Complex machine learning (ML) inference algorithms like recurrent neural networks (RNNs) use standard functions from math libraries like exponentiation, sigmoid, tanh, and reciprocal of square root. Although prior work on secure 2-party inference provides specialized protocols for convolutional neural networks (CNNs), existing secure implementations of these math operators rely on generic 2-party computation (2PC) protocols that suffer from high communication. We provide new specialized 2PC protocols for math functions that crucially rely on lookup-tables and mixed-bitwidths to address this performance overhead; our protocols for math functions communicate up to 423x less data than prior work. Some of the mixed bitwidth operations used by our math implementations are (zero and signed) extensions, different forms of truncations, multiplication of operands of mixed-bitwidths, and digit decomposition (a generalization of bit decomposition to larger digits). For each of these primitive operations, we construct specialized 2PC protocols that are more communication efficient than generic 2PC, and can be of independent interest. Furthermore, our math implementations are numerically precise, which ensures that the secure implementations preserve model accuracy of cleartext. We build on top of our novel protocols to build SIRNN, a library for end-to-end secure 2-party DNN inference, that provides the first secure implementations of an RNN operating on time series sensor data, an RNN operating on speech data, and a state-of-the-art ML architecture that combines CNNs and RNNs for identifying all heads present in images. Our evaluation shows that SIRNN achieves up to three orders of magnitude of performance improvement when compared to inference of these models using an existing state-of-the-art 2PC framework.
翻译:复杂的机器学习(ML) 精密算法(LM), 比如经常性神经网络(RNN), 使用数学图书馆的标准功能, 比如推算、 igmomoid、 tanh 和平方根等。 虽然先前关于安全两方推论的工作为进化神经网络提供了专门的协议(CNNs ), 但是这些数学操作员的现有安全执行依赖于受高通信影响的一般两方计算( PC) 协议; 我们为数学功能提供了新的2PC 协议, 关键地依赖于查看表格和混合比比方维特高; 我们的数学功能协议比先前的工作要少423x数据。 我们数学执行过程中使用的混合位维特操作操作程序有些( 零和 签名) 扩展、 混合比方计算(2 PC) 协议的倍增倍, 以及 数字分解( 将部分数据转换为更安全的数据转换到更安全的数字 ) 。 对于这些原始操作的每个运行状态, 我们建成专门的2PC 协议比通用2PC, 并且可以独立运行SNNIR 的运行一个精确的运行模型 。