Rotation-Equivariant Neural Networks for Privacy Protection

TL;DR

This paper introduces rotation-equivariant neural networks (RENNs) that obfuscate input data through rotation of d-ary features, providing privacy protection with minimal accuracy loss and lower computational cost compared to homomorphic encryption.

Contribution

The paper proposes a novel RENN framework that enhances input privacy by using rotation of d-ary features, offering a lightweight alternative to homomorphic encryption.

Findings

RENNs effectively hide input information even if network parameters are exposed.

Output accuracy of RENNs only slightly decreases compared to traditional neural networks.

RENNs require significantly less computation than homomorphic encryption methods.

Abstract

In order to prevent leaking input information from intermediate-layer features, this paper proposes a method to revise the traditional neural network into the rotation-equivariant neural network (RENN). Compared to the traditional neural network, the RENN uses d-ary vectors/tensors as features, in which each element is a d-ary number. These d-ary features can be rotated (analogous to the rotation of a d-dimensional vector) with a random angle as the encryption process. Input information is hidden in this target phase of d-ary features for attribute obfuscation. Even if attackers have obtained network parameters and intermediate-layer features, they cannot extract input information without knowing the target phase. Hence, the input privacy can be effectively protected by the RENN. Besides, the output accuracy of RENNs only degrades mildly compared to traditional neural networks, and the computational cost is significantly less than the homomorphic encryption.