HDLock: Exploiting Privileged Encoding to Protect Hyperdimensional Computing Models against IP Stealing
Shijin Duan, Shaolei Ren, and Xiaolin Xu
TL;DR
This paper identifies a vulnerability in Hyperdimensional Computing models that allows reverse engineering and proposes HDLock, a defense mechanism that significantly increases attack complexity with minimal latency overhead.
Contribution
The paper introduces HDLock, a novel encoding strategy that enhances HDC model security against IP theft without sacrificing accuracy.
Findings
HDLock increases adversarial reasoning complexity by 10 orders of magnitude.
HDLock adds only 21% latency overhead.
The defense maintains inference accuracy while improving security.
Abstract
Hyperdimensional Computing (HDC) is facing infringement issues due to straightforward computations. This work, for the first time, raises a critical vulnerability of HDC, an attacker can reverse engineer the entire model, only requiring the unindexed hypervector memory. To mitigate this attack, we propose a defense strategy, namely HDLock, which significantly increases the reasoning cost of encoding. Specifically, HDLock adds extra feature hypervector combination and permutation in the encoding module. Compared to the standard HDC model, a two-layer-key HDLock can increase the adversarial reasoning complexity by 10 order of magnitudes without inference accuracy loss, with only 21% latency overhead.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsFerroelectric and Negative Capacitance Devices · Physical Unclonable Functions (PUFs) and Hardware Security · Security and Verification in Computing