Deep neural networks have a wide range of applications across multiple domains such as computer vision and medicine. In many cases, the input of a model at inference time can consist of sensitive user data, which raises questions concerning the levels of privacy and trust guaranteed by such services. Much existing work has leveraged homomorphic encryption (HE) schemes that enable computation on encrypted data to achieve private inference for multi-layer perceptrons and CNNs. An early work along this direction was CryptoNets, which takes 250 seconds for one MNIST inference. The main limitation of such approaches is that of compute, which is due to the costly nature of the NTT (number theoretic transform)operations that constitute HE operations. Others have proposed the use of model pruning and efficient data representations to reduce the number of HE operations required. In this paper, we focus on improving upon existing work by proposing changes to the representations of intermediate tensors during CNN inference. We construct and evaluate private CNNs on the MNIST and CIFAR-10 datasets, and achieve over a two-fold reduction in the number of operations used for inferences of the CryptoNets architecture.
翻译:深神经网络在计算机视觉和医学等多个领域有着广泛的应用。在许多情况下,在推断时间输入模型时,输入的模型可能包含敏感的用户数据,这就引起了关于这些服务所保障的隐私和信任程度的问题。许多现有工作都利用了同质加密(HE)计划,使计算加密数据能够实现多层感应器和CNN的私人推断。沿着这个方向早期的工作是加密网络,它需要250秒的时间进行一个MNIST推理。这类方法的主要局限是计算,这是由于NTT(数字变换)操作的费用高昂,因此构成HE业务的NTT(数字变换)操作费用高昂。其他人建议使用模型调整和有效的数据表示方式来减少需要的HE操作数量。在本文件中,我们侧重于改进现有工作,在CNN的推理过程中提出对中间电母体表示的修改。我们建造和评价关于MNIST和CIFAR-10数据集的私人CNNIS, 并且使用于CREP结构的操作数量减少两倍以上。