2024-01-01

Knowledge-Based Systems

Abstract:Convolutional neural networks (CNNs) have been widely employed in image and video recognition tasks due to their superior performance. With the increasing popularity of machine learning as a service, CNN model owners often outsource their models to the cloud to provide inference services. However, the user data and outsourced models processed by cloud-based CNN inference applications suffer from privacy leakage issues. Therefore, several studies have proposed different privacy-preserving CNN architectures. Most of these approaches are based on heavyweight cryptographic methods, which require significant computational resources. In this study, we propose a novel scheme, a Fast Privacy-Preserving Outsourced Convolutional Neural Network with Low Bandwidth (FPCNN), to provide secure inference services on the cloud using outsourced data and models. Specifically, for linear CNN layers, FPCNN significantly reduces the bandwidth requirements between servers by applying scaled noise models and scaled secret sharing. For nonlinear CNN layers, we first optimize the multiplication operation under secret sharing to save bandwidth. Subsequently, based on the nonlinear input characteristics of CNNs, we introduce a secure parallel rectified linear unit (ReLU) computation protocol that significantly reduces the number of communication rounds. Finally, the experimental results demonstrate that FPCNN achieves a speedup of 2 . 66 × and a 32 . 8 × reduction in bandwidth compared with state-of-the-art methods.

computer science, artificial intelligence

Yanan Bai,Quanliang Liu,Wenyuan Wu,Yong Feng

DOI: https://doi.org/10.3389/fncom.2021.799977

2021-12-23

Abstract:The emerging topic of privacy-preserving deep learning as a service has attracted increasing attention in recent years, which focuses on building an efficient and practical neural network prediction framework to secure client and model-holder data privately on the cloud. In such a task, the time cost of performing the secure linear layers is expensive, where matrix multiplication is the atomic operation. Most existing mix-based solutions heavily emphasized employing BGV-based homomorphic encryption schemes to secure the linear layer on the CPU platform. However, they suffer an efficiency and energy loss when dealing with a larger-scale dataset, due to the complicated encoded methods and intractable ciphertext operations. To address it, we propose cuSCNN, a secure and efficient framework to perform the privacy prediction task of a convolutional neural network (CNN), which can flexibly perform on the GPU platform. Its main idea is 2-fold: (1) To avoid the trivia and complicated homomorphic matrix computations brought by BGV-based solutions, it adopts GSW-based homomorphic matrix encryption to efficiently enable the linear layers of CNN, which is a naive method to secure matrix computation operations. (2) To improve the computation efficiency on GPU, a hybrid optimization approach based on CUDA (Compute Unified Device Architecture) has been proposed to improve the parallelism level and memory access speed when performing the matrix multiplication on GPU. Extensive experiments are conducted on industrial datasets and have shown the superior performance of the proposed cuSCNN framework in terms of runtime and power consumption compared to the other frameworks.

Xian Zhou,Li Zhang,Chuliang Guo,Xunzhao Yin,Cheng Zhuo

DOI: https://doi.org/10.1109/iscas45731.2020.9180844

2020-01-01

Abstract:Convolutional neural networks (CNNs) have been widely deployed in deep learning applications, especially on power hungry GP-GPUs. Recent efforts in designing CNN accelerators are considered as a promising alternative to achieve higher energy efficiency. Unfortunately, with the growing complexity of CNN, the demanded computational and storage resources for accelerators keep increasing, hindering its wider applications in mobile devices. On the other hand, many quantization algorithms have been proposed for efficient CNN training, which brings many small or zero weights. This is a unique opportunity for accelerator designers to employ much fewer bits, e.g., 4 bits, in both arithmetic core and storage, thereby saving significant design cost. However, such a single precision strategy inevitably compromises the accuracy as some key operations may demand a higher precision. Thus, this paper proposes a low power CNN accelerator architecture that can simultaneously conduct computations with mixed precisions and assign the appropriate arithmetic cores to operation with different precision demands. This proposed architecture can achieve significant area and energy savings, without accuracy compromise. The experimental results show that the proposed architecture implemented on FPGA can reduces almost half of the weight storage and MAC area, and lower the dynamic power by 12.1% when compared with a state-of-the-art CNN accelerator design.

