A Methodology for Training Homomorphic Encryption Friendly Neural Networks

Moran Baruch; Nir Drucker; Lev Greenberg; Guy Moshkowich

doi:10.1007/978-3-031-16815-4_29

A Methodology for Training Homomorphic Encryption Friendly Neural Networks

Moran Baruch, Nir Drucker, Lev Greenberg, Guy Moshkowich

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Privacy-preserving deep neural network (DNN) inference is a necessity in different regulated industries such as healthcare, finance, and retail. Recently, homomorphic encryption (HE) has been used as a method to enable analytics while addressing privacy concerns. HE enables secure predictions over encrypted data. However, there are several challenges related to the use of HE, including DNN size limitations and the lack of support for some operation types. Most notably, the commonly used ReLU activation is not supported under some HE schemes. We propose a structured methodology to replace ReLU with a quadratic polynomial activation. To address the accuracy degradation issue, we use a pre-trained model that trains another HE-friendly model, using techniques such as ‘trainable activation’ functions and knowledge distillation. We demonstrate our methodology on the AlexNet architecture, using the chest X-Ray and CT datasets for COVID-19 detection. Experiments using our approach reduced the gap between the F₁ score and accuracy of the models trained with ReLU and the HE-friendly model to within a mere 0.32–5.3% degradation. We also demonstrate our methodology using the SqueezeNet architecture, for which we observed 7% accuracy and F₁ improvements over training similar networks with other HE-friendly training methods.

Original language	English
Title of host publication	Applied Cryptography and Network Security Workshops - ACNS 2022 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, SiMLA, Proceedings
Editors	Jianying Zhou, Sudipta Chattopadhyay, Sridhar Adepu, Cristina Alcaraz, Lejla Batina, Emiliano Casalicchio, Chenglu Jin, Jingqiang Lin, Eleonora Losiouk, Suryadipta Majumdar, Weizhi Meng, Stjepan Picek, Yury Zhauniarovich, Jun Shao, Chunhua Su, Cong Wang, Saman Zonouz
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	536-553
Number of pages	18
ISBN (Print)	9783031168147
DOIs	https://doi.org/10.1007/978-3-031-16815-4_29
State	Published - 2022
Externally published	Yes
Event	Satellite Workshops on AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, SiMLA 2022, held in conjunction with the 20th International Conference on Applied Cryptography and Network Security, ACNS 2022 - Virtual, Online Duration: 20 Jun 2022 → 23 Jun 2022

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13285 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	Satellite Workshops on AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, SiMLA 2022, held in conjunction with the 20th International Conference on Applied Cryptography and Network Security, ACNS 2022
City	Virtual, Online
Period	20/06/22 → 23/06/22

Bibliographical note

Publisher Copyright:
© 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.

Keywords

AlexNet
Deep learning
DNN training
HE-friendly neural networks
Homomorphic encryption
SqueezeNet

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-031-16815-4_29

Cite this

Baruch, M., Drucker, N., Greenberg, L., & Moshkowich, G. (2022). A Methodology for Training Homomorphic Encryption Friendly Neural Networks. In J. Zhou, S. Chattopadhyay, S. Adepu, C. Alcaraz, L. Batina, E. Casalicchio, C. Jin, J. Lin, E. Losiouk, S. Majumdar, W. Meng, S. Picek, Y. Zhauniarovich, J. Shao, C. Su, C. Wang, & S. Zonouz (Eds.), Applied Cryptography and Network Security Workshops - ACNS 2022 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, SiMLA, Proceedings (pp. 536-553). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13285 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-16815-4_29

Baruch, Moran ; Drucker, Nir ; Greenberg, Lev et al. / A Methodology for Training Homomorphic Encryption Friendly Neural Networks. Applied Cryptography and Network Security Workshops - ACNS 2022 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, SiMLA, Proceedings. editor / Jianying Zhou ; Sudipta Chattopadhyay ; Sridhar Adepu ; Cristina Alcaraz ; Lejla Batina ; Emiliano Casalicchio ; Chenglu Jin ; Jingqiang Lin ; Eleonora Losiouk ; Suryadipta Majumdar ; Weizhi Meng ; Stjepan Picek ; Yury Zhauniarovich ; Jun Shao ; Chunhua Su ; Cong Wang ; Saman Zonouz. Springer Science and Business Media Deutschland GmbH, 2022. pp. 536-553 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{31b2d97a66184cc59d4afb8c28ea8aa1,

