SSNet: A Lightweight Multi-Party Computation Scheme for Practical Privacy-Preserving Machine Learning Service in the Cloud

TL;DR

SSNet tackles privacy-preserving ML in cloud MLaaS by replacing additive secret sharing with Shamir's secret sharing to enable scalable, robust MPC for DNN inference. It introduces a complete set of SSS primitives, degree reduction, and re-randomization, plus masking-based non-linear operations and truncation, enabling efficient secure DL across arbitrary party counts including five-party setups. Experimental results on AWS show 3x–14x speedups and significant communication reductions compared to state-of-the-art MPC frameworks, along with GPU acceleration and WAN evaluations. The work offers practical pathways to deploy privacy-preserving ML in real-world cloud services, while maintaining strong security under semi-honest assumptions and detailing design choices that balance efficiency and correctness.

Abstract

As privacy-preserving becomes a pivotal aspect of deep learning (DL) development, multi-party computation (MPC) has gained prominence for its efficiency and strong security. However, the practice of current MPC frameworks is limited, especially when dealing with large neural networks, exemplified by the prolonged execution time of 25.8 seconds for secure inference on ResNet-152. The primary challenge lies in the reliance of current MPC approaches on additive secret sharing, which incurs significant communication overhead with non-linear operations such as comparisons. Furthermore, additive sharing suffers from poor scalability on party size. In contrast, the evolving landscape of MPC necessitates accommodating a larger number of compute parties and ensuring robust performance against malicious activities or computational failures. In light of these challenges, we propose SSNet, which for the first time, employs Shamir's secret sharing (SSS) as the backbone of MPC-based ML framework. We meticulously develop all framework primitives and operations for secure DL models tailored to seamlessly integrate with the SSS scheme. SSNet demonstrates the ability to scale up party numbers straightforwardly and embeds strategies to authenticate the computation correctness without incurring significant performance overhead. Additionally, SSNet introduces masking strategies designed to reduce communication overhead associated with non-linear operations. We conduct comprehensive experimental evaluations on commercial cloud computing infrastructure from Amazon AWS, as well as across diverse prevalent DNN models and datasets. SSNet demonstrates a substantial performance boost, achieving speed-ups ranging from 3x to 14x compared to SOTA MPC frameworks. Moreover, SSNet also represents the first framework that is evaluated on a five-party computation setup, in the context of secure DL inference.

Figures (9)

• Figure 1: A numerical example for the SSS degree reduction ($\mathsf{RED}$) and re-randomization ($\mathsf{RERAND}$), which computing the multiplication of $a_0=2$ and $b_0=3$. We assume 3 parties in the MPC with $(2,3)$-SSS scheme. Out of brevity, we set the finite field as $\mathbb{F}_{11}$, containing integers $[0,10]$.
• Figure 2: The dataflow for SSNet framework.
• Figure 3: The SSS operations in our SSNet framework. We take a $(2,3)$-SSS scheme as an example. Note that the passive party with slash pattern means it is optional, based on the subsequent SSS operation. As denotation, comp. is for computation, and comm. is for communication.
• Figure 4: The communication under different operation arrangements and SSS schemes, assuming the data size is $N$. We use RP (ReLU+Pooling) and R (ReLU) to represent the two kinds of NonLi (NonLinear) operations. For Pooling, assume the kernel size is $2\times2$.
• Figure 5: The execution time of SSNet frameworks on selected benchmarks, regarding pure CPU computing, partial-GPU accelerating, and full-GPU accelerating. Time is in log scale. M--MNIST, TI--Tiny ImageNet, I--ImageNet.