Daniel Takabi,Robert Podschwadt,Jeff Druce,Curt Wu,Kevin Procopio

DOI: https://doi.org/10.48550/arXiv.1911.11377

2019-11-26

Cryptography and Security

Abstract:Machine Learning as a Service (MLaaS) has become a growing trend in recent years and several such services are currently offered. MLaaS is essentially a set of services that provides machine learning tools and capabilities as part of cloud computing services. In these settings, the cloud has pre-trained models that are deployed and large computing capacity whereas the clients can use these models to make predictions without having to worry about maintaining the models and the service. However, the main concern with MLaaS is the privacy of the client's data. Although there have been several proposed approaches in the literature to run machine learning models on encrypted data, the performance is still far from being satisfactory for practical use. In this paper, we aim to accelerate the performance of running machine learning on encrypted data using combination of Fully Homomorphic Encryption (FHE), Convolutional Neural Networks (CNNs) and Graphics Processing Units (GPUs). We use a number of optimization techniques, and efficient GPU-based implementation to achieve high performance. We evaluate a CNN whose architecture is similar to AlexNet to classify homomorphically encrypted samples from the Cars Overhead With Context (COWC) dataset. To the best of our knowledge, it is the first time such a complex network and large dataset is evaluated on encrypted data. Our approach achieved reasonable classification accuracy of 95% for the COWC dataset. In terms of performance, our results show that we could achieve several thousands times speed up when we implement GPU-accelerated FHE operations on encrypted floating point numbers.

Zhang Qiao,Wang Cong,Xin Chunsheng,Wu Hongyi

2019-01-01

Abstract: Machine Learning as a Service (MLaaS) is enabling a wide range of smart applications on end devices. However, such convenience comes with a cost of privacy because users have to upload their private data to the cloud. This research aims to provide effective and efficient MLaaS such that the cloud server learns nothing about user data and the users cannot infer the proprietary model parameters owned by the server. This work makes the following contributions. First, it unveils the fundamental performance bottleneck of existing schemes due to the heavy permutations in computing linear transformation and the use of communication intensive Garbled Circuits for nonlinear transformation. Second, it introduces an ultra-fast secure MLaaS framework, CHEETAH, which features a carefully crafted secret sharing scheme that runs significantly faster than existing schemes without accuracy loss. Third, CHEETAH is evaluated on the benchmark of well-known, practical deep networks such as AlexNet and VGG-16 on the MNIST and ImageNet datasets. The results demonstrate more than 100x speedup over the fastest GAZELLE (Usenix Security'18), 2000x speedup over MiniONN (ACM CCS'17) and five orders of magnitude speedup over CryptoNets (ICML'16). This significant speedup enables a wide range of practical applications based on privacy-preserved deep neural networks.

