Cryptology ePrint Archive: Report 2017/035

Privacy-Preserving Classification on Deep Neural Network

Hervé Chabanne and Amaury de Wargny and Jonathan Milgram and Constance Morel and Emmanuel Prouff

Abstract: Neural Networks (NN) are today increasingly used in Machine Learning where they have become deeper and deeper to accurately model or classify high-level abstractions of data. Their development however also gives rise to important data privacy risks. This observation motives Microsoft researchers to propose a framework, called Cryptonets. The core idea is to combine simplifications of the NN with Fully Homomorphic Encryptions (FHE) techniques to get both confidentiality of the manipulated data and efficiency of the processing. While efficiency and accuracy are demonstrated when the number of non-linear layers is small (eg $2$), Cryptonets unfortunately becomes ineffective for deeper NNs which let the problem of privacy preserving matching open in these contexts. This work successfully addresses this problem by combining the original ideas of Cryptonets' solution with the batch normalization principle introduced at ICML 2015 by Ioffe and Szegedy. We experimentally validate the soundness of our approach with a neural network with $6$ non-linear layers. When applied to the MNIST database, it competes the accuracy of the best non-secure versions, thus significantly improving Cryptonets.

Category / Keywords: applications / Machine Learning, FHE

Date: received 13 Jan 2017, last revised 24 Mar 2017

Contact author: emmanuel prouff at safrangroup com

Available format(s): PDF | BibTeX Citation

Note: Presented at Real World Cryptography 2017

Version: 20170324:125750 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]