PCIR: Privacy-Preserving Convolutional Neural Network Inference With Rapid Responsiveness

Several companies leverage trained convolutional neural networks (CNNs) to offer predictive services to users. These companies capitalize on CNNs' superior performance in image processing tasks, such as autonomous driving or face recognition. To safeguard data privacy and model parameters, various algorithms have been proposed. Most of them are predominantly designed using secure multi-party computation (MPC) or hardware-assisted solutions. However, certain limitations persist. First, MPC-based approaches (e.g., garbled circuits, homomorphic encryption) fail to meet rapid responsiveness requirements. Additionally, hardware-assisted solutions impose extra burdens to realize secure inference tasks. The primary reasons for these shortcomings can be summarized as follows: (1) high computation and communication delays are introduced by heavy cryptographic operations during the online phase. (2) Additional overhead for sharing triples. In this article, we propose PCIR, a secure protocol for privacy-preserving convolutional neural network inference (PCIR). PCIR aims to address the aforementioned issues based on a pre-shared secret sharing mechanism. It can achieve rapid responses to user requirements and preserve privacy of data and model for the following reasons: (1) it circumvents computationally expensive operations, such as an operation for permuting plaintext slots, which runs 56 times slower than a homomorphic addition operation, and 34 times slower than a homomorphic multiplication operation. (2) Computational operations, such as homomorphic additions or multiplications, are conducted during the pre-computation phase. It can significantly reduce the online computing costs. (3) PCIR conducts secure multiplication based on pre-shared secret shares. It results in much lower communication and computation costs compared with the use of multiplicative triples. Finally, we evaluate PCIR with benchmark neural networks trained on the MNIST and CIFAR-10 datasets. The results have shown that PCIR requires 1.3 x -3.7x less time and 1.1 x -12.3x less communication cost than previous methodologies.