[go: up one dir, main page]
Skip to main content
SpringerLink
Log in

slytHErin: An Agile Framework for Encrypted Deep Neural Network Inference

  • Conference paper
  • First Online:
Applied Cryptography and Network Security Workshops (ACNS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13907))

Included in the following conference series:

  • 536 Accesses

Abstract

Homomorphic encryption (HE), which allows computations on encrypted data, is an enabling technology for confidential cloud computing. One notable example is privacy-preserving Prediction-as-a-Service (PaaS), where machine-learning predictions are computed on encrypted data. However, developing HE-based solutions for encrypted PaaS is a tedious task which requires a careful design that predominantly depends on the deployment scenario and on leveraging the characteristics of modern HE schemes. Prior works on privacy-preserving PaaS focus solely on protecting the confidentiality of the client data uploaded to a remote model provider, e.g., a cloud offering a prediction API, and assume (or take advantage of the fact) that the model is held in plaintext. Furthermore, their aim is to either minimize the latency of the service by processing one sample at a time, or to maximize the number of samples processed per second, while processing a fixed (large) number of samples. In this work, we present slytHErin, an agile framework that enables privacy-preserving PaaS beyond the application scenarios considered in prior works. Thanks to its hybrid design leveraging HE and its multiparty variant (MHE), slytHErin enables novel PaaS scenarios by encrypting the data, the model or both. Moreover, slytHErin features a flexible input data packing approach that allows processing a batch of an arbitrary number of samples, and several computation optimizations that are model-and-setting-agnostic. slytHErin is implemented in Go and it allows end-users to perform encrypted PaaS on custom deep learning models comprising fully-connected, convolutional, and pooling layers, in a few lines of code and without having to worry about the cumbersome implementation and optimization concerns inherent to HE.

F. Intoci and S. Sav—These authors contributed equally to this work.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Abadi, M., et al.: TensorFlow: large-scale machine learning on heterogeneous systems (2015). http://tensorflow.org/

  2. Almeida, M., Laskaridis, S., Venieris, S.I., Leontiadis, I., Lane, N.D.: DynO: dynamic onloading of deep neural networks from cloud to device. ACM Trans. Embed. Comput. Syst. 21(6), 1–24 (2022). https://doi.org/10.1145/3510831

    Article  Google Scholar 

  3. Amazon Forecast (2023). https://aws.amazon.com/forecast/. Accessed 01 Jan 2023

  4. Machine Learning on AWS (2023). https://aws.amazon.com/machine-learning/. Accessed 01 Jan 2023

  5. Azure Machine Learning (2023). https://azure.microsoft.com/en-us/products/machine-learning/. Accessed 01 Jan 2023

  6. Microsoft Azure Cognitive Service (2023). https://learn.microsoft.com/en-us/azure/cognitive-services/language-service/. Accessed 01 Jan 2023

  7. Machine Learning made beautifully simple for everyone (2023). https://bigml.com/. Accessed 01 Jan 2023

  8. Boemer, F., Costache, A., Cammarota, R., Wierzynski, C.: nGraph-HE2: a high-throughput framework for neural network inference on encrypted data. In: ACM WAHC (2019)

    Google Scholar 

  9. Boemer, F., Lao, Y., Wierzynski, C.: nGraph-HE: a graph compiler for deep learning on homomorphically encrypted data. CoRR abs/1810.10121 (2018). http://arxiv.org/abs/1810.10121

  10. Boura, C., Gama, N., Georgieva, M.: Chimera: a unified framework for B/FV, TFHE and HEAAN fully homomorphic encryption and predictions for deep learning. IACR Cryptol. ePrint Arch. 2018, 758 (2018)

    Google Scholar 

  11. Brutzkus, A., Gilad-Bachrach, R., Elisha, O.: Low latency privacy preserving inference. In: International Conference on Machine Learning, pp. 812–821. PMLR (2019)

    Google Scholar 

  12. California Consumer Privacy Act (CCPA) (2023). https://www.oag.ca.gov/privacy/ccpa. Accessed 01 Jan 2023

  13. Chabanne, H., de Wargny, A., Milgram, J., Morel, C., Prouff, E.: Privacy-preserving classification on deep neural network. IACR Cryptol. ePrint Arch. 2017, 35 (2017)

