You are looking at a specific version 20190308:190604 of this paper. See the latest version.

Paper 2018/442

SecureNN: Efficient and Private Neural Network Training

Sameer Wagh and Divya Gupta and Nishanth Chandran

Abstract

Neural Networks (NN) provide a powerful method for machine learning training and inference. To effectively train, it is desirable for multiple parties to combine their data -- however, doing so conflicts with data privacy. In this work, we provide novel three-party secure computation protocols for various NN building blocks such as matrix multiplication, convolutions, Rectified Linear Units, Maxpool, normalization and so on. This enables us to construct three-party secure protocols for training and inference of several NN architectures such that no single party learns any information about the data. Experimentally, we implement our system over Amazon EC2 servers in different settings. \\ Our work advances the state-of-the-art of secure computation for neural networks in three ways: \begin{enumerate} \item Scalability: We are the first work to provide neural network training on Convolutional Neural Networks (CNNs) that have an accuracy of $>99\%$ on the MNIST dataset; \item Performance: For secure inference, our system outperforms prior 2 and 3-server works (SecureML, MiniONN, Chameleon, Gazelle) by $6\times$-$113\times$ (with larger gains obtained in more complex networks). Our total execution times are $2-4\times$ faster than even just the online times of these works. For secure training, compared to the only prior work (SecureML) that considered a much smaller fully connected network, our protocols are $79\times$ and $7\times$ faster than their 2 and 3-server protocols. In the WAN setting, these improvements are more dramatic and we obtain an improvement of $553\times$! \item Security: Our protocols provide two kinds of security: full security (privacy and correctness) against one semi-honest corruption and the notion of privacy against one malicious corruption [Araki~\etal~CCS'16]. All prior works only provide semi-honest security and ours is the first system to provide any security against malicious adversaries for the secure computation of complex algorithms such as neural network inference and training. \end{enumerate} Our gains come from a significant improvement in communication through the elimination of expensive garbled circuits and oblivious transfer protocols.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. 19th Privacy Enhancing Technologies Symposium (PETS 2019)
Keywords
secure computationneural network traininginformation-theoretic security
Contact author(s)
nichandr @ microsoft com,t-digu @ microsoft com,snwagh @ gmail com
History
2019-03-08: revised
2018-05-14: received
See all versions
Short URL
https://ia.cr/2018/442
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.