PCIR: Privacy-Preserving Convolutional Neural Network Inference With Rapid Responsiveness

IF 1.8 4区计算机科学 Q3 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Computational Intelligence Pub Date : 2025-02-25 DOI:10.1111/coin.70030

Jinguo Li, Yan Yan, Kai Zhang, Chunlin Li, Peichun Yuan

{"title":"PCIR: Privacy-Preserving Convolutional Neural Network Inference With Rapid Responsiveness","authors":"Jinguo Li, Yan Yan, Kai Zhang, Chunlin Li, Peichun Yuan","doi":"10.1111/coin.70030","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>Several companies leverage trained convolutional neural networks (CNNs) to offer predictive services to users. These companies capitalize on CNNs' superior performance in image processing tasks, such as autonomous driving or face recognition. To safeguard data privacy and model parameters, various algorithms have been proposed. Most of them are predominantly designed using secure multi-party computation (MPC) or hardware-assisted solutions. However, certain limitations persist. First, MPC-based approaches (e.g., garbled circuits, homomorphic encryption) fail to meet rapid responsiveness requirements. Additionally, hardware-assisted solutions impose extra burdens to realize secure inference tasks. The primary reasons for these shortcomings can be summarized as follows: (1) high computation and communication delays are introduced by heavy cryptographic operations during the online phase. (2) Additional overhead for sharing triples. In this article, we propose PCIR, a secure protocol for privacy-preserving convolutional neural network inference (PCIR). PCIR aims to address the aforementioned issues based on a pre-shared secret sharing mechanism. It can achieve rapid responses to user requirements and preserve privacy of data and model for the following reasons: (1) it circumvents computationally expensive operations, such as an operation for permuting plaintext slots, which runs 56 times slower than a homomorphic addition operation, and 34 times slower than a homomorphic multiplication operation. (2) Computational operations, such as homomorphic additions or multiplications, are conducted during the pre-computation phase. It can significantly reduce the online computing costs. (3) PCIR conducts secure multiplication based on pre-shared secret shares. It results in much lower communication and computation costs compared with the use of multiplicative triples. Finally, we evaluate PCIR with benchmark neural networks trained on the MNIST and CIFAR-10 datasets. The results have shown that PCIR requires <span></span><math>\n <semantics>\n <mrow>\n <mn>1</mn>\n <mo>.</mo>\n <mn>3</mn>\n <mo>×</mo>\n <mo>−</mo>\n <mn>3</mn>\n <mo>.</mo>\n <mn>7</mn>\n <mo>×</mo>\n </mrow>\n <annotation>$$ 1.3\\times -3.7\\times $$</annotation>\n </semantics></math> less time and <span></span><math>\n <semantics>\n <mrow>\n <mn>1</mn>\n <mo>.</mo>\n <mn>1</mn>\n <mo>×</mo>\n <mo>−</mo>\n <mn>12</mn>\n <mo>.</mo>\n <mn>3</mn>\n <mo>×</mo>\n </mrow>\n <annotation>$$ 1.1\\times -12.3\\times $$</annotation>\n </semantics></math> less communication cost than previous methodologies.</p>\n </div>","PeriodicalId":55228,"journal":{"name":"Computational Intelligence","volume":"41 2","pages":""},"PeriodicalIF":1.8000,"publicationDate":"2025-02-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computational Intelligence","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1111/coin.70030","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Several companies leverage trained convolutional neural networks (CNNs) to offer predictive services to users. These companies capitalize on CNNs' superior performance in image processing tasks, such as autonomous driving or face recognition. To safeguard data privacy and model parameters, various algorithms have been proposed. Most of them are predominantly designed using secure multi-party computation (MPC) or hardware-assisted solutions. However, certain limitations persist. First, MPC-based approaches (e.g., garbled circuits, homomorphic encryption) fail to meet rapid responsiveness requirements. Additionally, hardware-assisted solutions impose extra burdens to realize secure inference tasks. The primary reasons for these shortcomings can be summarized as follows: (1) high computation and communication delays are introduced by heavy cryptographic operations during the online phase. (2) Additional overhead for sharing triples. In this article, we propose PCIR, a secure protocol for privacy-preserving convolutional neural network inference (PCIR). PCIR aims to address the aforementioned issues based on a pre-shared secret sharing mechanism. It can achieve rapid responses to user requirements and preserve privacy of data and model for the following reasons: (1) it circumvents computationally expensive operations, such as an operation for permuting plaintext slots, which runs 56 times slower than a homomorphic addition operation, and 34 times slower than a homomorphic multiplication operation. (2) Computational operations, such as homomorphic additions or multiplications, are conducted during the pre-computation phase. It can significantly reduce the online computing costs. (3) PCIR conducts secure multiplication based on pre-shared secret shares. It results in much lower communication and computation costs compared with the use of multiplicative triples. Finally, we evaluate PCIR with benchmark neural networks trained on the MNIST and CIFAR-10 datasets. The results have shown that PCIR requires $1.3 \times - 3.7 \times$ less time and $1.1 \times - 12.3 \times$ less communication cost than previous methodologies.

查看原文本刊更多论文

PCIR：具有快速响应性的隐私保护卷积神经网络推理

一些公司利用训练有素的卷积神经网络（cnn）为用户提供预测服务。这些公司利用cnn在自动驾驶或人脸识别等图像处理任务上的卓越表现。为了保护数据隐私和模型参数，提出了各种算法。它们中的大多数主要使用安全多方计算（MPC）或硬件辅助解决方案进行设计。然而，某些限制仍然存在。首先，基于mpc的方法（例如，乱码电路，同态加密）不能满足快速响应的要求。此外，硬件辅助解决方案为实现安全推理任务增加了额外的负担。这些缺点的主要原因可以概括为：(1)在线阶段大量的加密操作带来了高计算和通信延迟。(2)共享三元组的额外开销。在本文中，我们提出了一种用于保护隐私的卷积神经网络推理（PCIR）的安全协议PCIR。PCIR旨在基于预共享的秘密共享机制解决上述问题。它可以实现对用户需求的快速响应，并保护数据和模型的隐私性，原因如下：(1)它避免了计算成本高的操作，例如明文槽置换操作，其运行速度比同态加法操作慢56倍，比同态乘法操作慢34倍。(2)计算操作，如同态加法或乘法，在预计算阶段进行。它可以显著降低在线计算成本。(3) PCIR基于预共享的秘密共享进行安全乘法。与使用乘法三元组相比，它的通信和计算成本要低得多。最后，我们使用在MNIST和CIFAR-10数据集上训练的基准神经网络来评估PCIR。结果表明，PCIR需要1。3 ×−3。7 × $$ 1.3\times -3.7\times $$少时间和1。1 ×−12。3 × $$ 1.1\times -12.3\times $$比以前的方法减少了通信成本。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computational Intelligence 工程技术-计算机：人工智能

CiteScore

6.90

自引率

3.60%

发文量

审稿时长

>12 weeks

期刊介绍： This leading international journal promotes and stimulates research in the field of artificial intelligence (AI). Covering a wide range of issues - from the tools and languages of AI to its philosophical implications - Computational Intelligence provides a vigorous forum for the publication of both experimental and theoretical research, as well as surveys and impact studies. The journal is designed to meet the needs of a wide range of AI workers in academic and industrial research.