Abstract
Homomorphic encryption (HE), which allows computations on encrypted data, is an enabling technology for confidential cloud computing. One notable example is privacy-preserving Prediction-as-a-Service (PaaS), where machine-learning predictions are computed on encrypted data. However, developing HE-based solutions for encrypted PaaS is a tedious task which requires a careful design that predominantly depends on the deployment scenario and on leveraging the characteristics of modern HE schemes. Prior works on privacy-preserving PaaS focus solely on protecting the confidentiality of the client data uploaded to a remote model provider, e.g., a cloud offering a prediction API, and assume (or take advantage of the fact) that the model is held in plaintext. Furthermore, their aim is to either minimize the latency of the service by processing one sample at a time, or to maximize the number of samples processed per second, while processing a fixed (large) number of samples. In this work, we present slytHErin, an agile framework that enables privacy-preserving PaaS beyond the application scenarios considered in prior works. Thanks to its hybrid design leveraging HE and its multiparty variant (MHE), slytHErin enables novel PaaS scenarios by encrypting the data, the model or both. Moreover, slytHErin features a flexible input data packing approach that allows processing a batch of an arbitrary number of samples, and several computation optimizations that are model-and-setting-agnostic. slytHErin is implemented in Go and it allows end-users to perform encrypted PaaS on custom deep learning models comprising fully-connected, convolutional, and pooling layers, in a few lines of code and without having to worry about the cumbersome implementation and optimization concerns inherent to HE.
F. Intoci and S. Sav—These authors contributed equally to this work.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Abadi, M., et al.: TensorFlow: large-scale machine learning on heterogeneous systems (2015). http://tensorflow.org/
Almeida, M., Laskaridis, S., Venieris, S.I., Leontiadis, I., Lane, N.D.: DynO: dynamic onloading of deep neural networks from cloud to device. ACM Trans. Embed. Comput. Syst. 21(6), 1–24 (2022). https://doi.org/10.1145/3510831
Amazon Forecast (2023). https://aws.amazon.com/forecast/. Accessed 01 Jan 2023
Machine Learning on AWS (2023). https://aws.amazon.com/machine-learning/. Accessed 01 Jan 2023
Azure Machine Learning (2023). https://azure.microsoft.com/en-us/products/machine-learning/. Accessed 01 Jan 2023
Microsoft Azure Cognitive Service (2023). https://learn.microsoft.com/en-us/azure/cognitive-services/language-service/. Accessed 01 Jan 2023
Machine Learning made beautifully simple for everyone (2023). https://bigml.com/. Accessed 01 Jan 2023
Boemer, F., Costache, A., Cammarota, R., Wierzynski, C.: nGraph-HE2: a high-throughput framework for neural network inference on encrypted data. In: ACM WAHC (2019)
Boemer, F., Lao, Y., Wierzynski, C.: nGraph-HE: a graph compiler for deep learning on homomorphically encrypted data. CoRR abs/1810.10121 (2018). http://arxiv.org/abs/1810.10121
Boura, C., Gama, N., Georgieva, M.: Chimera: a unified framework for B/FV, TFHE and HEAAN fully homomorphic encryption and predictions for deep learning. IACR Cryptol. ePrint Arch. 2018, 758 (2018)
Brutzkus, A., Gilad-Bachrach, R., Elisha, O.: Low latency privacy preserving inference. In: International Conference on Machine Learning, pp. 812–821. PMLR (2019)
California Consumer Privacy Act (CCPA) (2023). https://www.oag.ca.gov/privacy/ccpa. Accessed 01 Jan 2023
Chabanne, H., de Wargny, A., Milgram, J., Morel, C., Prouff, E.: Privacy-preserving classification on deep neural network. IACR Cryptol. ePrint Arch. 2017, 35 (2017)
Cheon, J.H., Kim, A., Kim, M., Song, Y.: Homomorphic encryption for arithmetic of approximate numbers. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 409–437. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70694-8_15