title = "A Methodology for Training Homomorphic Encryption Friendly Neural Networks",

abstract = "Privacy-preserving deep neural network (DNN) inference is a necessity in different regulated industries such as healthcare, finance, and retail. Recently, homomorphic encryption (HE) has been used as a method to enable analytics while addressing privacy concerns. HE enables secure predictions over encrypted data. However, there are several challenges related to the use of HE, including DNN size limitations and the lack of support for some operation types. Most notably, the commonly used ReLU activation is not supported under some HE schemes. We propose a structured methodology to replace ReLU with a quadratic polynomial activation. To address the accuracy degradation issue, we use a pre-trained model that trains another HE-friendly model, using techniques such as {\textquoteleft}trainable activation{\textquoteright} functions and knowledge distillation. We demonstrate our methodology on the AlexNet architecture, using the chest X-Ray and CT datasets for COVID-19 detection. Experiments using our approach reduced the gap between the F1 score and accuracy of the models trained with ReLU and the HE-friendly model to within a mere 0.32–5.3% degradation. We also demonstrate our methodology using the SqueezeNet architecture, for which we observed 7% accuracy and F1 improvements over training similar networks with other HE-friendly training methods.",

keywords = "AlexNet, Deep learning, DNN training, HE-friendly neural networks, Homomorphic encryption, SqueezeNet",

author = "Moran Baruch and Nir Drucker and Lev Greenberg and Guy Moshkowich",

note = "Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.; Satellite Workshops on AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, SiMLA 2022, held in conjunction with the 20th International Conference on Applied Cryptography and Network Security, ACNS 2022 ; Conference date: 20-06-2022 Through 23-06-2022",

year = "2022",

doi = "10.1007/978-3-031-16815-4_29",

language = "English",

isbn = "9783031168147",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "536--553",

editor = "Jianying Zhou and Sudipta Chattopadhyay and Sridhar Adepu and Cristina Alcaraz and Lejla Batina and Emiliano Casalicchio and Chenglu Jin and Jingqiang Lin and Eleonora Losiouk and Suryadipta Majumdar and Weizhi Meng and Stjepan Picek and Yury Zhauniarovich and Jun Shao and Chunhua Su and Cong Wang and Saman Zonouz",

booktitle = "Applied Cryptography and Network Security Workshops - ACNS 2022 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, SiMLA, Proceedings",

address = "Germany",

}

Baruch, M, Drucker, N, Greenberg, L & Moshkowich, G 2022, A Methodology for Training Homomorphic Encryption Friendly Neural Networks. in J Zhou, S Chattopadhyay, S Adepu, C Alcaraz, L Batina, E Casalicchio, C Jin, J Lin, E Losiouk, S Majumdar, W Meng, S Picek, Y Zhauniarovich, J Shao, C Su, C Wang & S Zonouz (eds), Applied Cryptography and Network Security Workshops - ACNS 2022 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, SiMLA, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13285 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 536-553, Satellite Workshops on AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, SiMLA 2022, held in conjunction with the 20th International Conference on Applied Cryptography and Network Security, ACNS 2022, Virtual, Online, 20/06/22. https://doi.org/10.1007/978-3-031-16815-4_29

A Methodology for Training Homomorphic Encryption Friendly Neural Networks. / Baruch, Moran; Drucker, Nir; Greenberg, Lev et al.
Applied Cryptography and Network Security Workshops - ACNS 2022 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, SiMLA, Proceedings. ed. / Jianying Zhou; Sudipta Chattopadhyay; Sridhar Adepu; Cristina Alcaraz; Lejla Batina; Emiliano Casalicchio; Chenglu Jin; Jingqiang Lin; Eleonora Losiouk; Suryadipta Majumdar; Weizhi Meng; Stjepan Picek; Yury Zhauniarovich; Jun Shao; Chunhua Su; Cong Wang; Saman Zonouz. Springer Science and Business Media Deutschland GmbH, 2022. p. 536-553 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13285 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A Methodology for Training Homomorphic Encryption Friendly Neural Networks

