Paper 2021/459

SIRNN: A Math Library for Secure RNN Inference

Deevashwer Rathee, Mayank Rathee, Rahul Kranti Kiran Goli, Divya Gupta, Rahul Sharma, Nishanth Chandran, and Aseem Rastogi


Complex machine learning (ML) inference algorithms like recurrent neural networks (RNNs) use standard functions from math libraries like exponentiation, sigmoid, tanh, and reciprocal of square root. Although prior work on secure 2-party inference provides specialized protocols for convolutional neural networks (CNNs), existing secure implementations of these math operators rely on generic 2-party computation (2PC) protocols that suffer from high communication. We provide new specialized 2PC protocols for math functions that crucially rely on lookup-tables and mixed-bitwidths to address this performance overhead; our protocols for math functions communicate up to 423x less data than prior work. Some of the mixed bitwidth operations used by our math implementations are (zero and signed) extensions, different forms of truncations, multiplication of operands of mixed-bitwidths, and digit decomposition (a generalization of bit decomposition to larger digits). For each of these primitive operations, we construct specialized 2PC protocols that are more communication efficient than generic 2PC, and can be of independent interest. Furthermore, our math implementations are numerically precise, which ensures that the secure implementations preserve model accuracy of cleartext. We build on top of our novel protocols to build SIRNN, a library for end-to-end secure 2-party DNN inference, that provides the first secure implementations of an RNN operating on time series sensor data, an RNN operating on speech data, and a state-of-the-art ML architecture that combines CNNs and RNNs for identifying all heads present in images. Our evaluation shows that SIRNN achieves up to three orders of magnitude of performance improvement when compared to inference of these models using an existing state-of-the-art 2PC framework.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. IEEE Security and Privacy 2021
privacy-preserving machine learningsecure two-party computationrecurrent neural networksmath functionsmixed-bitwidthssecure inference
Contact author(s)
divya gupta @ microsoft com
2021-04-08: received
Short URL
Creative Commons Attribution


      author = {Deevashwer Rathee and Mayank Rathee and Rahul Kranti Kiran Goli and Divya Gupta and Rahul Sharma and Nishanth Chandran and Aseem Rastogi},
      title = {{SIRNN}: A Math Library for Secure {RNN} Inference},
      howpublished = {Cryptology ePrint Archive, Paper 2021/459},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.