Lucien K. L. Ng,Sherman S. M. Chow,Anna P. Y. Woo,Donald P. H. Wong,Yongjun Zhao

DOI: https://doi.org/10.1609/aaai.v35i17.17746

2021-05-18

Proceedings of the AAAI Conference on Artificial Intelligence

Abstract:Deep learning unlocks applications with societal impacts, e.g., detecting child exploitation imagery and genomic analysis of rare diseases. Deployment, however, needs compliance with stringent privacy regulations. Training algorithms that preserve the privacy of training data are in pressing need. Purely cryptographic approaches can protect privacy, but they are still costly, even when they rely on two or more non-colluding servers. Seemingly-"trivial" operations in plaintext quickly become prohibitively inefficient when a series of them are "crypto-processed," e.g., (dynamic) quantization for ensuring the intermediate values would not overflow. Slalom, recently proposed by Tramer and Boneh, is the first solution that leverages both GPU (for efficient batch computation) and a trusted execution environment (TEE) (for minimizing the use of cryptography). Roughly, it works by a lot of pre-computation over known and fixed weights, and hence it only supports private inference. Five related problems for private training are left unaddressed. Goten, our privacy-preserving training and prediction framework, tackles all five problems simultaneously via our careful design over the "mismatched" cryptographic and GPU data types (due to the tension between precision and efficiency) and our round-optimal GPU-outsourcing protocol (hence minimizing the communication cost between servers). It 1) stochastically trains a low-bitwidth yet accurate model, 2) supports dynamic quantization (a challenge left by Slalom), 3) minimizes the memory-swapping overhead of the memory-limited TEE and its communication with GPU, 4) crypto-protects the (dynamic) model weight from untrusted GPU, and 5) outperforms a pure-TEE system, even without pre-computation (needed by Slalom). As a baseline, we build CaffeScone that secures Caffe using TEE but not GPU; Goten shows a 6.84x speed-up of the whole VGG-11. Goten also outperforms Falcon proposed by Wagh et al., the latest secure multi-server cryptographic solution, by 132.64x using VGG-11. Lastly, we demonstrate Goten's efficacy in training models for breast cancer diagnosis over sensitive images.

Jaiyoung Park,Donghwan Kim,Jongmin Kim,Sangpyo Kim,Wonkyung Jung,Jung Hee Cheon,Jung Ho Ahn

DOI: https://doi.org/10.48550/arXiv.2310.16530

2023-10-25

Abstract:Incorporating fully homomorphic encryption (FHE) into the inference process of a convolutional neural network (CNN) draws enormous attention as a viable approach for achieving private inference (PI). FHE allows delegating the entire computation process to the server while ensuring the confidentiality of sensitive client-side data. However, practical FHE implementation of a CNN faces significant hurdles, primarily due to FHE's substantial computational and memory overhead. To address these challenges, we propose a set of optimizations, which includes GPU/ASIC acceleration, an efficient activation function, and an optimized packing scheme. We evaluate our method using the ResNet models on the CIFAR-10 and ImageNet datasets, achieving several orders of magnitude improvement compared to prior work and reducing the latency of the encrypted CNN inference to 1.4 seconds on an NVIDIA A100 GPU. We also show that the latency drops to a mere 0.03 seconds with a custom hardware design.

Cryptography and Security,Hardware Architecture

Jing Wang,Debiao He,Aniello Castiglione,Brij B. Gupta,Marimuthu Karuppiah,Libing Wu

DOI: https://doi.org/10.1109/tnse.2022.3177755

IF: 6.6

2022-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Deploying convolutional neural network (CNN) inference on resource-constrained devices remains a remarkable challenge for industrial Internet of Things (IIoT). Although the cloud computing shows great promise in machine learning training and prediction, outsourcing data to remote cloud always incurs privacy risk and high latency. Therefore, we design a new framework for efficient and privacy-preserving CNN inference based on cloud-edge-client collaboration $( m{named} , ext{PCNN}_{ ext{CEC}})$. In $ ext{PCNN}_{ ext{CEC}} $, the model of cloud and the data of client in IIoT are split into two shares and sent to two non-colluded edge servers. By applying the arithmetic secret sharing and pre-computation of beaver's triplets, the two edge servers can jointly calculate the predicting results without learning anything about the model and data. To speed up the pre-computation of offline phase and not sacrifice security, the task of triplets generation is delegated to the cloud, so that the edge servers do not require frequent interactions to generate triplets themselves or introducing additional trusted party. The experimental results show the proposed private comparison protocol achieves a better tradeoff between low latency and high throughput, when it is compared with garbled circuit based protocols and other secret sharing based protocols. Additionally, the benchmarks conducted on realistic MNIST and CIFAR-10 datasets demonstrate that $ ext{PCNN}_{ ext{CEC}} $ costs less communication and runtime than two recently related schemes under the same security level.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Shaohua Li,Kaiping Xue,Chenkai Ding,Xindi Gao,David S L Wei,Tao Wan,Feng Wu

