A Privacy-Preserving Machine Learning Framework for Edge Intelligence: An Empirical Analysis

TL;DR

This paper evaluates three privacy-preserving machine learning approaches—Differential Privacy, Secure Multi-party Computation, and Fully Homomorphic Encryption—in edge intelligence, analyzing their impact on performance and privacy.

Contribution

It provides an empirical analysis of the trade-offs between privacy, accuracy, and efficiency for these PPML methods in edge applications.

Findings

Differential Privacy maintains throughput and latency close to plaintext but reduces accuracy with complex models.

Increasing network bandwidth reduces latency for SMC significantly.

FHE incurs about 1000 times higher response time than DP, highly sensitive to model parameters.

Abstract

As Edge Intelligence (EI) becomes increasingly prevalent in domains such as smart healthcare, manufacturing, and critical infrastructure, ensuring data privacy while maintaining system efficiency is a growing challenge. This paper presents a new privacy-preserving machine learning (PPML) framework tailored for EI applications, including a four-layer system architecture and training and inference algorithms. We focus on three leading approaches: Differential Privacy (DP), Secure Multi-party Computation (SMC), and Fully Homomorphic Encryption (FHE), and assess their impact on key performance metrics, including model accuracy, response time, and energy consumption. Results from real implementation and extensive trace-based simulations of inference tasks show that DP generally preserves throughput and latency close to plaintext baselines, while accuracy drops with model complexity (up to 35 percent on AlexNet and under 18 percent on LeNet for FordA). SMC performance is driven by communication; network bandwidth and round complexity determine end-to-end latency. For AlexNet, increasing link capacity from 250 Mbps to 500 Mbps reduces latency by about 30 percent. FHE is highly sensitive to model structure and numerical precision bit width, with tighter parameters imposing substantial compute overhead; we observe roughly a 1000 times increase in response time compared to DP. Beyond efficiency, DP shifts the privacy-utility-extractability frontier by reducing the attacker's data efficiency in black-box model stealing, whereas SMC and FHE, while protecting inputs and parameters during inference, require complementary output controls to achieve similar resistance to extraction. These findings provide critical insights into the trade-offs between privacy, performance, and resource efficiency in edge computing scenarios.