Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

CBNN: 3-Party Secure Framework for Customized Binary Neural Networks Inference

Benchang Dong, Zhili Chen, Xin Chen, Shiwen Wei, Jie Fu, Huifa Li

TL;DR

CBNN tackles the challenge of private and efficient inference for binarized neural networks by designing a three-party secure computation framework where data, model, and a helper collaborate to evaluate customized BNNs without leaking inputs or weights. The approach converts standard BNNs into MPC-friendly models using knowledge distillation and separable convolutions, paired with RSS-based secret sharing and a novel MSB-extraction activation to minimize non-linear protocol overhead. It introduces secure primitives, including a 3-party OT protocol and fixed-point truncation, plus BN/activation fusion and maxpooling optimizations to reduce rounds and communication. Experimental results on MNIST and CIFAR-10 demonstrate competitive accuracy with lower communication and latency in both LAN and WAN settings, highlighting CBNN’s practical impact for privacy-preserving machine learning on real workloads.

Abstract

Binarized Neural Networks (BNN) offer efficient implementations for machine learning tasks and facilitate Privacy-Preserving Machine Learning (PPML) by simplifying operations with binary values. Nevertheless, challenges persist in terms of communication and accuracy in their application scenarios. In this work, we introduce CBNN, a three-party secure computation framework tailored for efficient BNN inference. Leveraging knowledge distillation and separable convolutions, CBNN transforms standard BNNs into MPC-friendly customized BNNs, maintaining high utility. It performs secure inference using optimized protocols for basic operations. Specifically, CBNN enhances linear operations with replicated secret sharing and MPC-friendly convolutions, while introducing a novel secure activation function to optimize non-linear operations. We demonstrate the effectiveness of CBNN by transforming and securely implementing several typical BNN models. Experimental results indicate that CBNN maintains impressive performance even after customized binarization and security measures

CBNN: 3-Party Secure Framework for Customized Binary Neural Networks Inference

TL;DR

CBNN tackles the challenge of private and efficient inference for binarized neural networks by designing a three-party secure computation framework where data, model, and a helper collaborate to evaluate customized BNNs without leaking inputs or weights. The approach converts standard BNNs into MPC-friendly models using knowledge distillation and separable convolutions, paired with RSS-based secret sharing and a novel MSB-extraction activation to minimize non-linear protocol overhead. It introduces secure primitives, including a 3-party OT protocol and fixed-point truncation, plus BN/activation fusion and maxpooling optimizations to reduce rounds and communication. Experimental results on MNIST and CIFAR-10 demonstrate competitive accuracy with lower communication and latency in both LAN and WAN settings, highlighting CBNN’s practical impact for privacy-preserving machine learning on real workloads.

Abstract

Binarized Neural Networks (BNN) offer efficient implementations for machine learning tasks and facilitate Privacy-Preserving Machine Learning (PPML) by simplifying operations with binary values. Nevertheless, challenges persist in terms of communication and accuracy in their application scenarios. In this work, we introduce CBNN, a three-party secure computation framework tailored for efficient BNN inference. Leveraging knowledge distillation and separable convolutions, CBNN transforms standard BNNs into MPC-friendly customized BNNs, maintaining high utility. It performs secure inference using optimized protocols for basic operations. Specifically, CBNN enhances linear operations with replicated secret sharing and MPC-friendly convolutions, while introducing a novel secure activation function to optimize non-linear operations. We demonstrate the effectiveness of CBNN by transforming and securely implementing several typical BNN models. Experimental results indicate that CBNN maintains impressive performance even after customized binarization and security measures

Paper Structure

This paper contains 19 sections, 11 equations, 6 figures, 4 tables, 5 algorithms.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. Binarized Neural Networks
  4. Knowledge Distillation
  5. Replicated Secret Sharing
  6. Oblivious Transfer
  7. The CBNN Framework
  8. Customized Binary Neural Networks
  9. Basic Primitives For Secure Inference
  10. Linear Operations
  11. Activation Function
  12. Batch Normalization
  13. Maxpooling
  14. Experiments
  15. Evaluation on MNIST
  16. ...and 4 more sections

Figures (6)

  • Figure 1: Knowledge distillation setup involves a teacher network that boasts high precision and a student network that operates as a low-precision binary network.
  • Figure 2: The architecture of CBNN, including the BNN customization method and secure inference protocols with basic primitives.
  • Figure 3: Workflow of MPC-friendly convolution. MPC-friendly convolution is implemented by Separable convolution, which consists of two steps, namely, Depthwise Convolution and Pointwise Convolution.
  • Figure 4: Example of mixed protocol between the activation layer and maxpooling layer.
  • Figure 5: Comparison of validation accuracy and training cost between typical BNNs and customized BNNs on the MNIST dataset. OriNets refer to the typically trained networks utilizing the architectures of MnistNets.
  • ...and 1 more figures