Paper 2019/1049

CrypTFlow: Secure TensorFlow Inference

Nishant Kumar, Mayank Rathee, Nishanth Chandran, Divya Gupta, Aseem Rastogi, and Rahul Sharma

Abstract

We present CrypTFlow, a first of its kind system that converts TensorFlow inference code into Secure Multi-party Computation (MPC) protocols at the push of a button. To do this, we build three components. Our first component, Athos, is an end-to-end compiler from TensorFlow to a variety of semi-honest MPC protocols. The second component, Porthos, is an improved semi-honest 3-party protocol that provides significant speedups for TensorFlow like applications. Finally, to provide malicious secure MPC protocols, our third component, Aramis, is a novel technique that uses hardware with integrity guarantees to convert any semi-honest MPC protocol into an MPC protocol that provides malicious security. The malicious security of the protocols output by Aramis relies on integrity of the hardware and semi-honest security of MPC. Moreover, our system matches the inference accuracy of plaintext TensorFlow. We experimentally demonstrate the power of our system by showing the secure inference of real-world neural networks such as ResNet50 and DenseNet121 over the ImageNet dataset with running times of about 30 seconds for semi-honest security and under two minutes for malicious security. Prior work in the area of secure inference has been limited to semi-honest security of small networks over tiny datasets such as MNIST or CIFAR. Even on MNIST/CIFAR, CrypTFlow outperforms prior work.

Note: Code available at https://github.com/mpc-msri/EzPC.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. 41st IEEE Symposium on Security and Privacy 2020
Keywords
secure multi-party computationimplementationTensorFlow
Contact author(s)
t-niskum @ microsoft com
t-may @ microsoft com
nichandr @ microsoft com
Divya Gupta @ microsoft com
aseemr @ microsoft com
rahsha @ microsoft com
History
2020-03-19: revised
2019-09-18: received
See all versions
Short URL
https://ia.cr/2019/1049
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/1049,
      author = {Nishant Kumar and Mayank Rathee and Nishanth Chandran and Divya Gupta and Aseem Rastogi and Rahul Sharma},
      title = {CrypTFlow: Secure TensorFlow Inference},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1049},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/1049}},
      url = {https://eprint.iacr.org/2019/1049}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.