Papers
Topics
Authors
Recent
Search
2000 character limit reached

Fast and Private Inference of Deep Neural Networks by Co-designing Activation Functions

Published 14 Jun 2023 in cs.CR and cs.LG | (2306.08538v2)

Abstract: Machine Learning as a Service (MLaaS) is an increasingly popular design where a company with abundant computing resources trains a deep neural network and offers query access for tasks like image classification. The challenge with this design is that MLaaS requires the client to reveal their potentially sensitive queries to the company hosting the model. Multi-party computation (MPC) protects the client's data by allowing encrypted inferences. However, current approaches suffer from prohibitively large inference times. The inference time bottleneck in MPC is the evaluation of non-linear layers such as ReLU activation functions. Motivated by the success of previous work co-designing machine learning and MPC, we develop an activation function co-design. We replace all ReLUs with a polynomial approximation and evaluate them with single-round MPC protocols, which give state-of-the-art inference times in wide-area networks. Furthermore, to address the accuracy issues previously encountered with polynomial activations, we propose a novel training algorithm that gives accuracy competitive with plaintext models. Our evaluation shows between $3$ and $110\times$ speedups in inference time on large models with up to $23$ million parameters while maintaining competitive inference accuracy.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (33)
  1. Deep Learning with Differential Privacy. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS ’16, pages 308–318, New York, NY, USA, October 2016. Association for Computing Machinery.
  2. PolyKervNets: Activation-free Neural Networks For Efficient Private Inference. In First IEEE Conference on Secure and Trustworthy Machine Learning, February 2023.
  3. GEKKO optimization suite. Processes, 6(8):106, 2018.
  4. Donald Beaver. Foundations of secure interactive computing. In Advances in Cryptology — CRYPTO 1991, pages 377–391, 1991.
  5. Completeness theorems for non-cryptographic fault-tolerant distributed computation. In Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, STOC ’88, pages 1–10, New York, NY, USA, January 1988. Association for Computing Machinery.
  6. Octavian Catrina. Round-Efficient Protocols for Secure Multiparty Fixed-Point Arithmetic. In 2018 International Conference on Communications (COMM), pages 431–436, June 2018.
  7. Octavian Catrina and Sebastiaan de Hoogh. Improved Primitives for Secure Multiparty Integer Computation. In Juan A. Garay and Roberto De Prisco, editors, Security and Cryptography for Networks, Lecture Notes in Computer Science, pages 182–199, Berlin, Heidelberg, 2010. Springer.
  8. Unconditionally Secure Constant-Rounds Multi-party Computation for Equality, Comparison, Bits and Exponentiation. In Shai Halevi and Tal Rabin, editors, Theory of Cryptography, Lecture Notes in Computer Science, pages 285–304, Berlin, Heidelberg, 2006. Springer.
  9. ABY - A Framework for Efficient Mixed-Protocol Secure Two-Party Computation. In Proceedings 2015 Network and Distributed System Security Symposium, San Diego, CA, 2015. Internet Society.
  10. ImageNet: A large-scale hierarchical image database. In 2009 IEEE Conference on Computer Vision and Pattern Recognition, pages 248–255, June 2009.
  11. Improved Primitives for MPC over Mixed Arithmetic-Binary Circuits. In Daniele Micciancio and Thomas Ristenpart, editors, Advances in Cryptology – CRYPTO 2020, Lecture Notes in Computer Science, pages 823–852, Cham, 2020. Springer International Publishing.
  12. Sisyphus: A Cautionary Tale of Using Low-Degree Polynomial Activations in Privacy-Preserving Deep Learning, November 2021.
  13. CryptoNAS | Proceedings of the 34th International Conference on Neural Information Processing Systems. Advances in Neural Information Processing Systems, 33:16961–16971, 2020.
  14. CryptoNets: Applying Neural Networks to Encrypted Data with High Throughput and Accuracy. In Proceedings of The 33rd International Conference on Machine Learning, pages 201–210. PMLR, June 2016.
  15. Oded Goldreich. Foundations of Cryptography: Basic Applications, volume 2. Cambridge university press, 2009.
  16. Deep Residual Learning for Image Recognition. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pages 770–778, 2016.
  17. COINN: Crypto/ML Codesign for Oblivious Inference via Neural Networks. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, CCS ’21, pages 3266–3281, New York, NY, USA, November 2021. Association for Computing Machinery.
  18. High accuracy and high fidelity extraction of neural networks. In 29th USENIX Security Symposium (USENIX Security 20), SEC’20, pages 1345–1362, USA, August 2020.
  19. DeepReDuce: ReLU Reduction for Fast Private Inference. In Proceedings of the 38th International Conference on Machine Learning, pages 4839–4849. PMLR, July 2021.
  20. CrypTen: Secure Multi-Party Computation Meets Machine Learning. In Advances in Neural Information Processing Systems, volume 34, pages 4961–4973. Curran Associates, Inc., 2021.
  21. Alex Krizhevsky et al. Learning multiple layers of features from tiny images. 2009.
  22. Precise Approximation of Convolutional Neural Networks for Homomorphically Encrypted Data, June 2021.
  23. FALCON: A Fourier Transform Based Approach for Fast and Secure Convolutional Neural Network Predictions. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pages 8705–8714, 2020.
  24. Oblivious Neural Network Predictions via MiniONN Transformations. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS ’17, pages 619–631, New York, NY, USA, October 2017. Association for Computing Machinery.
  25. Polymath: Low-Latency MPC via Secure Polynomial Evaluations and Its Applications. Proceedings on Privacy Enhancing Technologies, 2022(1):396–416, January 2022.
  26. HoneyBadgerMPC and AsynchroMix: Practical Asynchronous MPC and its Application to Anonymous Communication. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS ’19, pages 887–903, New York, NY, USA, November 2019. Association for Computing Machinery.
  27. Delphi: A Cryptographic Inference Service for Neural Networks. In 29th USENIX Security Symposium (USENIX Security 20), pages 2505–2522, 2020.
  28. SecureML: A System for Scalable Privacy-Preserving Machine Learning. In 2017 IEEE Symposium on Security and Privacy (SP), pages 19–38, May 2017.
  29. Lucien K. L. Ng and Sherman S. M. Chow. {}GForce{}: {}GPU-Friendly{} Oblivious and Rapid Neural Network Inference. In 30th USENIX Security Symposium (USENIX Security 21), pages 2147–2164, 2021.
  30. Lucien K. L. Ng and Sherman S. M. Chow. SoK: Cryptographic Neural-Network Computation. In 2023 IEEE Symposium on Security and Privacy (SP), pages 497–514, May 2023.
  31. Very Deep Convolutional Networks for Large-Scale Image Recognition, April 2015.
  32. CryptGPU: Fast Privacy-Preserving Machine Learning on the GPU. In 2021 IEEE Symposium on Security and Privacy (SP), pages 1021–1038, May 2021.
  33. Stealing machine learning models via prediction apis. In 25th USENIX Security Symposium (USENIX Security 16), volume 16, pages 601–618, 2016.
Citations (4)
View on Semantic Scholar

Summary

No one has generated a summary of this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Summarize

Paper to Video (Beta)

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up