    Google Scholar 

  14. Cheon, J.H., Kim, A., Kim, M., Song, Y.: Homomorphic encryption for arithmetic of approximate numbers. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 409–437. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70694-8_15

    Chapter  Google Scholar 

  15. Chillotti, I., Gama, N., Georgieva, M., Izabachène, M.: TFHE: fast fully homomorphic encryption over the torus. J. Cryptology 33(1), 34–91 (2020). https://doi.org/10.1007/s00145-019-09319-x

    Article  MathSciNet  MATH  Google Scholar 

  16. Chillotti, I., Joye, M., Paillier, P.: Programmable bootstrapping enables efficient homomorphic inference of deep neural networks. Cryptology ePrint Archive, Paper 2021/091 (2021)

    Google Scholar 

  17. Chou, E., Beal, J., Levy, D., Yeung, S., Haque, A., Fei-Fei, L.: Faster cryptoNets: leveraging sparsity for real-world encrypted inference. CoRR abs/1811.09953 (2018). http://arxiv.org/abs/1811.09953

  18. Dathathri, R., et al.: CHET: an optimizing compiler for fully-homomorphic neural-network inferencing. In: Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 142–156. PLDI 2019, Association for Computing Machinery, New York, NY, USA (2019). https://doi.org/10.1145/3314221.3314628

  19. Froelicher, D., et al.: Scalable privacy-preserving distributed learning. In: PETS (2021)

    Google Scholar 

  20. The EU General Data Protection Regulation (2023). https://gdpr-info.eu/. Accessed 01 Jan 2023

  21. Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing, pp. 169–178. STOC 2009, Association for Computing Machinery, New York, NY, USA (2009). https://doi.org/10.1145/1536414.1536440

  22. Gilad-Bachrach, R., Dowlin, N., Laine, K., Lauter, K., Naehrig, M., Wernsing, J.: CryptoNets: applying neural networks to encrypted data with high throughput and accuracy. In: ICML (2016)

    Google Scholar 

  23. Gnacik, M., Łapa, K.: Using Toeplitz matrices to obtain 2D convolution (2022). https://doi.org/10.21203/rs.3.rs-2195496/v1

  24. Go Programming Language (2023). https://golang.org. Accessed 01 Jan 2023

  25. AI and machine learning products (2023). https://cloud.google.com/products/ai. Accessed 01 Jan 2023

  26. Gray, R.M.: Toeplitz and circulant matrices: a review. Found. Trends® Commun. Inf. Theory 2(3), 155–239 (2006). https://doi.org/10.1561/0100000006

  27. Halevi, S., Shoup, V.: HElib - an implementation of homomorphic encryption (2014). https://github.com/shaih/HElib/. Accessed 01 Jan 2023

  28. Halevi, S., Shoup, V.: Algorithms in HElib. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 554–571. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_31

    Chapter  MATH  Google Scholar 

  29. Hesamifard, E., Takabi, H., Ghasemi, M., Wright, R.: Privacy-preserving machine learning as a service. PETS 2018, 123–142 (2018)

    Google Scholar 

  30. Centers for Medicare & Medicaid Services. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) (2023). https://www.cms.gov/Regulations-and-Guidance/Administrative-Simplification/HIPAA-ACA/PrivacyandSecurityInformation. Accessed 01 Jan 2023

  31. Huang, Z., Lu, W.J., Hong, C., Ding, J.: Cheetah: lean and fast secure two-party deep neural network inference. In: 31st USENIX Security Symposium (2022)

    Google Scholar 

  32. Jiang, X., Kim, M., Lauter, K., Song, Y.: Secure outsourced matrix computation and application to neural networks. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1209–1222. CCS 2018, Association for Computing Machinery, New York, NY, USA (2018). https://doi.org/10.1145/3243734.3243837

  33. Juvekar, C., Vaikuntanathan, V., Chandrakasan, A.: GAZELLE: a low latency framework for secure neural network inference. In: USENIX Security (2018)

