Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Dash: Accelerating Distributed Private Convolutional Neural Network Inference with Arithmetic Garbled Circuits

Jonas Sander, Sebastian Berndt, Ida Bruhns, Thomas Eisenbarth

TL;DR

Dash is presented, a fast and distributed private convolutional neural network inference scheme secure against malicious attackers, based purely on arithmetic garbled circuits, and introduces LabelTensors that allow us to leverage the massive parallelity of modern GPUs.

Abstract

The adoption of machine learning solutions is rapidly increasing across all parts of society. As the models grow larger, both training and inference of machine learning models is increasingly outsourced, e.g. to cloud service providers. This means that potentially sensitive data is processed on untrusted platforms, which bears inherent data security and privacy risks. In this work, we investigate how to protect distributed machine learning systems, focusing on deep convolutional neural networks. The most common and best-performing mixed MPC approaches are based on HE, secret sharing, and garbled circuits. They commonly suffer from large performance overheads, big accuracy losses, and communication overheads that grow linearly in the depth of the neural network. To improve on these problems, we present Dash, a fast and distributed private convolutional neural network inference scheme secure against malicious attackers. Building on arithmetic garbling gadgets [BMR16] and fancy-garbling [BCM+19], Dash is based purely on arithmetic garbled circuits. We introduce LabelTensors that allow us to leverage the massive parallelity of modern GPUs. Combined with state-of-the-art garbling optimizations, Dash outperforms previous garbling approaches up to a factor of about 100. Furthermore, we introduce an efficient scaling operation over the residues of the Chinese remainder theorem representation to arithmetic garbled circuits, which allows us to garble larger networks and achieve much higher accuracy than previous approaches. Finally, Dash requires only a single communication round per inference step, regardless of the depth of the neural network, and a very small constant online communication volume.

Dash: Accelerating Distributed Private Convolutional Neural Network Inference with Arithmetic Garbled Circuits

TL;DR

Dash is presented, a fast and distributed private convolutional neural network inference scheme secure against malicious attackers, based purely on arithmetic garbled circuits, and introduces LabelTensors that allow us to leverage the massive parallelity of modern GPUs.

Abstract

The adoption of machine learning solutions is rapidly increasing across all parts of society. As the models grow larger, both training and inference of machine learning models is increasingly outsourced, e.g. to cloud service providers. This means that potentially sensitive data is processed on untrusted platforms, which bears inherent data security and privacy risks. In this work, we investigate how to protect distributed machine learning systems, focusing on deep convolutional neural networks. The most common and best-performing mixed MPC approaches are based on HE, secret sharing, and garbled circuits. They commonly suffer from large performance overheads, big accuracy losses, and communication overheads that grow linearly in the depth of the neural network. To improve on these problems, we present Dash, a fast and distributed private convolutional neural network inference scheme secure against malicious attackers. Building on arithmetic garbling gadgets [BMR16] and fancy-garbling [BCM+19], Dash is based purely on arithmetic garbled circuits. We introduce LabelTensors that allow us to leverage the massive parallelity of modern GPUs. Combined with state-of-the-art garbling optimizations, Dash outperforms previous garbling approaches up to a factor of about 100. Furthermore, we introduce an efficient scaling operation over the residues of the Chinese remainder theorem representation to arithmetic garbled circuits, which allows us to garble larger networks and achieve much higher accuracy than previous approaches. Finally, Dash requires only a single communication round per inference step, regardless of the depth of the neural network, and a very small constant online communication volume.
Paper Structure (38 sections, 9 figures, 5 tables)

This paper contains 38 sections, 9 figures, 5 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Preliminaries
  4. Neural Networks
  5. Garbled Circuits
  6. Garbled Circuit Optimizations
  7. Arithmetic Garbled Circuits
  8. Sign Gadget
  9. Trusted Execution Environments
  10. Design of Dash
  11. Quantization and Encoding
  12. The Scaling Operation
  13. High-Level Steps
  14. CRT Representation
  15. Garbling
  16. ...and 23 more sections

Figures (9)

  • Figure 1: Visualization of our scaling operation in $\mathbb{Z}_{P_3}$.
  • Figure 2: System-level architecture of Dash.
  • Figure 3: Example workflow of Dash. The first four steps can be pre-computed in an input-independent offline phase. Note that the inference device works on garbled data.
  • Figure 4: C++-interface of Dash
  • Figure 5: Visualization of the LabelTensor approach in Dash. The length $l$ of a label with modul $p_i$ is defined as $l=\left\lfloor 128 / \log_2(p_i)\right\rfloor$, since a longer label can not be packed into a 128bit chunk which is needed in the permutation used for garbling.
  • ...and 4 more figures