Anxiao Song1, Jiaxuan Fu1, Xutong Mu1, XingHui Zhu1, and Ke Cheng1
Jiaxuan Fu
1XIDIAN University 266 Xinglong Section of Xifeng Road, Xi’an, Shaanxi 710126
The advances in machine learning technology has promoted its great potential for deep neural network (DNN) inference powered applications of Internet of Things (IoT), such as facial verification cameras and speech recognition assistants. The current deployment of these applications also raises serious privacy concerns, especially when sensitive individual information is accessed easily by various IoT devices. Fortunately, the cryptography-based solutions are able to execute secure inference without infringing the user’s raw data and the model owner’s proprietary model. However, existing works suffer from impractically high latency and low accuracy, stemming primarily from the evaluations of the non-linear layers in DNN. In this paper, we propose L-SecNet, a lightweight secure neural network inference system that provides efficient inference services without sacrificing accuracy and privacy. Specifically, to reduce latency caused by comparison operations in non-linear layers, we subtly combine additive secret sharing and multiplicative secret sharing to design a lightweight secure comparison protocol. Further, we approximate the commonly used and time-consuming activation functions (including Sigmoid and Tanh functions) with the non-linear sin function instead of the linear polynomial approximation functions in the existing works. In order to maintain low running latency while meeting the requirement of high accuracy, a secure and lightweight protocol for a sin function is proposed. Our theoretical analysis and empirical experiments evaluate the security and efficiency of the L-SecNet system. Compared with the state-of-the-art works, L-SecNet saves up to about 80 times bandwidth and about 53 times runtime.
Secure neural network inference, Lightweight comparison, Accurate non-linear Function, Low latency
Anxiao Song, Jiaxuan Fu, Xutong Mu,XingHui Zhu, and Ke Cheng (2023). L-SecNet: Towards Secure and Lightweight Deep Neural Network Inference. Journal of Networking and Network Applications, Volume 3, Issue 4, pp. 171–181. https://doi.org/10.33969/J-NaNA.2023.030404.
[1] X. Wu, X. Feng, X. Cao, X. Xu, D. Hu, M. B. L´opez, and L. Liu, “Facial kinship verification: A comprehensive review and outlook,” International Journal of Computer Vision, pp. 1–32, 2022.
[2] B. Xu, C. Lu, Y. Guo, and J. Wang, “Discriminative multi-modality speech recognition,” in Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, 2020, pp. 14 433–14 442.
[3] Q. Lou, W.-j. Lu, C. Hong, and L. Jiang, “Falcon: fast spectral inference on encrypted data,” Advances in Neural Information Processing Systems, vol. 33, pp. 2364–2374, 2020.
[4] M. Samragh, S. Hussain, X. Zhang, K. Huang, and F. Koushanfar, “On the application of binary neural networks in oblivious inference,” in Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, 2021, pp. 4630–4639.
[5] A. Brutzkus, R. Gilad-Bachrach, and O. Elisha, “Low latency privacy preserving inference,” in International Conference on Machine Learning. PMLR, 2019, pp. 812–821.
[6] M. S. Riazi, C. Weinert, O. Tkachenko, E. M. Songhori, T. Schneider, and F. Koushanfar, “Chameleon: A hybrid secure computation frame-work for machine learning applications,” in Proceedings of the 2018 on Asia conference on computer and communications security, 2018, pp. 707–721.
[7] L. K. Ng and S. S. Chow, “{GForce}:{GPU-Friendly} oblivious and rapid neural network inference,” in 30th USENIX Security Symposium (USENIX Security 21), 2021, pp. 2147–2164.
[8] N. Koti, M. Pancholi, A. Patra, and A. Suresh, “{SWIFT}: Super-fast and robust {Privacy-Preserving} machine learning,” in 30th USENIX Security Symposium (USENIX Security 21), 2021, pp. 2651–2668.
[9] P. Mohassel and Y. Zhang, “Secureml: A system for scalable privacy-preserving machine learning,” in 2017 IEEE Symposium on Security and Privacy (SP), 2017, pp. 19–38.
[10] P. Mishra, R. Lehmkuhl, A. Srinivasan, W. Zheng, and R. A. Popa, “Delphi: A cryptographic inference service for neural networks,” in 29th USENIX Security Symposium (USENIX Security 20), 2020, pp. 2505–2522.
[11] Z. Ghodsi, A. K. Veldanda, B. Reagen, and S. Garg, “Cryptonas: Private inference on a relu budget,” in Advances in Neural Information Processing Systems, vol. 33. Curran Associates, Inc., 2020, pp. 16 961–16 971.
[12] Q. Lou, Y. Shen, H. Jin, and L. Jiang, “{SAFEN}et: A secure, accurate and fast neural network inference,” in International Conference on Learning Representations, 2021.
[13] N. K. Jha, Z. Ghodsi, S. Garg, and B. Reagen, “Deepreduce: Relu reduction for fast private inference,” in International Conference on Machine Learning. PMLR, 2021, pp. 4839–4849.
[14] Q. Li, Z. Huang, W.-j. Lu, C. Hong, H. Qu, H. He, and W. Zhang, “Homopai: A secure collaborative machine learning platform based on homomorphic encryption,” in 2020 IEEE 36th International Conference on Data Engineering (ICDE). IEEE, 2020, pp. 1713–1717.
