Cryptology ePrint Archive: Report 2017/452

Oblivious Neural Network Predictions via MiniONN transformations

Jian Liu and Mika Juuti and Yao Lu and N. Asokan

Abstract: Machine learning models hosted in a cloud service are increasingly popular but risk privacy: clients sending prediction requests to the service need to disclose potentially sensitive information. In this paper, we explore the problem of privacy-preserving predictions: after each prediction, the server learns nothing about clients' input and clients learn nothing about the model.

We present MiniONN, the first approach for transforming an existing neural network to an oblivious neural network supporting privacy-preserving predictions with reasonable efficiency. Unlike prior work, MiniONN requires no change to how models are trained. To this end, we design oblivious protocols for commonly used operations in neural network prediction models. We show that MiniONN outperforms existing work in terms of response latency and message sizes. We demonstrate the wide applicability of MiniONN by transforming several typical neural network models trained from standard datasets.

Category / Keywords: privacy, machine learning, neural network predictions

Date: received 21 May 2017, last revised 23 May 2017

Contact author: jian liu at aalto fi

Available format(s): PDF | BibTeX Citation

Version: 20170523:140231 (All versions of this report)

Short URL: ia.cr/2017/452

Discussion forum: Show discussion | Start new discussion