Paper 2021/045

Banners: Binarized Neural Networks with Replicated Secret Sharing

Alberto Ibarrondo, Hervé Chabanne, and Melek Önen

Abstract

Binarized Neural Networks (BNN) provide efficient implementations of Convolutional Neural Networks (CNN). This makes them particularly suitable to perform fast and memory-light inference of neural networks running on resource-constrained devices. Motivated by the growing interest in CNN-based biometric recognition on potentially insecure devices, or as part of strong multi-factor authentication for sensitive applications, the protection of BNN inference on edge devices is rendered imperative. We propose a new method to perform secure inference of BNN relying on secure multiparty computation. While preceding papers offered security in a semi-honest setting for BNN or malicious security for standard CNN, our work yields security with abort against one malicious adversary for BNN by leveraging on Replicated Secret Sharing (RSS) for an honest majority with three computing parties. Experimentally, we implement BaNNeRS on top of MP-SPDZ and compare it with prior work over binarized models trained for MNIST and CIFAR10 image classification datasets. Our results attest the efficiency of BaNNeRS as a privacy-preserving inference technique.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. Minor revision.
Keywords
Secure Multiparty ComputationBinarized Neural NetworksSecure InferenceReplicated Secret SharingPrivacy Preserving Technologies
Contact author(s)
ibarrond @ eurecom fr
History
2021-01-18: received
Short URL
https://ia.cr/2021/045
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/045,
      author = {Alberto Ibarrondo and Hervé Chabanne and Melek Önen},
      title = {Banners: Binarized Neural Networks with Replicated Secret Sharing},
      howpublished = {Cryptology ePrint Archive, Paper 2021/045},
      year = {2021},
      note = {\url{https://eprint.iacr.org/2021/045}},
      url = {https://eprint.iacr.org/2021/045}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.