Computing Neural Networks with Homomorphic Encryption and Verifiable Computing

• Published in: Applied Cryptography and Network Security Workshops Vol. 12418; pp. 295 - 317
• Main Authors: Madi, Abbass, Sirdey, Renaud, Stan, Oana
• Format: Book Chapter
• Language: English
• Published: Switzerland Springer International Publishing AG 2020; Springer International Publishing
• Series: Lecture Notes in Computer Science
• Subjects: Homomorphic Encryption; Neural Networks; Verifiable Computing
• ISBN: 9783030616373; 3030616371
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-030-61638-0_17

The widespread use of machine learning and in particular of Artificial Neural Networks (ANN) raises multiple security and data privacy issues. Recent works propose to preserve data confidentiality during the inference process, available as an outsourced service, using Homomorphic Encryption techniques. However, their setting is based on an honest-but-curious service provider and none of them addresses the problem of result integrity. In this paper, we propose a practical framework for privacy-preserving predictions with Homomorphic Encryption (HE) and Verifiable Computing (VC). We propose here a partially encrypted Neural Network in which the first layer consists of a quadratic function and its homomorphic evaluation is checked for integrity using a VC scheme which is slight adaption of the one of Fiore et al. [13]. Inspired by the neural network model proposed by Ryffel et al. [26] which combines adversarial training and functional encryption for partially encrypted machine learning, our solution can be deployed in different application contexts and provides additional security guarantees. We validate our work on the MNIST handwritten recognition dataset for which we achieve high accuracy (97.54%) and decent latency for a practical deployment (on average 3.8 s for both homomorphic evaluation and integrity proof preparation and 0.021 s for the verification).