Accelerating 2PC-based ML with Limited Trusted Hardware

TL;DR

Otak is a system that accelerates privacy-preserving machine learning inference by combining optimized two-party computation protocols with limited trusted hardware, significantly reducing resource overhead and trust assumptions.

Contribution

It introduces a novel 2PC protocol tailored for ML inference that leverages limited trusted hardware to improve efficiency and reduce trust assumptions.

Findings

CPU and network overhead reduced by up to 385 times compared to prior work.

Trusted hardware code size is significantly smaller, 14.6 to 29.2 times less than previous solutions.

Otak achieves substantial cost savings in resource usage for privacy-preserving ML inference.

Abstract

This paper describes the design, implementation, and evaluation of Otak, a system that allows two non-colluding cloud providers to run machine learning (ML) inference without knowing the inputs to inference. Prior work for this problem mostly relies on advanced cryptography such as two-party secure computation (2PC) protocols that provide rigorous guarantees but suffer from high resource overhead. Otak improves efficiency via a new 2PC protocol that (i) tailors recent primitives such as function and homomorphic secret sharing to ML inference, and (ii) uses trusted hardware in a limited capacity to bootstrap the protocol. At the same time, Otak reduces trust assumptions on trusted hardware by running a small code inside the hardware, restricting its use to a preprocessing step, and distributing trust over heterogeneous trusted hardware platforms from different vendors. An implementation and evaluation of Otak demonstrates that its CPU and network overhead converted to a dollar amount is 5.4$-$385$\times$ lower than state-of-the-art 2PC-based works. Besides, Otak's trusted computing base (code inside trusted hardware) is only 1,300 lines of code, which is 14.6$-$29.2$\times$ lower than the code-size in prior trusted hardware-based works.