Towards Practical Privacy-Preserving Solution for Outsourced Neural Network Inference

TL;DR

This paper introduces a practical framework combining leveled homomorphic encryption and trusted execution environments to enable secure neural network inference outsourcing among untrusted parties, improving scalability and performance.

Contribution

It presents a novel integration of LHE and TEE for secure inference, along with an efficient LHE-based inference scheme, enhancing practicality over existing solutions.

Findings

The proposed system is more scalable to various settings.

It demonstrates better performance than state-of-the-art LHE solutions.

The implementation shows practical applicability on moderate platforms.

Abstract

When neural network model and data are outsourced to cloud server for inference, it is desired to preserve the confidentiality of model and data as the involved parties (i.e., cloud server, model providing client and data providing client) may not trust mutually. Solutions were proposed based on multi-party computation, trusted execution environment (TEE) and leveled or fully homomorphic encryption (LHE/FHE), but their limitations hamper practical application. We propose a new framework based on synergistic integration of LHE and TEE, which enables collaboration among mutually-untrusted three parties, while minimizing the involvement of (relatively) resource-constrained TEE and allowing the full utilization of the untrusted but more resource-rich part of server. We also propose a generic and efficient LHE-based inference scheme as an important performance-determining component of the framework. We implemented/evaluated the proposed system on a moderate platform and show that, our proposed scheme is more applicable/scalable to various settings, and has better performance, compared to the state-of-the-art LHE-based solutions.