    Google Scholar 

  34. Kim, M., Jiang, X., Lauter, K., Ismayilzada, E., Shams, S.: Secure human action recognition by encrypted neural network inference. Nat. Commun. 13(1), 4799 (2022). https://doi.org/10.1038/s41467-022-32168-5

    Article  Google Scholar 

  35. Lattigo: a library for lattice-based homomorphic encryption in go (2023). https://github.com/ldsec/lattigo. Accessed 01 Jan 2023

  36. LeCun, Y., Cortes, C.: MNIST handwritten digit database (2010)

    Google Scholar 

  37. Liu, J., Juuti, M., Lu, Y., Asokan, N.: Oblivious neural network predictions via MiniONN transformations. In: ACM CCS (2017)

    Google Scholar 

  38. Lloret-Talavera, G., et al.: Enabling homomorphically encrypted inference for large DNN models. IEEE Trans. Comput. 7, 1145–1155 (2021). https://doi.org/10.1109/TC.2021.3076123

    Article  MATH  Google Scholar 

  39. Lu, W.J., Sakuma, J.: More practical privacy-preserving machine learning as a service via efficient secure matrix multiplication. In: Proceedings of the 6th Workshop on Encrypted Computing & Applied Homomorphic Cryptography, pp. 25–36. WAHC 2018, Association for Computing Machinery, New York, NY, USA (2018)

    Google Scholar 

  40. Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. J. ACM (JACM) 60(6), 1–35 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  41. Meftah, S., Tan, B.H.M., Mun, C.F., Aung, K.M.M., Veeravalli, B., Chandrasekhar, V.: DOReN: toward efficient deep convolutional neural networks with fully homomorphic encryption. IEEE Trans. Inf. Forensics Secur. 16, 3740–3752 (2021). https://doi.org/10.1109/TIFS.2021.3090959

    Article  Google Scholar 

  42. Mishra, P., Lehmkuhl, R., Srinivasan, A., Zheng, W., Popa, R.A.: Delphi: A cryptographic inference service for neural networks. In: USENIX Security (2020)

    Google Scholar 

  43. Mouchet, C., Troncoso-Pastoriza, J.R., Bossuat, J.P., Hubaux, J.P.: Multiparty homomorphic encryption from ring-learning-with-errors. PETS 2021, 291–311 (2021)

    MATH  Google Scholar 

  44. Murshed, M.G.S., Murphy, C., Hou, D., Khan, N., Ananthanarayanan, G., Hussain, F.: Machine learning at the network edge: a survey. ACM Comput. Surv. 54(8), 1–37 (2021). https://doi.org/10.1145/3469029

    Article  Google Scholar 

  45. Paszke, A., et al.: Automatic differentiation in PyTorch. In: 31st Conference on Neural Information Processing Systems (NIPS 2017) (2017)

    Google Scholar 

  46. Patra, A., Suresh, A.: BLAZE: blazing fast privacy-preserving machine learning. In: NDSS (2020)

    Google Scholar 

  47. Ran, R., Wang, W., Gang, Q., Yin, J., Xu, N., Wen, W.: CryptoGCN: fast and scalable homomorphically encrypted graph convolutional network inference. In: Oh, A.H., Agarwal, A., Belgrave, D., Cho, K. (eds.) Advances in Neural Information Processing Systems (2022). https://openreview.net/forum?id=VeQBBm1MmTZ

  48. Rathee, D., et al.: CrypTFlow2: practical 2-party secure inference. In: ACM CCS, pp. 325–342 (2020)

    Google Scholar 

  49. Riazi, M.S., Samragh, M., Chen, H., Laine, K., Lauter, K.E., Koushanfar, F.: XONN: XNOR-based oblivious deep neural network inference. In: USENIX Security (2019)

    Google Scholar 

  50. Rohloff, K.: The PALISADE lattice cryptography library (2018). https://git.njit.edu/palisade/PALISADE

  51. Sav, S., Bossuat, J.P., Troncoso-Pastoriza, J.R., Claassen, M., Hubaux, J.P.: Privacy-preserving federated neural network learning for disease-associated cell classification. Patterns 3(5) (2022). https://doi.org/10.1016/j.patter.2022.100487

