[Resource Topic] 2018/442: SecureNN: Efficient and Private Neural Network Training

Welcome to the resource topic for 2018/442

SecureNN: Efficient and Private Neural Network Training

Authors: Sameer Wagh, Divya Gupta, Nishanth Chandran


Neural Networks (NN) provide a powerful method for machine learning training and inference. To effectively train, it is desirable for multiple parties to combine their data – however, doing so conflicts with data privacy. In this work, we provide novel three-party secure computation protocols for various NN building blocks such as matrix multiplication, convolutions, Rectified Linear Units, Maxpool, normalization and so on. This enables us to construct three-party secure protocols for training and inference of several NN architectures such that no single party learns any information about the data. Experimentally, we implement our system over Amazon EC2 servers in different settings. \ Our work advances the state-of-the-art of secure computation for neural networks in three ways: \begin{enumerate} \item Scalability: We are the first work to provide neural network training on Convolutional Neural Networks (CNNs) that have an accuracy of >99\% on the MNIST dataset; \item Performance: For secure inference, our system outperforms prior 2 and 3-server works (SecureML, MiniONN, Chameleon, Gazelle) by 6\times-113\times (with larger gains obtained in more complex networks). Our total execution times are 2-4\times faster than even just the online times of these works. For secure training, compared to the only prior work (SecureML) that considered a much smaller fully connected network, our protocols are 79\times and 7\times faster than their 2 and 3-server protocols. In the WAN setting, these improvements are more dramatic and we obtain an improvement of 553\times! \item Security: Our protocols provide two kinds of security: full security (privacy and correctness) against one semi-honest corruption and the notion of privacy against one malicious corruption [Araki~\etal~CCS’16]. All prior works only provide semi-honest security and ours is the first system to provide any security against malicious adversaries for the secure computation of complex algorithms such as neural network inference and training. \end{enumerate} Our gains come from a significant improvement in communication through the elimination of expensive garbled circuits and oblivious transfer protocols.

ePrint: https://eprint.iacr.org/2018/442

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .