TY - GEN
T1 - FSSiBNN
T2 - 29th European Symposium on Research in Computer Security, ESORICS 2024
AU - Yang, Peng
AU - Jiang, Zoe Lin
AU - Zhuang, Jiehang
AU - Fang, Junbin
AU - Yiu, Siu Ming
AU - Wang, Xuan
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.
PY - 2024
Y1 - 2024
N2 - Neural network inference as a service enables a cloud server to provide inference services to clients. To ensure the privacy of both the cloud server’s model and the client’s data, secure neural network inference is essential. Binarized neural networks (BNNs), which use binary weights and activations, are often employed to accelerate inference. However, achieving secure BNN inference with secure multi-party computation (MPC) is challenging because MPC protocols cannot directly operate on values of different bitwidths and require bitwidth conversion. Existing bitwidth conversion schemes expand the bitwidths of weights and activations, leading to significant communication overhead. To address these challenges, we propose FSSiBNN, a secure BNN inference framework featuring free bitwidth conversion based on function secret sharing (FSS). By leveraging FSS, which supports arbitrary input and output bitwidths, we introduce a bitwidth-reduced parameter encoding scheme. This scheme seamlessly integrates bitwidth conversion into FSS-based secure binary activation and max pooling protocols, thereby eliminating the additional communication overhead. Additionally, we enhance communication efficiency by combining and converting multiple BNN layers into fewer matrix multiplication and comparison operations. We precompute matrix multiplication tuples for matrix multiplication and FSS keys for comparison during the offline phase, enabling constant-round online inference. In our experiments, we evaluated various datasets and models, comparing our results with state-of-the-art frameworks. Compared with the two-party framework XONN (USENIX Security ’19), FSSiBNN achieves approximately 7× faster inference times and reduces communication overhead by about 577×. Compared with the three-party frameworks SecureBiNN (ESORICS ’22) and FLEXBNN (TIFS ’23), FSSiBNN is approximately 2.5× faster in inference time and reduces communication overhead by 1.3× to 16.4×.
AB - Neural network inference as a service enables a cloud server to provide inference services to clients. To ensure the privacy of both the cloud server’s model and the client’s data, secure neural network inference is essential. Binarized neural networks (BNNs), which use binary weights and activations, are often employed to accelerate inference. However, achieving secure BNN inference with secure multi-party computation (MPC) is challenging because MPC protocols cannot directly operate on values of different bitwidths and require bitwidth conversion. Existing bitwidth conversion schemes expand the bitwidths of weights and activations, leading to significant communication overhead. To address these challenges, we propose FSSiBNN, a secure BNN inference framework featuring free bitwidth conversion based on function secret sharing (FSS). By leveraging FSS, which supports arbitrary input and output bitwidths, we introduce a bitwidth-reduced parameter encoding scheme. This scheme seamlessly integrates bitwidth conversion into FSS-based secure binary activation and max pooling protocols, thereby eliminating the additional communication overhead. Additionally, we enhance communication efficiency by combining and converting multiple BNN layers into fewer matrix multiplication and comparison operations. We precompute matrix multiplication tuples for matrix multiplication and FSS keys for comparison during the offline phase, enabling constant-round online inference. In our experiments, we evaluated various datasets and models, comparing our results with state-of-the-art frameworks. Compared with the two-party framework XONN (USENIX Security ’19), FSSiBNN achieves approximately 7× faster inference times and reduces communication overhead by about 577×. Compared with the three-party frameworks SecureBiNN (ESORICS ’22) and FLEXBNN (TIFS ’23), FSSiBNN is approximately 2.5× faster in inference time and reduces communication overhead by 1.3× to 16.4×.
KW - Binarized neural network
KW - Free bitwidth conversion
KW - Function secret sharing
KW - Secure neural network inference
UR - https://www.scopus.com/pages/publications/85204398593
U2 - 10.1007/978-3-031-70879-4_12
DO - 10.1007/978-3-031-70879-4_12
M3 - 会议稿件
AN - SCOPUS:85204398593
SN - 9783031708787
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 229
EP - 250
BT - Computer Security – ESORICS 2024 - 29th European Symposium on Research in Computer Security, Proceedings
A2 - Garcia-Alfaro, Joaquin
A2 - Kozik, Rafał
A2 - Choraś, Michał
A2 - Katsikas, Sokratis
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 16 September 2024 through 20 September 2024
ER -