DOI: https://doi.org/10.48550/arXiv.1811.08257

2018-11-20

Abstract:Machine learning as a service has been widely deployed to utilize deep neural network models to provide prediction services. However, this raises privacy concerns since clients need to send sensitive information to servers. In this paper, we focus on the scenario where clients want to classify private images with a convolutional neural network model hosted in the server, while both parties keep their data private. We present FALCON, a fast and secure approach for CNN predictions based on Fourier Transform. Our solution enables linear layers of a CNN model to be evaluated simply and efficiently with fully homomorphic encryption. We also introduce the first efficient and privacy-preserving protocol for softmax function, which is an indispensable component in CNNs and has not yet been evaluated in previous works due to its high complexity. We implemented the FALCON and evaluated the performance on real-world CNN models. The experimental results show that FALCON outperforms the best known works in both computation and communication cost.

Cryptography and Security

Ran Ran,Nuo Xu,Wei Wang,Gang Quan,Jieming Yin,Wujie Wen

DOI: https://doi.org/10.48550/arXiv.2209.11904

2022-10-26

Abstract:Recently cloud-based graph convolutional network (GCN) has demonstrated great success and potential in many privacy-sensitive applications such as personal healthcare and financial systems. Despite its high inference accuracy and performance on cloud, maintaining data privacy in GCN inference, which is of paramount importance to these practical applications, remains largely unexplored. In this paper, we take an initial attempt towards this and develop $\textit{CryptoGCN}$--a homomorphic encryption (HE) based GCN inference framework. A key to the success of our approach is to reduce the tremendous computational overhead for HE operations, which can be orders of magnitude higher than its counterparts in the plaintext space. To this end, we develop an approach that can effectively take advantage of the sparsity of matrix operations in GCN inference to significantly reduce the computational overhead. Specifically, we propose a novel AMA data formatting method and associated spatial convolution methods, which can exploit the complex graph structure and perform efficient matrix-matrix multiplication in HE computation and thus greatly reduce the HE operations. We also develop a co-optimization framework that can explore the trade offs among the accuracy, security level, and computational overhead by judicious pruning and polynomial approximation of activation module in GCNs. Based on the NTU-XVIEW skeleton joint dataset, i.e., the largest dataset evaluated homomorphically by far as we are aware of, our experimental results demonstrate that $\textit{CryptoGCN}$ outperforms state-of-the-art solutions in terms of the latency and number of homomorphic operations, i.e., achieving as much as a 3.10$\times$ speedup on latency and reduces the total Homomorphic Operation Count by 77.4\% with a small accuracy loss of 1-1.5$\%$.

Cryptography and Security,Artificial Intelligence,Machine Learning

Hongwu Peng,Ran Ran,Yukui Luo,Jiahui Zhao,Shaoyi Huang,Kiran Thorat,Tong Geng,Chenghong Wang,Xiaolin Xu,Wujie Wen,Caiwen Ding

