Efficient and Verifiable Privacy-Preserving Convolutional Computation for CNN Inference with Untrusted Clouds

TL;DR

This paper introduces a new verifiable privacy-preserving scheme for CNN inference that significantly improves efficiency and maintains accuracy when offloading computations to untrusted cloud servers.

Contribution

It presents a novel scheme enabling efficient encryption, decryption, and verification for CNN convolutional layers, addressing efficiency bottlenecks of existing privacy-preserving methods.

Findings

Achieves 26x to 87x speedup over plaintext models.

Maintains CNN accuracy with privacy guarantees.

Effective verification mechanism with high success probability.

Abstract

The widespread adoption of convolutional neural networks (CNNs) in resource-constrained scenarios has driven the development of Machine Learning as a Service (MLaaS) system. However, this approach is susceptible to privacy leakage, as the data sent from the client to the untrusted cloud server often contains sensitive information. Existing CNN privacy-preserving schemes, while effective in ensuring data confidentiality through homomorphic encryption and secret sharing, face efficiency bottlenecks, particularly in convolution operations. In this paper, we propose a novel verifiable privacy-preserving scheme tailored for CNN convolutional layers. Our scheme enables efficient encryption and decryption, allowing resource-constrained clients to securely offload computations to the untrusted cloud server. Additionally, we present a verification mechanism capable of detecting the correctness of the results with a success probability of at least $1-\frac{1}{\left|Z\right|}$. Extensive experiments conducted on 10 datasets and various CNN models demonstrate that our scheme achieves speedups ranging $26 \times$ ~ $\ 87\times$ compared to the original plaintext model while maintaining accuracy.