Paper 2021/1100
REDsec: Running Encrypted DNNs in Seconds
Lars Folkerts and Charles Gouert and Nektarios Georgios Tsoutsos
Abstract
Machine learning as a service (MLaaS) has risen to become a prominent technology due to the large development time, amount of data, hardware costs, and level of expertise required to develop a machine learning model. However, privacy concerns prevent the adoption of MLaaS for applications with sensitive data. One solution to preserve privacy is to use fully homomorphic encryption (FHE) to perform the ML computations. FHE has great power to protect sensitive inputs, and recent advancements have lowered computational costs by several orders of magnitude, allowing for practical applications to be developed. This work looks to optimize FHE-based private machine learning inference by leveraging ternary neural networks. Such neural networks, whose weights are constrained to {-1,0,1}, have special properties that we exploit in this work to operate efficiently in the homomorphic domain. We introduce a general framework that takes an input model, performs plaintext training, and efficiently evaluates private inference leveraging FHE. We perform inference experiments with the MNIST, CIFAR-10, and ImageNet datasets and achieve private inference speeds of only 1.7 to 2.7 orders of magnitude slower compared to their plaintext baseline.
Metadata
- Available format(s)
- Category
- Applications
- Publication info
- Preprint. MINOR revision.
- Keywords
- fully homomorphic encryptionGPU accelerationencrypted neural networksprivacy-preserving inference
- Contact author(s)
- tsoutsos @ udel edu
- History
- 2022-10-25: last of 2 revisions
- 2021-08-26: received
- See all versions
- Short URL
- https://ia.cr/2021/1100
- License
-
CC BY