Paper 2021/045

Banners: Binarized Neural Networks with Replicated Secret Sharing

Alberto Ibarrondo, Hervé Chabanne, and Melek Önen


Binarized Neural Networks (BNN) provide efficient implementations of Convolutional Neural Networks (CNN). This makes them particularly suitable to perform fast and memory-light inference of neural networks running on resource-constrained devices. Motivated by the growing interest in CNN-based biometric recognition on potentially insecure devices, or as part of strong multi-factor authentication for sensitive applications, the protection of BNN inference on edge devices is rendered imperative. We propose a new method to perform secure inference of BNN relying on secure multiparty computation. While preceding papers offered security in a semi-honest setting for BNN or malicious security for standard CNN, our work yields security with abort against one malicious adversary for BNN by leveraging on Replicated Secret Sharing (RSS) for an honest majority with three computing parties. Experimentally, we implement BaNNeRS on top of MP-SPDZ and compare it with prior work over binarized models trained for MNIST and CIFAR10 image classification datasets. Our results attest the efficiency of BaNNeRS as a privacy-preserving inference technique.

Available format(s)
Cryptographic protocols
Publication info
Preprint. Minor revision.
Secure Multiparty ComputationBinarized Neural NetworksSecure InferenceReplicated Secret SharingPrivacy Preserving Technologies
Contact author(s)
ibarrond @ eurecom fr
2021-01-18: received
Short URL
Creative Commons Attribution


      author = {Alberto Ibarrondo and Hervé Chabanne and Melek Önen},
      title = {Banners: Binarized Neural Networks with Replicated Secret Sharing},
      howpublished = {Cryptology ePrint Archive, Paper 2021/045},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.