2023-10-05

Abstract:The growth of Graph Convolution Network (GCN) model sizes has revolutionized numerous applications, surpassing human performance in areas such as personal healthcare and financial systems. The deployment of GCNs in the cloud raises privacy concerns due to potential adversarial attacks on client data. To address security concerns, Privacy-Preserving Machine Learning (PPML) using Homomorphic Encryption (HE) secures sensitive client data. However, it introduces substantial computational overhead in practical applications. To tackle those challenges, we present LinGCN, a framework designed to reduce multiplication depth and optimize the performance of HE based GCN inference. LinGCN is structured around three key elements: (1) A differentiable structural linearization algorithm, complemented by a parameterized discrete indicator function, co-trained with model weights to meet the optimization goal. This strategy promotes fine-grained node-level non-linear location selection, resulting in a model with minimized multiplication depth. (2) A compact node-wise polynomial replacement policy with a second-order trainable activation function, steered towards superior convergence by a two-level distillation approach from an all-ReLU based teacher model. (3) an enhanced HE solution that enables finer-grained operator fusion for node-wise activation functions, further reducing multiplication level consumption in HE-based inference. Our experiments on the NTU-XVIEW skeleton joint dataset reveal that LinGCN excels in latency, accuracy, and scalability for homomorphically encrypted inference, outperforming solutions such as CryptoGCN. Remarkably, LinGCN achieves a 14.2x latency speedup relative to CryptoGCN, while preserving an inference accuracy of 75% and notably reducing multiplication depth.

Machine Learning,Artificial Intelligence,Cryptography and Security

Cate Berry,Nikos Komninos

DOI: https://doi.org/10.1016/j.cose.2022.102679

2022-06-01

Abstract:In recent years, deep learning has become an increasingly popular approach to modelling data, due to its ability to detect abstract underlying patterns in data. Its practical applications have been limited, however, by data privacy concerns, restricting its use in major sectors such as healthcare and banking. Secure multiparty computation (MPC) is a scheme which allows multiple parties to perform joint computations over private data, while keeping the content of their data secret. MPC can enable privacy-preserving machine learning, however current implementations are rarely applied in practice due to the prohibitively high cost of performing thousands of computations and transmitting data between parties. In this paper we propose a framework incorporating various optimisation approaches from the wider field of privacy-preserving deep learning, including privacy-preserving batch normalisation and polynomial approximation of activation functions, and evaluate their performance when applied to a privacy-preserving convolutional neural network (CNN), discussing the trade-off each offers in terms of their accuracy and efficiency. We experiment with parametric polynomial (PPoly) activations by deriving polynomial approximations to activation functions and allowing the network to tune the coefficients as learning weights. We will show that, in shallow CNNs, the application of batch normalisation in combination with a PPoly activation layer can result in faster convergence, with testing accuracy exceeding that achieved with an unencrypted network, at the cost of longer running times.

computer science, information systems

Furong Li,Yange Chen,Pu Duan,Benyu Zhang,Zhiyong Hong,Yupu Hu,Baocang Wang

DOI: https://doi.org/10.1002/int.22640

IF: 8.993

2021-08-31

International Journal of Intelligent Systems

Abstract:Convolutional neural networks (CNNs) have excellent and extensive applications in image recognition. With the continuous exploitation of data value and the proliferation of machine learning-as-a-service, convolutional neural network prediction schemes on privacy preservation have been introduced one after another, which makes much more attention focused on the privacy leakage and services offered to be efficient and light. Therefore, how to improve the convolutional neural prediction scheme on the premise of privacy preservation turns out to be an imperative research issue. In this paper, we propose a privacy-preserving convolutional neural network prediction scheme (PCP-LL) that supports low latency and lightweight users. The scheme starts from the perspective of lossless accuracy from underlying networks. First, we construct a secure activation function computing protocol (SActF) utilizing a commodity-based secure comparison protocol, which reduces the complexity and latency during the activation function computing under ciphertexts compared with common schemes. Second, to further support lightweight users, we introduce a secure output layer protocol (SOut) that enables users to obtain the prediction results without extra decryption after simple operations. Then, the scheme adopts the distributed two trapdoors public-key cryptosystem (DT-PKC) to achieve both data and model security, which well avoids security issues especially such as wiretapping by semi-honest participants commonly in secret sharing schemes. Finally, through relevant evaluations, the scheme not only achieves privacy preservation and low latency, but also supports lightweight users.

computer science, artificial intelligence

Ahmad Al Badawi,Jin Chao,Jie Lin,Chan Fook Mun,Jun Jie Sim,Benjamin Hong Meng Tan,Xiao Nan,Khin Mi Mi Aung,Vijay Ramaseshan Chandrasekhar

