Cryptology ePrint Archive: Report 2020/050

Delphi: A Cryptographic Inference Service for Neural Networks

Pratyush Mishra and Ryan Lehmkuhl and Akshayaram Srinivasan and Wenting Zheng and Raluca Ada Popa

Abstract: Many companies provide neural network prediction services to users for a wide range of applications. However, current prediction systems compromise one party's privacy: either the user has to send sensitive inputs to the service provider for classification, or the service provider must store its proprietary neural networks on the user's device. The former harms the personal privacy of the user, while the latter reveals the service provider's proprietary model.

We design, implement, and evaluate Delphi, a secure prediction system that allows two parties to execute neural network inference without revealing either party's data. Delphi approaches the problem by simultaneously co-designing cryptography and machine learning. We first design a hybrid cryptographic protocol that improves upon the communication and computation costs over prior work. Second, we develop a planner that automatically generates neural network architecture configurations that navigate the performance-accuracy trade-offs of our hybrid protocol. Together, these techniques allow us to achieve a 22x improvement in online prediction latency compared to the state-of-the-art prior work.

Category / Keywords: cryptographic protocols / privacy-preserving machine learning, deep learning, secure inference, neural architecture search

Original Publication (with minor differences): USENIX Security 2020

Date: received 16 Jan 2020, last revised 16 Jan 2020

Contact author: pratyush at berkeley edu,raluca popa@berkeley edu

Available format(s): PDF | BibTeX Citation

Version: 20200117:082921 (All versions of this report)

Short URL: ia.cr/2020/050


[ Cryptology ePrint archive ]