TY - GEN
T1 - SecureBiNN
T2 - 27th European Symposium on Research in Computer Security, ESORICS 2022
AU - Zhu, Wenxing
AU - Wei, Mengqi
AU - Li, Xiangxue
AU - Li, Qiang
N1 - Publisher Copyright:
© 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2022
Y1 - 2022
N2 - The paper proposes SecureBiNN, a novel three-party secure computation framework for evaluating privacy-preserving binarized neural network (BiNN) in semi-honest adversary setting. In SecureBiNN, three participants hold input data and model parameters in secret sharing form, and execute secure computations to obtain secret shares of prediction result without disclosing their input data, model parameters and the prediction result. SecureBiNN performs linear operations in a computation-efficient and communication-free way. For non-linear operations, we provide novel secure methods for evaluating activation function, maxpooling layers, and batch normalization layers in BiNN. Communication overhead is significantly minimized comparing to previous work like XONN and Falcon. We implement SecureBiNN with tensorflow and the experiments show that using the Fitnet structure, SecureBiNN achieves on CIFAR-10 dataset an accuracy of 81.5%, with communication cost of 16.609MB and runtime of 0.527s/3.447s in the LAN/WAN settings. More evaluations on real-world datasets are also performed and other concrete comparisons with state-of-the-art are presented as well.
AB - The paper proposes SecureBiNN, a novel three-party secure computation framework for evaluating privacy-preserving binarized neural network (BiNN) in semi-honest adversary setting. In SecureBiNN, three participants hold input data and model parameters in secret sharing form, and execute secure computations to obtain secret shares of prediction result without disclosing their input data, model parameters and the prediction result. SecureBiNN performs linear operations in a computation-efficient and communication-free way. For non-linear operations, we provide novel secure methods for evaluating activation function, maxpooling layers, and batch normalization layers in BiNN. Communication overhead is significantly minimized comparing to previous work like XONN and Falcon. We implement SecureBiNN with tensorflow and the experiments show that using the Fitnet structure, SecureBiNN achieves on CIFAR-10 dataset an accuracy of 81.5%, with communication cost of 16.609MB and runtime of 0.527s/3.447s in the LAN/WAN settings. More evaluations on real-world datasets are also performed and other concrete comparisons with state-of-the-art are presented as well.
KW - Binarized neural network
KW - Privacy-preserving machine learning
KW - Secure multi-party computation
UR - https://www.scopus.com/pages/publications/85140743544
U2 - 10.1007/978-3-031-17143-7_14
DO - 10.1007/978-3-031-17143-7_14
M3 - 会议稿件
AN - SCOPUS:85140743544
SN - 9783031171420
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 275
EP - 294
BT - Computer Security – ESORICS 2022 - 27th European Symposium on Research in Computer Security, Proceedings
A2 - Atluri, Vijayalakshmi
A2 - Di Pietro, Roberto
A2 - Jensen, Christian D.
A2 - Meng, Weizhi
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 26 September 2022 through 30 September 2022
ER -