[15] R. Gilad-Bachrach, N. Dowlin, K. Laine, K. Lauter, M. Naehrig, and J. Wernsing, “Cryptonets: Applying neural networks to encrypted data with high throughput and accuracy,” in International conference on machine learning. PMLR, 2016, pp. 201–210.
[16] J. Liu, M. Juuti, Y. Lu, and N. Asokan, “Oblivious neural network predictions via minionn transformations,” in Proceedings of the 2017 ACM SIGSAC conference on computer and communications security, 2017, pp. 619–631.
[17] D. Demmler, T. Schneider, and M. Zohner, “Aby-a framework for efficient mixed-protocol secure two-party computation.” in NDSS, 2015.
[18] A. Patra, T. Schneider, A. Suresh, and H. Yalame, “{ABY2. 0}: Improved {Mixed-Protocol} secure {Two-Party} computation,” in 30th USENIX Security Symposium (USENIX Security 21), 2021, pp. 2165–2182.
[19] C. Juvekar, V. Vaikuntanathan, and A. Chandrakasan, “{GAZELLE}: A low latency framework for secure neural network inference,” in 27th USENIX Security Symposium (USENIX Security 18), 2018, pp. 1651–1669.
[20] Q. Lou, Y. Shen, H. Jin, and L. Jiang, “Safenet: A secure, accurate and fast neural network inference,” in International Conference on Learning Representations, 2020.
[21] D. Beaver, “Efficient multiparty protocols using circuit randomization,” in Annual International Cryptology Conference. Springer, 1991, pp. 420–432.
[22] X. Liu, Y. Zheng, X. Yuan, and X. Yi, “Securely outsourcing neural network inference to the cloud with lightweight techniques,” IEEE Transactions on Dependable and Secure Computing, pp. 1–1, 2022.
[23] K. Huang, X. Liu, S. Fu, D. Guo, and M. Xu, “A lightweight privacy-preserving cnn feature extraction framework for mobile sensing,” IEEE Transactions on Dependable and Secure Computing, vol. 18, no. 3, pp. 1441–1455, 2019.
[24] C. Nebauer, “Evaluation of convolutional neural networks for visual recognition,” IEEE transactions on neural networks, vol. 9, no. 4, pp. 685–696, 1998.
[25] M. Ciampi, V. Goyal, and R. Ostrovsky, “Threshold garbled circuits and ad hoc secure computation,” in Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 2021, pp. 64–93.
[26] D. Rathee, M. Rathee, R. K. K. Goli, D. Gupta, R. Sharma, N. Chandran, and A. Rastogi, “Sirnn: A math library for secure rnn inference,” in 2021 IEEE Symposium on Security and Privacy (SP). IEEE, 2021, pp. 1003–1020.
[27] W.-j. Lu, Z. Huang, C. Hong, Y. Ma, and H. Qu, “Pegasus: bridging polynomial and non-polynomial evaluations in homomorphic encryp-tion,” in 2021 IEEE Symposium on Security and Privacy (SP). IEEE, 2021, pp. 1057–1073.
[28] P. Kim, “Convolutional neural network,” in MATLAB deep learning. Springer, 2017, pp. 121–147.
[29] R. Canetti, “Universally composable security: A new paradigm for cryptographic protocols,” in Proceedings 42nd IEEE Symposium on Foundations of Computer Science. IEEE, 2001, pp. 136–145.
[30] R. Canetti, A. Cohen, and Y. Lindell, “A simpler variant of universally composable security for standard multiparty computation,” in Annual Cryptology Conference. Springer, 2015, pp. 3–22.
[31] A. Ben-David, N. Nisan, and B. Pinkas, “Fairplaymp: a system for secure multi-party computation,” in Proceedings of the 15th ACM conference on Computer and communications security, 2008, pp. 257–266.
[32] D. Bogdanov, S. Laur, and J. Willemson, “Sharemind: A framework for fast privacy-preserving computations,” in European Symposium on Research in Computer Security. Springer, 2008, pp. 192–206.
[33] Y. Zheng, H. Duan, and C. Wang, “Towards secure and efficient outsourcing of machine learning classification,” in European Symposium on Research in Computer Security. Springer, 2019, pp. 22–40.
[34] M. Keller, E. Orsini, and P. Scholl, “Mascot: Faster malicious arithmetic secure computation with oblivious transfer,” in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2016, p. 830–842.
[35] K. He, X. Zhang, S. Ren, and J. Sun, “Deep residual learning for image recognition,” in Proceedings of the IEEE conference on computer vision and pattern recognition, 2016, pp. 770–778.
[36] X. Liu, B. Wu, X. Yuan, and X. Yi, “Leia: A lightweight cryptographic neural network inference system at the edge,” IEEE Transactions on Information Forensics and Security, vol. 17, pp. 237–252, 2021.
[37] N. Chandran, D. Gupta, A. Rastogi, R. Sharma, and S. Tripathi, “Ezpc: programmable and efficient secure two-party computation for machine learning,” in 2019 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 2019, pp. 496–511.