Paper 2021/045
Banners: Binarized Neural Networks with Replicated Secret Sharing
Alberto Ibarrondo, Hervé Chabanne, and Melek Önen
Abstract
Binarized Neural Networks (BNN) provide efficient implementations of Convolutional Neural Networks (CNN). This makes them particularly suitable to perform fast and memory-light inference of neural networks running on resource-constrained devices. Motivated by the growing interest in CNN-based biometric recognition on potentially insecure devices, or as part of strong multi-factor authentication for sensitive applications, the protection of BNN inference on edge devices is rendered imperative. We propose a new method to perform secure inference of BNN relying on secure multiparty computation. While preceding papers offered security in a semi-honest setting for BNN or malicious security for standard CNN, our work yields security with abort against one malicious adversary for BNN by leveraging on Replicated Secret Sharing (RSS) for an honest majority with three computing parties. Experimentally, we implement BaNNeRS on top of MP-SPDZ and compare it with prior work over binarized models trained for MNIST and CIFAR10 image classification datasets. Our results attest the efficiency of BaNNeRS as a privacy-preserving inference technique.
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Preprint. MINOR revision.
- Keywords
- Secure Multiparty ComputationBinarized Neural NetworksSecure InferenceReplicated Secret SharingPrivacy Preserving Technologies
- Contact author(s)
- ibarrond @ eurecom fr
- History
- 2021-01-18: received
- Short URL
- https://ia.cr/2021/045
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2021/045,
author = {Alberto Ibarrondo and Hervé Chabanne and Melek Önen},
title = {Banners: Binarized Neural Networks with Replicated Secret Sharing},
howpublished = {Cryptology {ePrint} Archive, Paper 2021/045},
year = {2021},
url = {https://eprint.iacr.org/2021/045}
}
