SIMC 2.0: Improved secure ML inference against malicious clients

Author

Guowen XU
Xingshuo HAN
Tianwei ZHANG
Shengmin XU
Jianting NING
Xinyi HUANG
Hongwei LI
DENG, Robert H., Singapore Management UniversityFollow

Publication Type

Journal Article

Version

acceptedVersion

Publication Date

8-2024

Abstract

In this paper, we study the problem of secure ML inference against a malicious client and a semi-trusted server such that the client only learns the inference output while the server learns nothing. This problem is first formulated by Lehmkuhl et al. with a solution (MUSE, Usenix Security’21), whose performance is then substantially improved by Chandran et al.'s work (SIMC, USENIX Security’22). However, there still exists a nontrivial gap in these efforts towards practicality, giving the challenges of overhead reduction and secure inference acceleration in an all-round way. Based on this, we propose SIMC 2.0, which complies with the underlying structure of SIMC, but significantly optimizes both the linear and non-linear layers of the model. Specifically, (1) we design a new coding method for parallel homomorphic computation between matrices and vectors. (2) We reduce the size of the garbled circuit (GC) (used to calculate non-linear activation functions, e.g., ReLU) in SIMC by about two thirds. Compared with SIMC, our experiments show that SIMC 2.0 achieves a significant speedup by up to 17.4×17.4× for linear layer computation, and at least 1.3×1.3× reduction of both the computation and communication overhead in the implementation of non-linear layers under different data dimensions. Meanwhile, SIMC 2.0 demonstrates an encouraging runtime boost by 2.3∼4.3×2.3∼4.3× over SIMC on different state-of-the-art ML models.

Keywords

Protocols, Computational Modeling, Servers, Cryptography, Convolution, Encoding, Integrated Circuit Modeling, Garbled Circuit, Homomorphic Encryption, Privacy Protection, Secure Inference, Machine Learning Inference

Discipline

Information Security

Research Areas

Cybersecurity

Areas of Excellence

Digital transformation

Publication

IEEE Transactions on Dependable and Secure Computing

Volume

21

Issue

4

First Page

1708

Last Page

1723

ISSN

1545-5971

Identifier

10.1109/TDSC.2023.3288557

Publisher

Institute of Electrical and Electronics Engineers

Citation

XU, Guowen; HAN, Xingshuo; ZHANG, Tianwei; XU, Shengmin; NING, Jianting; HUANG, Xinyi; LI, Hongwei; and DENG, Robert H.. SIMC 2.0: Improved secure ML inference against malicious clients. (2024). IEEE Transactions on Dependable and Secure Computing. 21, (4), 1708-1723.
Available at: https://ink.library.smu.edu.sg/sis_research/9816

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1109/TDSC.2023.3288557