DOI: https://doi.org/10.48550/arXiv.1811.00778

2018-11-02

Cryptography and Security

Abstract:Deep Learning as a Service (DLaaS) stands as a promising solution for cloud-based inference applications. In this setting, the cloud has a pre-learned model whereas the user has samples on which she wants to run the model. The biggest concern with DLaaS is user privacy if the input samples are sensitive data. We provide here an efficient privacy-preserving system by employing high-end technologies such as Fully Homomorphic Encryption (FHE), Convolutional Neural Networks (CNNs) and Graphics Processing Units (GPUs). FHE, with its widely-known feature of computing on encrypted data, empowers a wide range of privacy-concerned applications. This comes at high cost as it requires enormous computing power. In this paper, we show how to accelerate the performance of running CNNs on encrypted data with GPUs. We evaluated two CNNs to classify homomorphically the MNIST and CIFAR-10 datasets. Our solution achieved a sufficient security level (> 80 bit) and reasonable classification accuracy (99%) and (77.55%) for MNIST and CIFAR-10, respectively. In terms of latency, we could classify an image in 5.16 seconds and 304.43 seconds for MNIST and CIFAR-10, respectively. Our system can also classify a batch of images (> 8,000) without extra overhead.

Chen Song,Ruwei Huang

DOI: https://doi.org/10.3390/app13106117

2023-05-16

Applied Sciences

Abstract:Today, the rapid development of deep learning has spread across all walks of life, and it can be seen in various fields such as image classification, automatic driving, and medical imaging diagnosis. Convolution Neural Networks (CNNs) are also widely used by the public as tools for deep learning. In real life, if local customers implement large-scale model inference first, they need to upload local data to the cloud, which will cause problems such as data leakage and privacy disclosure. To solve this problem, we propose a framework using homomorphic encryption technology. Our framework has made improvements to the batch operation and reduced the complexity of layer connection. In addition, we provide a new perspective to deal with the impact of the noise caused by the homomorphic encryption scheme on the accuracy during the inference. In our scheme, users preprocess the images locally and then send them to the cloud for encrypted inference without worrying about privacy leakage during the inference process. Experiments show that our proposed scheme is safe and efficient, which provides a safe solution for users who cannot process data locally.

materials science, multidisciplinary,engineering,chemistry,physics, applied

Mathias Fischer,M. Gomez-Barrero,Tatjana Wingarz,C. Busch

DOI: https://doi.org/10.1109/iwbf55382.2022.9794535

2022-04-20

Abstract:Convolutional neural networks (CNNs) are most commonly used for handling complex visual tasks. Due to the significant effort in training accurate machine learning models, training and providing them to clients for inference in the cloud is becoming more popular. However, such models might be trained on sensitive user data, leading to the need for privacy-protecting measures. While traditional cryptographic techniques do not allow operations in the encrypted domain, Homomorphic Encryption (HE) schemes enable us to work on encrypted data directly. Combining the concepts of CNNs and HE, we give a detailed overview of the steps involved in creating privacy-preserving neural networks to give an indication of the real-world applicability and the scalability of such an approach. To this extent, we implemented a homomorphically encrypted network that can be used for face recognition. Our results indicate that while we can achieve the same accuracy as a standard neural network, running CNNs on homomorphically encrypted inputs comes at a significant overhead that grows with the network size.

