STAMP: Lightweight TEE-Assisted MPC for Efficient Privacy-Preserving Machine Learning

In this paper, we propose STAMP, an end-to-end 3-party MPC protocol for efficient privacy-preserving machine learning inference assisted by a lightweight TEE (LTEE), which will be far easier to secure and deploy than today's large TEEs. STAMP provides three main advantages over the state-of-the-art; (i) STAMP achieves significant performance improvements compared to state-of-the-art MPC protocols, with only a small \LTEE that is comparable to a discrete security chip such as the Trusted Platform Module (TPM) or on-chip security subsystems in SoCs similar to the Apple enclave processor. In a semi-honest setting with WAN/GPU, STAMP is 4$\times$-63$\times$ faster than Falcon (PoPETs'21) and AriaNN (PoPETs'22) and 3.8$\times$-12$\times$ more communication efficient. We achieve even higher performance improvements in a malicious setting. (ii) STAMP guarantees security with abort against malicious adversaries under honest majority assumption. (iii) STAMP is not limited by the size of secure memory in a TEE and can support high-capacity modern neural networks like ResNet18 and Transformer.