CrypTFlow: Secure TensorFlow Inference

Kumar, Nishant; Rathee, Mayank; Chandran, Nishanth; Gupta, Divya; Rastogi, Aseem; Sharma, Rahul

doi:10.1109/sp40000.2020.00092

Cited by 148 publications

(157 citation statements)

References 58 publications

Supporting

Mentioning

149

Contrasting

Unclassified

Order By: Relevance

“…The MPC protocols for text classification with CNNs that we use in this paper, are very similar to existing MPC protocols for image classification with CNNs (Agrawal et al, 2019;Dalskov et al, 2020;Juvekar et al, 2018;Kumar et al, 2020;Mishra et al, 2020). The main distinguishing aspect is that image classification is based on 2-dimensional (2D) CNNs, while for text classification it is common to use 1-dimensional (1D) CNNs in which the filters move in only one direction.…”

Section: Introductionmentioning

confidence: 72%

Supervised Morphological Segmentation Using Rich Annotated Lexicon

Ansari

Žabokrtský²,

Mahmoudi

et al. 2019

Proceedings - Natural Language Processing in a Deep Learning World

View full text Add to dashboard Cite

Morphological segmentation of words is the process of dividing a word into smaller units called morphemes; it is tricky especially when a morphologically rich or polysynthetic language is under question. In this work, we designed and evaluated several Recurrent Neural Network (RNN) based models as well as various other machine learning based approaches for the morphological segmentation task. We trained our models using annotated segmentation lexicons. To evaluate the effect of the training data size on our models, we decided to create a large hand-annotated morphologically segmented corpus of Persian words, which is, to the best of our knowledge, the first and the only segmentation lexicon for the Persian language. In the experimental phase, using the hand-annotated Persian lexicon and two smaller similar lexicons for Czech and Finnish languages, we evaluated the effect of the training data size, different hyperparameters settings as well as different RNN-based models.

show abstract

Section: Introductionmentioning

confidence: 72%

Supervised Morphological Segmentation Using Rich Annotated Lexicon

Ansari

Žabokrtský²,

Mahmoudi

et al. 2019

Proceedings - Natural Language Processing in a Deep Learning World

View full text Add to dashboard Cite

show abstract

“…Furthermore, GALA's deep optimization of the HE-based linear computation can be integrated as a plug-and-play module into these systems to further improve their overall efficiency. For example, GALA can serve as a computing module in the privacy-preserved DL platforms, MP2ML [12] and CrypTFlow [41], which are compatible with the user-friendly TensorFlow [6] DL framework. Our experiments show that GALA achieves a significant speedup up to 700× for the dot product and 14× for the convolution computation under various data dimensions.…”

Section: At the Same Time CImentioning

confidence: 99%

“…In addition, Differential Privacy (DP) [60], [7], [53] and Secure Enclave (SE) [45], [51], [10], [75] are also explored to protect data security and privacy in neural networks. In order to deal with different properties of linearity (weighted sum and convolution functions) and nonlinearity (activation and pooling functions) in neural network computations, several efforts have been made to orchestrate multiple cryptographic techniques to achieve better performance [74], [43], [38], [48], [56], [44], [76], [18], [73], [47], [71], [16], [12], [41], [54], [46]. Among them, the schemes with HE-based linear computations and GC-based nonlinear computations (called the HE-GC neural network framework hereafter) demonstrate superior performance [43], [38], [44], [46].…”

Section: Introductionmentioning

confidence: 99%

GALA: Greedy ComputAtion for Linear Algebra in Privacy-Preserved Neural Networks

Zhang

Xin

2021

Proceedings 2021 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Machine Learning as a Service (MLaaS) is enabling a wide range of smart applications on end devices. However, privacy still remains a fundamental challenge. The schemes that exploit Homomorphic Encryption (HE)-based linear computations and Garbled Circuit (GC)-based nonlinear computations have demonstrated superior performance to enable privacypreserved MLaaS. Nevertheless, there is still a significant gap in the computation speed. Our investigation has found that the HE-based linear computation dominates the total computation time for state-of-the-art deep neural networks. Furthermore, the most time-consuming component of the HE-based linear computation is a series of Permutation (Perm) operations that are imperative for dot product and convolution in privacy-preserved MLaaS. This work focuses on a deep optimization of the HEbased linear computations to minimize the Perm operations, thus substantially reducing the overall computation time. To this end, we propose GALA: Greedy computAtion for Linear Algebra in privacy-preserved neural networks, which views the HE-based linear computation as a series of Homomorphic Add, Mult and Perm operations and chooses the least expensive operation in each linear computation step to reduce the overall cost. GALA makes the following contributions: (1) It introduces a row-wise weight matrix encoding and combines the share generation that is needed for the GC-based nonlinear computation, to reduce the Perm operations for the dot product; (2) It designs a first-Add-second-Perm approach (named kernel grouping) to reduce Perm operations for convolution. As such, GALA efficiently reduces the cost for the HE-based linear computation, which is a critical building block in almost all of the recent frameworks for privacy-preserved neural networks, including GAZELLE (Usenix Security'18), DELPHI (Usenix Security'20), and CrypTFlow2 (CCS'20). With its deep optimization of the HE-based linear computation, GALA can be a plug-and-play module integrated into these systems to further boost their efficiency. Our experiments show that it achieves a significant speedup up to 700× for the dot product and 14× for the convolution computation under different data dimensions. Meanwhile, GALA demonstrates an encouraging runtime boost by 2.5×,

show abstract

“…It is worth mentioning that, malicious adversary model [40] is a stronger threat model where the adversary is able to launch an attack actively to break secure multiparty computation (MPC) protocols. Although there are some general techniques [40], [41] to convert any semi-honest secure MPC protocol into a secure MPC protocol against malicious attacks, these methods introduce a large amount of overhead or the trusted computing base. Designing tailored MPC protocols under the malicious adversary model for the double cloud auctions is an interesting research direction, and we leave this as future work.…”

Section: B Threat Model and Design Goalsmentioning

confidence: 99%

A Secure and Fair Double Auction Framework for Cloud Virtual Machines

et al. 2021

View full text Add to dashboard Cite

Double auction is one of the most promising solutions to allocate virtual machine (VM) resources in two-sided cloud markets, which can increase the utilization rate of VM resources. However, most cloud auction mechanisms simply assume that the auctioneer is fully trusted while ignoring bidprivacy preservation and trade fairness in the process of auction. Previous studies have indicated that some cryptographic tools can be used to resolve the above issues, but the poor performance makes those techniques difficult to practice. In this paper, we propose a Secure and Fair Double AuCtion framework (named SF-DAC) for cloud virtual machines, which performs cloud auction efficiently while guaranteeing both bid privacy and trade fairness. We design secure 3-party computation protocols that support secure comparison and secure sorting, which enable us to construct a secure double auction scheme that outperforms all prior comparable solutions. Furthermore, we propose a fair trading mechanism based on smart contracts to prevent the bidders from halting the auction without financial penalties. The extensive experiments demonstrate that SF-DAC achieves an order of magnitude reduction in computation and communication costs than prior arts.INDEX TERMS Privacy preservation, secure double cloud auction, secure three-party protocol, trade fairness.

show abstract

CrypTFlow: Secure TensorFlow Inference

Cited by 148 publications

References 58 publications

Supervised Morphological Segmentation Using Rich Annotated Lexicon

Supervised Morphological Segmentation Using Rich Annotated Lexicon

GALA: Greedy ComputAtion for Linear Algebra in Privacy-Preserved Neural Networks

A Secure and Fair Double Auction Framework for Cloud Virtual Machines

Contact Info

Product

Resources

About