Chillotti, I., Gama, N., Georgieva, M., Izabachène, M.: TFHE: fast fully homomorphic encryption over the torus. J. Cryptology 33(1), 34–91 (2020). https://doi.org/10.1007/s00145-019-09319-x
Chillotti, I., Joye, M., Paillier, P.: Programmable bootstrapping enables efficient homomorphic inference of deep neural networks. Cryptology ePrint Archive, Paper 2021/091 (2021)
Chou, E., Beal, J., Levy, D., Yeung, S., Haque, A., Fei-Fei, L.: Faster cryptoNets: leveraging sparsity for real-world encrypted inference. CoRR abs/1811.09953 (2018). http://arxiv.org/abs/1811.09953
Dathathri, R., et al.: CHET: an optimizing compiler for fully-homomorphic neural-network inferencing. In: Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 142–156. PLDI 2019, Association for Computing Machinery, New York, NY, USA (2019). https://doi.org/10.1145/3314221.3314628
Froelicher, D., et al.: Scalable privacy-preserving distributed learning. In: PETS (2021)
The EU General Data Protection Regulation (2023). https://gdpr-info.eu/. Accessed 01 Jan 2023
Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing, pp. 169–178. STOC 2009, Association for Computing Machinery, New York, NY, USA (2009). https://doi.org/10.1145/1536414.1536440
Gilad-Bachrach, R., Dowlin, N., Laine, K., Lauter, K., Naehrig, M., Wernsing, J.: CryptoNets: applying neural networks to encrypted data with high throughput and accuracy. In: ICML (2016)
Gnacik, M., Łapa, K.: Using Toeplitz matrices to obtain 2D convolution (2022). https://doi.org/10.21203/rs.3.rs-2195496/v1
Go Programming Language (2023). https://golang.org. Accessed 01 Jan 2023
AI and machine learning products (2023). https://cloud.google.com/products/ai. Accessed 01 Jan 2023
Gray, R.M.: Toeplitz and circulant matrices: a review. Found. Trends® Commun. Inf. Theory 2(3), 155–239 (2006). https://doi.org/10.1561/0100000006
Halevi, S., Shoup, V.: HElib - an implementation of homomorphic encryption (2014). https://github.com/shaih/HElib/. Accessed 01 Jan 2023
Halevi, S., Shoup, V.: Algorithms in HElib. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 554–571. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_31
Hesamifard, E., Takabi, H., Ghasemi, M., Wright, R.: Privacy-preserving machine learning as a service. PETS 2018, 123–142 (2018)
Centers for Medicare & Medicaid Services. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) (2023). https://www.cms.gov/Regulations-and-Guidance/Administrative-Simplification/HIPAA-ACA/PrivacyandSecurityInformation. Accessed 01 Jan 2023
Huang, Z., Lu, W.J., Hong, C., Ding, J.: Cheetah: lean and fast secure two-party deep neural network inference. In: 31st USENIX Security Symposium (2022)
Jiang, X., Kim, M., Lauter, K., Song, Y.: Secure outsourced matrix computation and application to neural networks. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1209–1222. CCS 2018, Association for Computing Machinery, New York, NY, USA (2018). https://doi.org/10.1145/3243734.3243837
Juvekar, C., Vaikuntanathan, V., Chandrakasan, A.: GAZELLE: a low latency framework for secure neural network inference. In: USENIX Security (2018)
Kim, M., Jiang, X., Lauter, K., Ismayilzada, E., Shams, S.: Secure human action recognition by encrypted neural network inference. Nat. Commun. 13(1), 4799 (2022). https://doi.org/10.1038/s41467-022-32168-5
Lattigo: a library for lattice-based homomorphic encryption in go (2023). https://github.com/ldsec/lattigo. Accessed 01 Jan 2023
LeCun, Y., Cortes, C.: MNIST handwritten digit database (2010)
Liu, J., Juuti, M., Lu, Y., Asokan, N.: Oblivious neural network predictions via MiniONN transformations. In: ACM CCS (2017)
Lloret-Talavera, G., et al.: Enabling homomorphically encrypted inference for large DNN models. IEEE Trans. Comput. 7, 1145–1155 (2021). https://doi.org/10.1109/TC.2021.3076123