Engineering,Computer Science

Peng Zhang,Zhiyuan Hu,Yu Wang,Liquan Chen

DOI: https://doi.org/10.1109/WCCCT60665.2024.10541346

2024-04-12

Abstract:The utilization of convolutional neural network (CNN) inference models has gained widespread adoption across various domains; however, it raises concerns regarding user privacy and security due to the requirement of plaintext information during the inference process. Homomorphic encryption has been proposed as a viable solution to address CNN’s security issues. Nevertheless, this encryption algorithm encounters certain limitations such as significant ciphertext expansion, restricted nonlinear computing power, and limited number of multiplications, which hinder its application in CNN inference models. In this paper, we present an inference model framework that leverages the single instruction multiple data and ciphertext rotation functions of homomorphic encryption along with the additive secret sharing (ASS) concept to design and transform each network layer of CNN. Our approach effectively mitigates ciphertext expansion rate while enhancing computational efficiency and reducing communication volume without compromising on inference accuracy.

Computer Science

Xiaodong Li,Hehe Gao,Jianyi Zhang,Shuya Yang,Xin Jin,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/jiot.2023.3313443

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Deep learning such as convolutional neural networks (CNNs) have been utilized in a number of cloud-based Internet of Things (IoT) applications. Security and privacy are two key considerations in any commercial deployments. Fully homomorphic encryption (FHE) is a popular privacy protection approach, and there have been attempts to integrate FHE with CNNs. However, a simple integration may lead to inefficiency in single-user services and fail to support many of the requirements in real-time applications. In this paper, we propose a novel confused modulo projection based FHE algorithm (CMP-FHE) that is designed to support floating-point operations. Then we developed a parallelized runtime library based on CMP-FHE and compared it with the widely employed FHE library. Our results show that our library achieves a faster speeds. Furthermore, we compared it with the state-of-the-art confused modulo projection based library and the results demonstrated a speed improvement of 841.67 to 3056.25 times faster. Additionally, we construct a Real-Time Homomorphic Convolutional Neural Network (RT-HCNN) under the ciphertext-based framework using CMP-FHE, as well as using graphics processing units (GPUs) to facilitate acceleration. To demonstrate utility, we evaluate the proposed approach on the MNIST dataset. Findings demonstrate that our proposed approach achieves a high accuracy rate of 99.13%. Using GPUs acceleration for ciphertext prediction results in us achieving a single prediction time of 79.5 ms. This represents the first homomorphic CNN capable of supporting real-time application and is approximately 58 times faster than Microsoft’s Lola scheme.

computer science, information systems,telecommunications,engineering, electrical & electronic

Walther Carballo-Hernández,Maxime Pelcat,François Berry

DOI: https://doi.org/10.1007/s11265-023-01898-0

2023-11-02

Journal of Signal Processing Systems

Abstract:Graphics Processing Unit (GPU), dedicated Application Specific Integrated Circuit (ASIC) and Field Programmable Gate Array (FPGA) accelerators are currently platforms of choice for porting Convolutional Neural Networks (CNNs). In this work, an automated Central Processing Unit (CPU)-GPU-FPGA partitioning selection is proposed for a given CNN layer. It is shown that using a Generalized Geometric Programming (GGP) optimization problem formulation, the CPU-GPU-FPGA partitioning problem can be modeled by considering a set of system performance metrics and constraints. Each metric is expressed in a posynomial form depending on CNN hyperparameters and architecture resource models. As for the partitioning method, the state-of-the-art techniques covered are: tiling, grouped convolution and fused-layer. The proposed analytical formalization is then employed to derive a set of objective functions and constraints as a GGP problem. It is demonstrated that it is possible to relax some problem constraints by including a penalization term, and reduce the problem to multiple simpler Geometric Programming (GP) sub-problems. Experimental results targeting an embedded FPGA-GPU platform with CNN layer configurations from state-of-the-art CNN models (AlexNet, VGG16 and ResNet18) show that the simplified problem is solvable in polynomial time with a speed-up gain and energy reduction of around 20% and 15%, respectively, when compared against an arbitrary balanced partitioning. If the models for objective and constraints functions preserve the posynomial form and log-log convexity, it is demonstrated that GGP is an efficient optimization solution to the Design Space Exploration (DSE) problem.

computer science, information systems,engineering, electrical & electronic