Chao Guo1, Ke Cheng2, *, Jiaxuan Fu2, Ruolu Fan3, Zhao Chang2, Zhiwei Zhang2, and Anxiao Song2
Ke Cheng
1 Hangzhou Institute of Technology, Xidian University, Hangzhou, 311231, China
2 School of Computer Science and Technology, Xidian University, Xi’an, 710071, China
3 China Telecom Corporation Limited, Shaanxi Branch, Xi’an, 710075, China
*Corresponding author
Outsourcing convolutional neural network (CNN) inference services to the cloud is extremely beneficial, yet raises critical privacy concerns on the proprietary model parameters of the model provider and the private input data of the user. Previous studies have indicated that some cryptographic tools such as secure multi-party computation (MPC) can be used to achieve secure outsourced inferences. However, MPC-based approaches often require a large number of communication rounds across two or more non-colluding servers, which make them hard to exploit GPU acceleration. In this paper, we propose GFS-CNN, a GPU-friendly secure computation platform for convolutional neural networks. The following two specific efforts of GFS-CNN have been made by combining machine learning and cryptography techniques. Firstly, We use quadratic activation functions to replace most of the ReLU functions without losing much accuracy, so as to create a mixed linear layer for better efficiency by integrating convolution, batch normalization, and quadratic activation. Secondly, for the rest ReLU functions, we implement the secure ReLU protocol using function secret sharing, enabling GFS-CNN to evaluate the secure comparison function via a single interaction during the online phase. Extensive experiments demonstrate that GFS-CNN is accuracy-preserving and reduces online inference time by 16.4% on VGG-16 models compared to Delphi (USENIX Security’20).
Secure inference, convolutional neural network, function secret share, secure multi-party computation, GPU acceleration
Chao Guo, Ke Cheng, Jiaxuan Fu, Ruolu Fan, Zhao Chang, Zhiwei Zhang, and Anxiao Song (2023). GFS-CNN: A GPU-friendly Secure Computation Platform for Convolutional Neural Networks. Journal of Networking and Network Applications, Volume 3, Issue 2, pp. 66–72. https://doi.org/10.33969/J-NaNA.2023.030202.
[1] M. S. Riazi, M. Samragh, H. Chen, K. Laine, K. E. Lauter, and F. Koushanfar, “Xonn: Xnor-based oblivious deep neural network in-ference.” in USENIX Security Symposium, 2019, pp. 1501–1518.
[2] S. Wagh, D. Gupta, and N. Chandran, “Securenn: 3-party secure com-putation for neural network training.” Proc. Priv. Enhancing Technol., vol. 2019, no. 3, pp. 26–49, 2019.
[3] P. Mohassel and P. Rindal, “Aby3: A mixed protocol framework for machine learning,” in Proceedings of the 2018 ACM SIGSAC conference on computer and communications security, 2018, pp. 35–52.
[4] D. Demmler, T. Schneider, and M. Zohner, “Aby-a framework for efficient mixed-protocol secure two-party computation.” in NDSS, 2015.
[5] X. Liu, Y. Zheng, X. Yuan, and X. Yi, “Securely outsourcing neural network inference to the cloud with lightweight techniques,” IEEE Transactions on Dependable and Secure Computing, 2022.
[6] K. Cheng, J. Fu, Y. Shen, H. Gao, N. Xi, Z. Zhang, and X. Zhu, “Manto: A practical and secure inference service of convolutional neural networks for iot,” IEEE Internet of Things Journal, 2023.
[7] P. Mishra, R. Lehmkuhl, A. Srinivasan, W. Zheng, and R. A. Popa, “Delphi: a cryptographic inference system for neural networks,” in Proceedings of the 2020 Workshop on Privacy-Preserving Machine Learning in Practice, 2020, pp. 27–30.
[8] M. Zhou, Y. Zheng, S. Wang, Z. Hua, H. Huang, Y. Gao, and X. Jia, “Ppta: A location privacy-preserving and flexible task assignment service for spatial crowdsourcing,” Computer Networks, vol. 224, p. 109600, 2023.
[9] P. Mohassel and Y. Zhang, “Secureml: A system for scalable privacy-preserving machine learning,” in 2017 IEEE symposium on security and privacy (SP). IEEE, 2017, pp. 19–38.
[10] Z. Xia, Q. Gu, W. Zhou, L. Xiong, J. Weng, and N. Xiong, “Str: Secure computation on additive shares using the share-transform-reveal strategy,” IEEE Transactions on Computers, 2021.
[11] S. Wagh, S. Tople, F. Benhamouda, E. Kushilevitz, P. Mittal, and T. Rabin, “F: Honest-majority maliciously secure framework for private deep learning,” Proceedings on Privacy Enhancing Technologies, vol. 2021, no. 1, pp. 188–208, 2021.
[12] X. Mu, Y. Shen, K. Cheng, X. Geng, J. Fu, T. Zhang, and Z. Zhang, “Fedproc: Prototypical contrastive federated learning on non-iid data,” Future Generation Computer Systems, vol. 143, pp. 93–104, 2023.
[13] S. Tan, B. Knott, Y. Tian, and D. J. Wu, “Cryptgpu: Fast privacy-preserving machine learning on the gpu,” in 2021 IEEE Symposium on Security and Privacy (SP). IEEE, 2021, pp. 1021–1038.
[14] J.-L. Watson, S. Wagh, and R. A. Popa, “Piranha: A {GPU} platform for secure computation,” in 31st USENIX Security Symposium (USENIX Security 22), 2022, pp. 827–844.
[15] D. Beaver, “Efficient multiparty protocols using circuit randomization,” in Advances in Cryptology—CRYPTO’91: Proceedings 11. Springer, 1992, pp. 420–432.
[16] E. Boyle, N. Gilboa, and Y. Ishai, “Function secret sharing,” in Advances in Cryptology-EUROCRYPT 2015: 34th Annual International Confer-ence on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part II. Springer, 2015, pp. 337–367.
[17] Boyle, Elette and Gilboa, Niv and Ishai, Yuval, “Secure computation with preprocessing via function secret sharing,” in Theory of Cryptog-raphy: 17th International Conference, TCC 2019, Nuremberg, Germany, December 1–5, 2019, Proceedings, Part I 17. Springer, 2019, pp. 341–371.
[18] E. Boyle, N. Chandran, N. Gilboa, D. Gupta, Y. Ishai, N. Kumar, and
M. Rathee, “Function secret sharing for mixed-mode and fixed-point secure computation,” in Advances in Cryptology–EUROCRYPT 2021: 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, October 17–21, 2021, Proceedings, Part II. Springer, 2021, pp. 871–900.
[19] S. Wagh, “Pika: Secure computation using function secret sharing over rings,” Cryptology ePrint Archive, 2022.
[20] J. Park, M. J. Kim, W. Jung, and J. H. Ahn, “Aespa: Accuracy preserving low-degree polynomial activation for fast private inference,” arXiv preprint arXiv:2201.06699, 2022.
[21] T. Zhang, A. Song, X. Dong, Y. Shen, and J. Ma, “Privacy-preserving asynchronous grouped federated learning for iot,” IEEE Internet of Things Journal, vol. 9, no. 7, pp. 5511–5523, 2021.