Lu, W.J., Sakuma, J.: More practical privacy-preserving machine learning as a service via efficient secure matrix multiplication. In: Proceedings of the 6th Workshop on Encrypted Computing & Applied Homomorphic Cryptography, pp. 25–36. WAHC 2018, Association for Computing Machinery, New York, NY, USA (2018)
Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. J. ACM (JACM) 60(6), 1–35 (2013)
Meftah, S., Tan, B.H.M., Mun, C.F., Aung, K.M.M., Veeravalli, B., Chandrasekhar, V.: DOReN: toward efficient deep convolutional neural networks with fully homomorphic encryption. IEEE Trans. Inf. Forensics Secur. 16, 3740–3752 (2021). https://doi.org/10.1109/TIFS.2021.3090959
Mishra, P., Lehmkuhl, R., Srinivasan, A., Zheng, W., Popa, R.A.: Delphi: A cryptographic inference service for neural networks. In: USENIX Security (2020)
Mouchet, C., Troncoso-Pastoriza, J.R., Bossuat, J.P., Hubaux, J.P.: Multiparty homomorphic encryption from ring-learning-with-errors. PETS 2021, 291–311 (2021)
Murshed, M.G.S., Murphy, C., Hou, D., Khan, N., Ananthanarayanan, G., Hussain, F.: Machine learning at the network edge: a survey. ACM Comput. Surv. 54(8), 1–37 (2021). https://doi.org/10.1145/3469029
Paszke, A., et al.: Automatic differentiation in PyTorch. In: 31st Conference on Neural Information Processing Systems (NIPS 2017) (2017)
Patra, A., Suresh, A.: BLAZE: blazing fast privacy-preserving machine learning. In: NDSS (2020)
Ran, R., Wang, W., Gang, Q., Yin, J., Xu, N., Wen, W.: CryptoGCN: fast and scalable homomorphically encrypted graph convolutional network inference. In: Oh, A.H., Agarwal, A., Belgrave, D., Cho, K. (eds.) Advances in Neural Information Processing Systems (2022). https://openreview.net/forum?id=VeQBBm1MmTZ
Rathee, D., et al.: CrypTFlow2: practical 2-party secure inference. In: ACM CCS, pp. 325–342 (2020)
Riazi, M.S., Samragh, M., Chen, H., Laine, K., Lauter, K.E., Koushanfar, F.: XONN: XNOR-based oblivious deep neural network inference. In: USENIX Security (2019)
Rohloff, K.: The PALISADE lattice cryptography library (2018). https://git.njit.edu/palisade/PALISADE
Sav, S., Bossuat, J.P., Troncoso-Pastoriza, J.R., Claassen, M., Hubaux, J.P.: Privacy-preserving federated neural network learning for disease-associated cell classification. Patterns 3(5) (2022). https://doi.org/10.1016/j.patter.2022.100487
Sav, S., Diaa, A., Pyrgelis, A., Bossuat, J.P., Hubaux, J.P.: Privacy-preserving federated recurrent neural networks. CoRR abs/2207.13947 (2022). https://arxiv.org/abs/2207.13947
Sav, S., et al.: POSEIDON: privacy-preserving federated neural network learning. In: Network and Distributed System Security Symposium (NDSS) (2021)
Microsoft SEAL (release 3.3) (2023). https://github.com/Microsoft/SEAL. Accessed 01 Jan 2023
Sim, S.H., Paranjpe, T., Roberts, N., Zhao, M.: Exploring edge machine learning-based stress prediction using wearable devices. In: 2022 21st IEEE International Conference on Machine Learning and Applications (ICMLA), pp. 1266–1273 (2022). https://doi.org/10.1109/ICMLA55696.2022.00203
Watson Machine Learning (2023). https://cloud.ibm.com/catalog/services/watson-machine-learning. Accessed 01 Jan 2023
Xu, G., et al.: Hercules: boosting the performance of privacy-preserving federated learning. IEEE Trans. Dependable Secure Comput. 1–18 (2022). https://doi.org/10.1109/TDSC.2022.3218793
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Intoci, F., Sav, S., Pyrgelis, A., Bossuat, JP., Troncoso-Pastoriza, J.R., Hubaux, JP. (2023). slytHErin: An Agile Framework for Encrypted Deep Neural Network Inference. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2023. Lecture Notes in Computer Science, vol 13907. Springer, Cham. https://doi.org/10.1007/978-3-031-41181-6_20
Download citation
DOI: https://doi.org/10.1007/978-3-031-41181-6_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-41180-9
Online ISBN: 978-3-031-41181-6
eBook Packages: Computer ScienceComputer Science (R0)