Cryptology ePrint Archive: Report 2018/442

SecureNN: Efficient and Private Neural Network Training

Sameer Wagh and Divya Gupta and Nishanth Chandran

Abstract: Neural Networks (NN) provide a powerful method for machine learning training and inference. To effectively train, it is desirable for multiple parties to combine their data -- however, doing so conflicts with data privacy. In this work, we provide novel three-party secure computation protocols for various NN building blocks such as matrix multiplication, convolutions, Rectified Linear Units, Maxpool, normalization and so on. This enables us to construct three-party secure protocols for training and inference of several NN architectures such that no single party learns any information about the data. Experimentally, we implement our system over Amazon EC2 servers in different settings. \\ Our work advances the state-of-the-art of secure computation for neural networks in three ways: \begin​{enumerate} \item Scalability: We are the first work to provide neural network training on Convolutional Neural Networks (CNNs) that have an accuracy of $>99\%$ on the MNIST dataset; \item Performance: For secure inference, our system outperforms prior 2 and 3-server works (SecureML, MiniONN, Chameleon, Gazelle) by $6\times$-$113\times$ (with larger gains obtained in more complex networks). Our total execution times are $2-4\times$ faster than even just the online times of these works. For secure training, compared to the only prior work (SecureML) that considered a much smaller fully connected network, our protocols are $79\times$ and $7\times$ faster than their 2 and 3-server protocols. In the WAN setting, these improvements are more dramatic and we obtain an improvement of $553\times$! \item Security: Our protocols provide two kinds of security: full security (privacy and correctness) against one semi-honest corruption and the notion of privacy against one malicious corruption [Araki~\etal~CCS'16]. All prior works only provide semi-honest security and ours is the first system to provide any security against malicious adversaries for the secure computation of complex algorithms such as neural network inference and training. \end{enumerate} Our gains come from a significant improvement in communication through the elimination of expensive garbled circuits and oblivious transfer protocols.

Category / Keywords: cryptographic protocols / secure computation, neural network training, information-theoretic security

Original Publication (in the same form): 19th Privacy Enhancing Technologies Symposium (PETS 2019)

Date: received 10 May 2018, last revised 8 Mar 2019

Contact author: nichandr at microsoft com, t-digu at microsoft com, snwagh at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20190308:190604 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]