  52. Sav, S., Diaa, A., Pyrgelis, A., Bossuat, J.P., Hubaux, J.P.: Privacy-preserving federated recurrent neural networks. CoRR abs/2207.13947 (2022). https://arxiv.org/abs/2207.13947

  53. Sav, S., et al.: POSEIDON: privacy-preserving federated neural network learning. In: Network and Distributed System Security Symposium (NDSS) (2021)

    Google Scholar 

  54. Microsoft SEAL (release 3.3) (2023). https://github.com/Microsoft/SEAL. Accessed 01 Jan 2023

  55. Sim, S.H., Paranjpe, T., Roberts, N., Zhao, M.: Exploring edge machine learning-based stress prediction using wearable devices. In: 2022 21st IEEE International Conference on Machine Learning and Applications (ICMLA), pp. 1266–1273 (2022). https://doi.org/10.1109/ICMLA55696.2022.00203

  56. Watson Machine Learning (2023). https://cloud.ibm.com/catalog/services/watson-machine-learning. Accessed 01 Jan 2023

  57. Xu, G., et al.: Hercules: boosting the performance of privacy-preserving federated learning. IEEE Trans. Dependable Secure Comput. 1–18 (2022). https://doi.org/10.1109/TDSC.2022.3218793

Download references

Author information

Authors and Affiliations

  1. EPFL, 1015, Lausanne, Switzerland

    Francesco Intoci, Sinem Sav, Apostolos Pyrgelis & Jean-Pierre Hubaux

  2. Tune Insight SA, 1015, Lausanne, Switzerland

    Jean-Philippe Bossuat, Juan Ramón Troncoso-Pastoriza & Jean-Pierre Hubaux

Authors
  1. Francesco Intoci
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sinem Sav
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Apostolos Pyrgelis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jean-Philippe Bossuat
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Juan Ramón Troncoso-Pastoriza
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Jean-Pierre Hubaux
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Francesco Intoci .

Editor information

Editors and Affiliations

  1. Singapore University of Technology and Design, Singapore, Singapore

    Jianying Zhou

  2. Radboud University Nijmegen, Nijmegen, The Netherlands

    Lejla Batina

  3. Shandong University of Science and Technology, Qingdao, China

    Zengpeng Li

  4. University of Science and Technology of China, Hefei, China

    Jingqiang Lin

  5. University of Padua, Padua, Italy

    Eleonora Losiouk

  6. Concordia University, Montreal, QC, Canada

    Suryadipta Majumdar

  7. Illinois at Singapore Pte Ltd., Singapore, Singapore

    Daisuke Mashima

  8. Technical University Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  9. Radboud University Nijmegen, Nijmegen, The Netherlands

    Stjepan Picek

  10. Florida International University, Miami, FL, USA

    Mohammad Ashiqur Rahman

  11. Zhejiang Gongshang University, Hangzhou, China

    Jun Shao

  12. SECOM Co., Ltd., University of Tsukuba, Tokyo / Ibaraki, Japan

    Masaki Shimaoka

  13. Royal Holloway University of London, Egham, UK

    Ezekiel Soremekun

  14. University of Aizu, Aizuwakamatsu, Fukushima, Japan

    Chunhua Su

  15. Universiti Sains Malaysia, Gelugor, Malaysia

    Je Sen Teh

  16. University of Luxembourg, Esch-sur-Alzette, Luxembourg

    Aleksei Udovenko

  17. City University of Hong Kong, Hong Kong, Hong Kong

    Cong Wang

  18. Griffith University, Southport, QLD, Australia

    Leo Zhang

  19. Delft University of Technology, Delft, The Netherlands

    Yury Zhauniarovich

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Intoci, F., Sav, S., Pyrgelis, A., Bossuat, JP., Troncoso-Pastoriza, J.R., Hubaux, JP. (2023). slytHErin: An Agile Framework for Encrypted Deep Neural Network Inference. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2023. Lecture Notes in Computer Science, vol 13907. Springer, Cham. https://doi.org/10.1007/978-3-031-41181-6_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-41181-6_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-41180-9

  • Online ISBN: 978-3-031-41181-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation