Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Preprint |
| Published: |
2025
|
| Subjects: | |
| Online Access: | https://arxiv.org/abs/2507.09607 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1866915946555244544 |
|---|---|
| author | Wang, Kaiwen Chang, Xiaolin Fan, Junchao Dong, Yuehan |
| author_facet | Wang, Kaiwen Chang, Xiaolin Fan, Junchao Dong, Yuehan |
| contents | Machine Learning as a Service (MLaaS) exposes sensitive client data to service providers. Private inference mitigates this risk while preserving model functionality. Despite extensive progress in MPC-based solutions, they remain constrained by a fundamental three-way tension among strong security, efficiency, and model accuracy. This challenge is particularly acute under the malicious dishonest majority (MSDM) setting, where prior work either incurs high communication overhead or suffers non-negligible accuracy loss due to polynomial approximations of nonlinear functions. Although the helper-assisted MSDM (HA-MSDM) model improves efficiency and fairness, it lacks a dedicated design for accurate and efficient neural network inference. In this work, we present an HA-MSDM-based private CNN inference framework that simultaneously achieves high efficiency and near-plaintext accuracy through a co-design of cryptographic primitives, MPC protocols, and model training. Specifically, we (i) extend authenticated sharing to rings to enable efficient fixed-point computation, (ii) design constant-round protocols for multiplication and polynomial evaluation, with round complexity independent of the polynomial degree, and (iii) introduce a training strategy that recovers the expressiveness of polynomial models via knowledge distillation and warm initialization. Experiments demonstrate 2.3--6.8$\times$ speedup in LAN and 1.3--5.6$\times$ in WAN over state-of-the-art MSDM frameworks, while achieving accuracy within 0.5\% of ReLU-based plaintext models. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2507_09607 |
| institution | arXiv |
| publishDate | 2025 |
| record_format | arxiv |
| spellingShingle | Efficient and High-Accuracy Private CNN Inference with Helper-Assisted Malicious Security Wang, Kaiwen Chang, Xiaolin Fan, Junchao Dong, Yuehan Cryptography and Security Machine Learning as a Service (MLaaS) exposes sensitive client data to service providers. Private inference mitigates this risk while preserving model functionality. Despite extensive progress in MPC-based solutions, they remain constrained by a fundamental three-way tension among strong security, efficiency, and model accuracy. This challenge is particularly acute under the malicious dishonest majority (MSDM) setting, where prior work either incurs high communication overhead or suffers non-negligible accuracy loss due to polynomial approximations of nonlinear functions. Although the helper-assisted MSDM (HA-MSDM) model improves efficiency and fairness, it lacks a dedicated design for accurate and efficient neural network inference. In this work, we present an HA-MSDM-based private CNN inference framework that simultaneously achieves high efficiency and near-plaintext accuracy through a co-design of cryptographic primitives, MPC protocols, and model training. Specifically, we (i) extend authenticated sharing to rings to enable efficient fixed-point computation, (ii) design constant-round protocols for multiplication and polynomial evaluation, with round complexity independent of the polynomial degree, and (iii) introduce a training strategy that recovers the expressiveness of polynomial models via knowledge distillation and warm initialization. Experiments demonstrate 2.3--6.8$\times$ speedup in LAN and 1.3--5.6$\times$ in WAN over state-of-the-art MSDM frameworks, while achieving accuracy within 0.5\% of ReLU-based plaintext models. |
| title | Efficient and High-Accuracy Private CNN Inference with Helper-Assisted Malicious Security |
| topic | Cryptography and Security |
| url | https://arxiv.org/abs/2507.09607 |