Efficient and High-Accuracy Private CNN Inference with Helper-Assisted Malicious Security

TL;DR

This paper introduces a private CNN inference framework under malicious security that achieves high efficiency and near-plaintext accuracy by co-designing cryptographic protocols, model training, and leveraging helper-assisted MPC.

Contribution

It presents a novel HA-MSDM-based framework with optimized protocols and training strategies for accurate, efficient private CNN inference in malicious settings.

Findings

Achieves 2.3--6.8× speedup in LAN and 1.3--5.6× in WAN over existing methods.

Maintains accuracy within 0.5% of plaintext models.

Designs round-efficient protocols independent of polynomial degree.

Abstract

Machine Learning as a Service (MLaaS) exposes sensitive client data to service providers. Private inference mitigates this risk while preserving model functionality. Despite extensive progress in MPC-based solutions, they remain constrained by a fundamental three-way tension among strong security, efficiency, and model accuracy. This challenge is particularly acute under the malicious dishonest majority (MSDM) setting, where prior work either incurs high communication overhead or suffers non-negligible accuracy loss due to polynomial approximations of nonlinear functions. Although the helper-assisted MSDM (HA-MSDM) model improves efficiency and fairness, it lacks a dedicated design for accurate and efficient neural network inference. In this work, we present an HA-MSDM-based private CNN inference framework that simultaneously achieves high efficiency and near-plaintext accuracy through a co-design of cryptographic primitives, MPC protocols, and model training. Specifically, we (i) extend authenticated sharing to rings to enable efficient fixed-point computation, (ii) design constant-round protocols for multiplication and polynomial evaluation, with round complexity independent of the polynomial degree, and (iii) introduce a training strategy that recovers the expressiveness of polynomial models via knowledge distillation and warm initialization. Experiments demonstrate 2.3--6.8$\times$ speedup in LAN and 1.3--5.6$\times$ in WAN over state-of-the-art MSDM frameworks, while achieving accuracy within 0.5\% of ReLU-based plaintext models.