Efficient Privacy-Preserving Inference Outsourcing for Convolutional Neural Networks

Abstract

Inference outsourcing enables model owners to deploy their machine learning models on cloud servers to serve users. In this paradigm, the privacy of model owners and users should be considered. Existing solutions focus on Convolutional Neural Networks (CNNs) but their efficiency is much lower than GALA, which is a solution that only protects user privacy. Furthermore, these solutions adopt approximations that reduce the model accuracy and thus require model owners to retrain the models. In this paper, we present an efficient CNN inference outsourcing solution that protects the privacy of both model owners and users. Specifically, we design secure two-party computation protocols based on two non-colluding cloud servers, which calculate with additive secret shares of the model and the user’s input. Our protocols avoid the expensive permutation operations in linear calculations and approximations in non-linear calculations. We implement our solution on realistic CNNs and experimental results show that our solution is even 2–4 times faster than GALA.