You are looking at a specific version 20190530:204309 of this paper. See the latest version.

Paper 2019/591

Simulating Homomorphic Evaluation of Deep Learning Predictions

Christina Boura and Nicolas Gama and Mariya Georgieva and Dimitar Jetchev

Abstract

Convolutional neural networks (CNNs) is a category of deep neural networks that are primarily used for classifying image data. Yet, their continuous gain in popularity poses important privacy concerns for the potentially sensitive data that they process. A solution to this problem is to combine CNNs with Fully Homomorphic Encryption (FHE) techniques. In this work, we study this approach by focusing on two popular FHE schemes, TFHE and HEAAN, that can work in the approximated computational model. We start by providing an analysis of the noise after each principal homomorphic operation, i.e. multiplication, linear combination, rotation and bootstrapping. Then, we provide a theoretical study on how the most important non-linear operations of a CNN (i.e. max, Abs, ReLU), can be evaluated in each scheme. Finally, we measure via practical experiments on the plaintext the robustness of different neural networks against perturbations of their internal weights that could potentially result from the propagation of large homomorphic noise. This allows us to simulate homomorphic evaluations with large amounts of noise and to predict the effect on the classification accuracy without a real evaluation of heavy and time-consuming homomorphic operations. In addition, this approach enables us to correctly choose smaller and more efficient parameter sets for both schemes.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. CSCML 2019
Keywords
neural networkshomomorphic encryptionTFHEHEAAN
Contact author(s)
maria georgievabs @ gmail com
History
2019-05-30: received
Short URL
https://ia.cr/2019/591
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.