Private Inference in Quantized Models

TL;DR

This paper introduces privacy-preserving schemes for inference in quantized models, leveraging information-theoretic methods to balance user and server privacy while maintaining model accuracy.

Contribution

It proposes novel schemes for private inference in quantized models, addressing privacy tradeoffs with an information-theoretic framework.

Findings

Effective privacy-accuracy tradeoff schemes

Robust privacy guarantees for both user and server

Applicable to a wide range of machine learning models

Abstract

A typical setup in many machine learning scenarios involves a server that holds a model and a user that possesses data, and the challenge is to perform inference while safeguarding the privacy of both parties. Private Inference has been extensively explored in recent years, mainly from a cryptographic standpoint via techniques like homomorphic encryption and multiparty computation. These approaches often come with high computational overhead and may degrade the accuracy of the model. In our work, we take a different approach inspired by the Private Information Retrieval literature. We view private inference as the task of retrieving inner products of parameter vectors with the data, a fundamental operation in many machine learning models. We introduce schemes that enable such retrieval of inner products for models with quantized (i.e., restricted to a finite set) weights; such models are extensively used in practice due to a wide range of benefits. In addition, our schemes uncover a fundamental tradeoff between user and server privacy. Our information-theoretic approach is applicable to a wide range of problems and robust in privacy guarantees for both the user and the server.