Private Inference in Quantized Models

IF 2.2 3区计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Transactions on Information Theory Pub Date : 2025-02-20 DOI:10.1109/TIT.2025.3543908

Zirui Deng;Vinayak Ramkumar;Rawad Bitar;Netanel Raviv

{"title":"Private Inference in Quantized Models","authors":"Zirui Deng;Vinayak Ramkumar;Rawad Bitar;Netanel Raviv","doi":"10.1109/TIT.2025.3543908","DOIUrl":null,"url":null,"abstract":"A typical setup in many machine learning scenarios involves a server that holds a model and a user that possesses data, and the challenge is to perform inference while safeguarding the privacy of both parties. <italic>Private Inference</i> has been extensively explored in recent years, mainly from a cryptographic standpoint via techniques like homomorphic encryption and multiparty computation. These approaches often come with high computational overhead and may degrade the accuracy of the model. In our work, we take a different approach inspired by the <italic>Private Information Retrieval</i> literature. We view private inference as the task of retrieving inner products of parameter vectors with the data, a fundamental operation in many machine learning models. We introduce schemes that enable such retrieval of inner products for models with <italic>quantized</i> (i.e., restricted to a finite set) weights; such models are extensively used in practice due to a wide range of benefits. In addition, our schemes uncover a fundamental tradeoff between user and server privacy. Our information-theoretic approach is applicable to a wide range of problems and robust in privacy guarantees for both the user and the server.","PeriodicalId":13494,"journal":{"name":"IEEE Transactions on Information Theory","volume":"71 5","pages":"3957-3973"},"PeriodicalIF":2.2000,"publicationDate":"2025-02-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Information Theory","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10896693/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

A typical setup in many machine learning scenarios involves a server that holds a model and a user that possesses data, and the challenge is to perform inference while safeguarding the privacy of both parties. Private Inference has been extensively explored in recent years, mainly from a cryptographic standpoint via techniques like homomorphic encryption and multiparty computation. These approaches often come with high computational overhead and may degrade the accuracy of the model. In our work, we take a different approach inspired by the Private Information Retrieval literature. We view private inference as the task of retrieving inner products of parameter vectors with the data, a fundamental operation in many machine learning models. We introduce schemes that enable such retrieval of inner products for models with quantized (i.e., restricted to a finite set) weights; such models are extensively used in practice due to a wide range of benefits. In addition, our schemes uncover a fundamental tradeoff between user and server privacy. Our information-theoretic approach is applicable to a wide range of problems and robust in privacy guarantees for both the user and the server.

查看原文本刊更多论文

量化模型中的私有推理

在许多机器学习场景中，典型的设置包括一个保存模型的服务器和一个拥有数据的用户，挑战是在保护双方隐私的同时执行推理。近年来，私有推理已经得到了广泛的探索，主要是从密码学的角度出发，通过同态加密和多方计算等技术。这些方法通常会带来很高的计算开销，并可能降低模型的准确性。在我们的工作中，我们采用了一种受私人信息检索文献启发的不同方法。我们将私有推理视为检索参数向量与数据的内积的任务，这是许多机器学习模型中的基本操作。我们引入了一些方案，使具有量化（即限制于有限集）权重的模型能够检索内积；由于具有广泛的优点，这些模型在实践中得到了广泛的应用。此外，我们的方案揭示了用户和服务器隐私之间的基本权衡。我们的信息理论方法适用于广泛的问题，并且在用户和服务器的隐私保证方面都很健壮。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Information Theory 工程技术-工程：电子与电气

CiteScore

5.70

自引率

20.00%

发文量

514

审稿时长

12 months

期刊介绍： The IEEE Transactions on Information Theory is a journal that publishes theoretical and experimental papers concerned with the transmission, processing, and utilization of information. The boundaries of acceptable subject matter are intentionally not sharply delimited. Rather, it is hoped that as the focus of research activity changes, a flexible policy will permit this Transactions to follow suit. Current appropriate topics are best reflected by recent Tables of Contents; they are summarized in the titles of editorial areas that appear on the inside front cover.