Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Bi-CryptoNets: Leveraging Different-Level Privacy for Encrypted Inference

Man-Jie Yuan, Zheng Zou, Wei Gao

TL;DR

Bi-CryptoNets introduce a dual-branch privacy framework that partitions input data into sensitive and insensitive regions, applying strong homomorphic encryption to the sensitive portion while perturbing the rest. The plaintext and ciphertext branches operate in parallel and exchange information through unidirectional connections and a two-layer feature integration to achieve accurate inference with reduced HE workload. A feature-based knowledge distillation approach aligns the two branches with a teacher network trained on full inputs, boosting performance. Empirical results on MNIST, CIFAR-10, and CIFAR-100 demonstrate significant latency reductions and competitive accuracy compared to full-input private nets, indicating practical viability for low-latency, privacy-preserving inference in MLaaS contexts.

Abstract

Privacy-preserving neural networks have attracted increasing attention in recent years, and various algorithms have been developed to keep the balance between accuracy, computational complexity and information security from the cryptographic view. This work takes a different view from the input data and structure of neural networks. We decompose the input data (e.g., some images) into sensitive and insensitive segments according to importance and privacy. The sensitive segment includes some important and private information such as human faces and we take strong homomorphic encryption to keep security, whereas the insensitive one contains some background and we add perturbations. We propose the bi-CryptoNets, i.e., plaintext and ciphertext branches, to deal with two segments, respectively, and ciphertext branch could utilize the information from plaintext branch by unidirectional connections. We adopt knowledge distillation for our bi-CryptoNets by transferring representations from a well-trained teacher neural network. Empirical studies show the effectiveness and decrease of inference latency for our bi-CryptoNets.

Bi-CryptoNets: Leveraging Different-Level Privacy for Encrypted Inference

TL;DR

Bi-CryptoNets introduce a dual-branch privacy framework that partitions input data into sensitive and insensitive regions, applying strong homomorphic encryption to the sensitive portion while perturbing the rest. The plaintext and ciphertext branches operate in parallel and exchange information through unidirectional connections and a two-layer feature integration to achieve accurate inference with reduced HE workload. A feature-based knowledge distillation approach aligns the two branches with a teacher network trained on full inputs, boosting performance. Empirical results on MNIST, CIFAR-10, and CIFAR-100 demonstrate significant latency reductions and competitive accuracy compared to full-input private nets, indicating practical viability for low-latency, privacy-preserving inference in MLaaS contexts.

Abstract

Privacy-preserving neural networks have attracted increasing attention in recent years, and various algorithms have been developed to keep the balance between accuracy, computational complexity and information security from the cryptographic view. This work takes a different view from the input data and structure of neural networks. We decompose the input data (e.g., some images) into sensitive and insensitive segments according to importance and privacy. The sensitive segment includes some important and private information such as human faces and we take strong homomorphic encryption to keep security, whereas the insensitive one contains some background and we add perturbations. We propose the bi-CryptoNets, i.e., plaintext and ciphertext branches, to deal with two segments, respectively, and ciphertext branch could utilize the information from plaintext branch by unidirectional connections. We adopt knowledge distillation for our bi-CryptoNets by transferring representations from a well-trained teacher neural network. Empirical studies show the effectiveness and decrease of inference latency for our bi-CryptoNets.
Paper Structure (19 sections, 14 equations, 12 figures, 6 tables)

This paper contains 19 sections, 14 equations, 12 figures, 6 tables.

Table of Contents

  1. Introduction
  2. Relevant Work
  3. Our bi-CryptoNets
  4. The bi-branch of neural network
  5. The unidirectional connections
  6. The feature integration
  7. Knowledge Distillation for bi-CryptoNets
  8. Experiments
  9. Conclusion
  10. CKKS Scheme
  11. Experiment Details
  12. Datasets.
  13. Parameter settings.
  14. State-of-the-art privacy-preserving neural networks.
  15. Network Architectures
  16. ...and 4 more sections

Figures (12)

  • Figure 1: An illustration for input data (e.g., some images), which consists of two segments with different importance and privacy.
  • Figure 2: Counts of HE multiplications and activations for decomposed and entire image.
  • Figure 3: The fast spread of ciphertext via CNN layers.
  • Figure 4: The overview of our proposed bi-CryptoNets, where grey layers are computed with encrypted inputs, and other layers are computed with plaintext inputs.
  • Figure 5: The overview of our feature-based knowledge distillation.
  • ...and 7 more figures