Cryptology ePrint Archive: Report 2021/045

Banners: Binarized Neural Networks with Replicated Secret Sharing

Alberto Ibarrondo and Hervé Chabanne and Melek Önen

Abstract: Binarized Neural Networks (BNN) provide efficient implementations of Convolutional Neural Networks (CNN). This makes them particularly suitable to perform fast and memory-light inference of neural networks running on resource-constrained devices. Motivated by the growing interest in CNN-based biometric recognition on potentially insecure devices, or as part of strong multi-factor authentication for sensitive applications, the protection of BNN inference on edge devices is rendered imperative. We propose a new method to perform secure inference of BNN relying on secure multiparty computation. While preceding papers offered security in a semi-honest setting for BNN or malicious security for standard CNN, our work yields security with abort against one malicious adversary for BNN by leveraging on Replicated Secret Sharing (RSS) for an honest majority with three computing parties. Experimentally, we implement BaNNeRS on top of MP-SPDZ and compare it with prior work over binarized models trained for MNIST and CIFAR10 image classification datasets. Our results attest the efficiency of BaNNeRS as a privacy-preserving inference technique.

Category / Keywords: cryptographic protocols / Secure Multiparty Computation, Binarized Neural Networks, Secure Inference, Replicated Secret Sharing, Privacy Preserving Technologies

Date: received 12 Jan 2021

Contact author: ibarrond at eurecom fr

Available format(s): PDF | BibTeX Citation

Version: 20210118:081055 (All versions of this report)

Short URL: ia.cr/2021/045


[ Cryptology ePrint archive ]