AU - Baruch, Moran

AU - Drucker, Nir

AU - Greenberg, Lev

AU - Moshkowich, Guy

PY - 2022

Y1 - 2022

N2 - Privacy-preserving deep neural network (DNN) inference is a necessity in different regulated industries such as healthcare, finance, and retail. Recently, homomorphic encryption (HE) has been used as a method to enable analytics while addressing privacy concerns. HE enables secure predictions over encrypted data. However, there are several challenges related to the use of HE, including DNN size limitations and the lack of support for some operation types. Most notably, the commonly used ReLU activation is not supported under some HE schemes. We propose a structured methodology to replace ReLU with a quadratic polynomial activation. To address the accuracy degradation issue, we use a pre-trained model that trains another HE-friendly model, using techniques such as ‘trainable activation’ functions and knowledge distillation. We demonstrate our methodology on the AlexNet architecture, using the chest X-Ray and CT datasets for COVID-19 detection. Experiments using our approach reduced the gap between the F1 score and accuracy of the models trained with ReLU and the HE-friendly model to within a mere 0.32–5.3% degradation. We also demonstrate our methodology using the SqueezeNet architecture, for which we observed 7% accuracy and F1 improvements over training similar networks with other HE-friendly training methods.

AB - Privacy-preserving deep neural network (DNN) inference is a necessity in different regulated industries such as healthcare, finance, and retail. Recently, homomorphic encryption (HE) has been used as a method to enable analytics while addressing privacy concerns. HE enables secure predictions over encrypted data. However, there are several challenges related to the use of HE, including DNN size limitations and the lack of support for some operation types. Most notably, the commonly used ReLU activation is not supported under some HE schemes. We propose a structured methodology to replace ReLU with a quadratic polynomial activation. To address the accuracy degradation issue, we use a pre-trained model that trains another HE-friendly model, using techniques such as ‘trainable activation’ functions and knowledge distillation. We demonstrate our methodology on the AlexNet architecture, using the chest X-Ray and CT datasets for COVID-19 detection. Experiments using our approach reduced the gap between the F1 score and accuracy of the models trained with ReLU and the HE-friendly model to within a mere 0.32–5.3% degradation. We also demonstrate our methodology using the SqueezeNet architecture, for which we observed 7% accuracy and F1 improvements over training similar networks with other HE-friendly training methods.

KW - AlexNet

KW - Deep learning

KW - DNN training

KW - HE-friendly neural networks

KW - Homomorphic encryption

KW - SqueezeNet

UR - http://www.scopus.com/inward/record.url?scp=85140436849&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-16815-4_29

DO - 10.1007/978-3-031-16815-4_29

M3 - Conference contribution

AN - SCOPUS:85140436849

SN - 9783031168147

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 536

EP - 553

BT - Applied Cryptography and Network Security Workshops - ACNS 2022 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, SiMLA, Proceedings

A2 - Zhou, Jianying

A2 - Chattopadhyay, Sudipta

A2 - Adepu, Sridhar

A2 - Alcaraz, Cristina

A2 - Batina, Lejla

A2 - Casalicchio, Emiliano

A2 - Jin, Chenglu

A2 - Lin, Jingqiang

A2 - Losiouk, Eleonora

A2 - Majumdar, Suryadipta

A2 - Meng, Weizhi

A2 - Picek, Stjepan

A2 - Zhauniarovich, Yury

A2 - Shao, Jun

A2 - Su, Chunhua

A2 - Wang, Cong

A2 - Zonouz, Saman

PB - Springer Science and Business Media Deutschland GmbH

T2 - Satellite Workshops on AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, SiMLA 2022, held in conjunction with the 20th International Conference on Applied Cryptography and Network Security, ACNS 2022

Y2 - 20 June 2022 through 23 June 2022

ER -

Baruch M, Drucker N, Greenberg L, Moshkowich G. A Methodology for Training Homomorphic Encryption Friendly Neural Networks. In Zhou J, Chattopadhyay S, Adepu S, Alcaraz C, Batina L, Casalicchio E, Jin C, Lin J, Losiouk E, Majumdar S, Meng W, Picek S, Zhauniarovich Y, Shao J, Su C, Wang C, Zonouz S, editors, Applied Cryptography and Network Security Workshops - ACNS 2022 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, SiMLA, Proceedings. Springer Science and Business Media Deutschland GmbH. 2022. p. 536-553. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-16815-4_29