Abstract
Privacy-preserving machine learning (PPML) solutions are gaining widespread popularity. Among these, many rely on homomorphic encryption (HE) that offers confidentiality of the model and the data, but at the cost of large latency and memory requirements. Pruning neural network (NN) parameters improves latency and memory in plaintext ML but has little impact if directly applied to HE-based PPML. We introduce a framework called HE-PEx that comprises new pruning methods, on top of a packing technique called tile tensors, for reducing the latency and memory of PPML inference. HE-PEx uses permutations to prune additional ciphertexts, and expansion to recover inference loss. We demonstrate the effectiveness of our methods for pruning fully-connected and convolutional layers in NNs on PPML tasks, namely, image compression, denoising, and classification, with autoencoders, multilayer perceptrons (MLPs) and convolutional neural networks (CNNs). We implement and deploy our networks atop a framework called HElayers, which shows a 10–35% improvement in inference speed and a 17–35% decrease in memory requirement over the unpruned network, corresponding to 33–65% fewer ciphertexts, within a 2.5% degradation in inference accuracy over the unpruned network. Compared to the state-of-the-art pruning technique for PPML, our techniques generate networks with 70% fewer ciphertexts, on average, for the same degradation limit.
Original language | English |
---|---|
Title of host publication | Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, The Hague, The Netherlands, September 25–29, 2023, Proceedings |
Editors | Gene Tsudik, Mauro Conti, Kaitai Liang, Georgios Smaragdakis |
Publisher | Springer Science and Business Media Deutschland GmbH |
Pages | 204-225 |
Number of pages | 22 |
ISBN (Print) | 9783031514814 |
DOIs | |
State | Published - 2024 |
Externally published | Yes |
Event | 28th European Symposium on Research in Computer Security, ESORICS 2023 - The Hague, Netherlands Duration: 25 Sep 2023 → 29 Sep 2023 |
Publication series
Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Volume | 14347 LNCS |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | 28th European Symposium on Research in Computer Security, ESORICS 2023 |
---|---|
Country/Territory | Netherlands |
City | The Hague |
Period | 25/09/23 → 29/09/23 |
Bibliographical note
Publisher Copyright:© 2024, The Author(s), under exclusive license to Springer Nature Switzerland AG.
Keywords
- Homomorphic encryption
- Machine learning
- Neural networks
- Privacy-preserving computation
- Pruning
- Tile tensors
ASJC Scopus subject areas
- Theoretical Computer Science
- General Computer Science