TL;DR
CrypTFlow is a system that converts TensorFlow inference code into secure multi-party computation protocols, enabling privacy-preserving neural network inference with practical performance on real-world models.
Contribution
It introduces Athos, Porthos, and Aramis, a set of components that enable converting TensorFlow to secure MPC protocols with malicious security guarantees using hardware integrity.
Findings
Secure inference of ResNet50 and DenseNet121 on ImageNet in about 30 seconds (semi-honest) and under two minutes (malicious).
CrypTFlow outperforms prior work on small datasets like MNIST and CIFAR.
System maintains inference accuracy comparable to plaintext TensorFlow.
Abstract
We present CrypTFlow, a first of its kind system that converts TensorFlow inference code into Secure Multi-party Computation (MPC) protocols at the push of a button. To do this, we build three components. Our first component, Athos, is an end-to-end compiler from TensorFlow to a variety of semi-honest MPC protocols. The second component, Porthos, is an improved semi-honest 3-party protocol that provides significant speedups for TensorFlow like applications. Finally, to provide malicious secure MPC protocols, our third component, Aramis, is a novel technique that uses hardware with integrity guarantees to convert any semi-honest MPC protocol into an MPC protocol that provides malicious security. The malicious security of the protocols output by Aramis relies on integrity of the hardware and semi-honest security of MPC. Moreover, our system matches the inference accuracy of plaintext…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
