Cryptology ePrint Archive: Report 2022/207

Cheetah: Lean and Fast Secure Two-Party Deep Neural Network Inference

Zhicong Huang and Wen-jie Lu and Cheng Hong and Jiansheng Ding

Abstract: Secure two-party neural network inference (2PC-NN) can offer privacy protection for both the client and the server and is a promising technique in the machine-learning-as-a-service setting. However, the large overhead of the current 2PC-NN in- ference systems is still being a headache, especially when applied to deep neural networks such as ResNet50. In this work, we present Cheetah, a new 2PC-NN inference system that is faster and more communication-efficient than state-of-the-arts. The main contributions of Cheetah are two-fold: the first part includes carefully designed homomorphic encryption-based protocols that can evaluate the linear layers (namely convolution, batch normalization, and fully-connection) without any expensive rotation operation. The second part includes several lean and communication-efficient primitives for the non-linear functions (e.g., ReLU and truncation). Using Cheetah, we present intensive benchmarks over several large-scale deep neural networks. Take ResNet50 for an example, an end- to-end execution of Cheetah under a WAN setting costs less than 2.5 minutes and 2.3 gigabytes of communication, which outperforms CrypTFlow2 (ACM CCS 2020) by about 5.6× and 12.9×, respectively.

Category / Keywords: applications / secure neural inference, secure two-party computation, privacy-preserving machine learning

Original Publication (with minor differences): USENIX Security'22

Date: received 19 Feb 2022, last revised 24 Mar 2022

Contact author: juhou lwj at alibaba-inc com

Available format(s): PDF | BibTeX Citation

Version: 20220324:065059 (All versions of this report)

Short URL: ia.cr/2022/207


[ Cryptology ePrint archive ]