請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/88484
完整後設資料紀錄
DC 欄位 | 值 | 語言 |
---|---|---|
dc.contributor.advisor | 吳沛遠 | zh_TW |
dc.contributor.advisor | Pei-Yuan Wu | en |
dc.contributor.author | 蔡東霖 | zh_TW |
dc.contributor.author | Tung-Lin Tsai | en |
dc.date.accessioned | 2023-08-15T16:30:38Z | - |
dc.date.available | 2023-11-09 | - |
dc.date.copyright | 2023-08-15 | - |
dc.date.issued | 2023 | - |
dc.date.submitted | 2023-07-31 | - |
dc.identifier.citation | O. G. Bautista and K. Akkaya. Network-efficient pipelining-based secure multiparty computation for machine learning applications. In 2022 IEEE 47th Conference on Local Computer Networks (LCN), pages 205–213. IEEE, 2022.
D. Beaver. Correlated pseudorandomness and the complexity of private computations. In Proceedings of the twentyeighth annual ACM symposium on Theory of computing, pages 479–488, 1996. E. Boyle, G. Couteau, N. Gilboa, Y. Ishai, L. Kohl, P. Rindal, and P. Scholl. Efficient two-round ot extension and silent non-interactive secure computation. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pages 291–308, 2019. Z. Brakerski, C. Gentry, and V. Vaikuntanathan. (leveled) fully homomorphic encryption without bootstrapping. ACM Transactions on Computation Theory (TOCT), 6(3):1–36, 2014. G. Brassard, C. Crepeau, and J.M. Robert. All-or-nothing disclosure of secrets. In A. M. Odlyzko, editor, Advances in Cryptology — CRYPTO’ 86, pages 234–238, Berlin, Heidelberg, 1986. Springer Berlin Heidelberg. N. Chandran, D. Gupta, A. Rastogi, R. Sharma, and S. Tripathi. Ezpc: Programmable and efficient secure two-party computation for machine learning. In 2019 IEEE European Symposium on Security and Privacy (EuroS&P), pages 496–511. IEEE, 2019. E. Chou, J. Beal, D. Levy, S. Yeung, A. Haque, and L. FeiFei. Faster cryptonets: Leveraging sparsity for real-world encrypted inference. arXiv preprint arXiv:1811.09953, 2018. G. Couteau, P. Rindal, and S. Raghuraman. Silver: silent vole and oblivious transfer from hardness of decoding structured ldpc codes. In Advances in Cryptology–CRYPTO 2021: 41st Annual International Cryptology Conference, CRYPTO 2021, Virtual Event, August 16–20, 2021, Proceedings, Part III, pages 502–534. Springer, 2021. A. Dalskov, D. Escudero, and M. Keller. Secure evaluation of quantized neural networks. arXiv preprint arXiv:1910.12435, 2019. D. Demmler, T. Schneider, and M. Zohner. Aby-a framework for efficient mixed-protocol secure two-party computation. In NDSS, 2015. S. Even, O. Goldreich, and A. Lempel. A randomized protocol for signing contracts. Communications of the ACM, 28(6):637–647, 1985. M. Fredrikson, S. Jha, and T. Ristenpart. Model inversion attacks that exploit confidence information and basic countermeasures. In Proceedings of the 22nd ACMSIGSAC conference on computer and communications security, pages 1322–1333, 2015. C. Gentry. Fully homomorphic encryption using ideal lattices. In Proceedings of the forty-first annual ACM symposium on Theory of computing, pages 169–178, 2009. R. GiladBachrach, N. Dowlin, K. Laine, K. Lauter, M. Naehrig, and J. Wernsing. Cryptonets: Applying neural networks to encrypted data with high throughput and accuracy. In International conference on machine learning, pages 201–210. PMLR, 2016. I. J. Goodfellow, J. Shlens, and C. Szegedy. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572, 2014. K. He, X. Zhang, S. Ren, and J. Sun. Deep residual learning for image recognition. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 770–778, 2016. G. Huang, Z. Liu, L. Van Der Maaten, and K. Q. Weinberger. Densely connected convolutional networks. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 4700–4708, 2017. P.H. Huang, C.H. Tu, S.M. Chung, P.Y. Wu, T.L. Tsai, Y.A. Lin, C.Y. Dai, and T.Y. Liao. Securetvm: A tvm-based compiler framework for selective privacy-preserving neural inference. ACM Transactions on Design Automation of Electronic Systems, 2023. Z. Huang, W.j. Lu, C. Hong, and J. Ding. Cheetah: Lean and fast secure {Two-Party} deep neural network inference. In 31st USENIX Security Symposium (USENIX Security 22), pages 809–826, 2022. F. N. Iandola, S. Han, M. W. Moskewicz, K. Ashraf, W. J. Dally, and K. Keutzer. Squeezenet: Alexnet-level accuracy with 50x fewer parameters and< 0.5 mb model size. arXiv preprint arXiv:1602.07360, 2016. Y. Ishai, J. Kilian, K. Nissim, and E. Petrank. Extending oblivious transfers efficiently. In Crypto, volume 2729, pages 145–161. Springer, 2003. C. Juvekar, V. Vaikuntanathan, and A. Chandrakasan. {GAZELLE}: A low latency framework for secure neural network inference. In 27th {USENIX} Security Symposium ({USENIX} Security 18), pages 1651–1669, 2018. M. Keller. Mpspdz: A versatile framework for multi-party computation. In Proceedings of the 2020 ACM SIGSAC conference on computer and communications security, pages 1575–1590, 2020. B. Knott, S. Venkataraman, A. Hannun, S. Sengupta, M. Ibrahim, and L. van der Maaten. Crypten: Secure multi-party computation meets machine learning. Advances in Neural Information Processing Systems, 34:4961–4973, 2021. V. Kolesnikov and R. Kumaresan. Improved ot extension for transferring short secrets. In Advances in Cryptology–CRYPTO 2013: 33rd Annual Cryptology Conference, Santa Barbara, CA, USA, August 1822, 2013. Proceedings, Part II, pages 54–70. Springer, 2013. N. Kumar, M. Rathee, N. Chandran, D. Gupta, A. Rastogi, and R. Sharma. Cryptflow: Secure tensorflow inference. In 2020 IEEE Symposium on Security and Privacy (SP), pages 336–353. IEEE, 2020. F. Mamalet and C. Garcia. Simplifying convnets for fast learning. In Artificial Neural Networks and Machine Learning–ICANN 2012: 22nd International Conference on Artificial Neural Networks, Lausanne, Switzerland, September 1114, 2012, Proceedings, Part II 22, pages 58–65. Springer, 2012. R. Metz. Yes, tech companies may listen when you talk to your virtual assistant. here's why that's not likely to stop. In https://edition.cnn.com/2019/08/19/tech/sirialexapeoplelistening/index.html, 2019. P. Mishra, R. Lehmkuhl, A. Srinivasan, W. Zheng, and R. A. Popa. Delphi: a crypto graphic inference system for neural networks. In Proceedings of the 2020 Workshop on Privacy-Preserving Machine Learning in Practice, pages 27–30, 2020. P. Mohassel and P. Rindal. Aby3: A mixed protocol framework for machine learning. In Proceedings of the 2018 ACM SIGSAC conference on computer and communications security, pages 35–52, 2018. P. Mohassel and Y. Zhang. Secureml: A system for scalable privacy-preserving machine learning. In 2017 IEEE symposium on security and privacy (SP), pages 19–38. IEEE, 2017. A. Patra, T. Schneider, A. Suresh, and H. Yalame. Aby2. 0: Improved mixed-protocol secure two-party computation. In USENIX Security Symposium, pages 2165–2182, 2021. M. O. Rabin. How to exchange secrets with oblivious transfer. Cryptology ePrint Archive, Paper 2005/187, 2005. https://eprint.iacr.org/2005/187. D. Rathee, M. Rathee, R. K. K. Goli, D. Gupta, R. Sharma, N. Chandran, and A. Rastogi. Sirnn: A math library for secure rnn inference. In 2021 IEEE Symposium on Security and Privacy (SP), pages 1003–1020. IEEE, 2021. D. Rathee, M. Rathee, N. Kumar, N. Chandran, D. Gupta, A. Rastogi, and R. Sharma. Cryptflow2: Practical 2-party secure inference. In Proceedings of the 2020 ACMSIGSAC Conference on Computer and Communications Security, pages 325–342, 2020. O. Regev. The learning with errors problem. Invited survey in CCC, 7(30):11, 2010. M. S. Riazi, M. Samragh, H. Chen, K. Laine, K. E. Lauter, and F. Koushanfar. Xonn: Xnor-based oblivious deep neural network inference. In USENIX Security Symposium, pages 1501–1518, 2019. M. Ribeiro, K. Grolinger, and M. A. Capretz. Mlaas: Machine learning as a service. In 2015 IEEE 14th international conference on machine learning and applications (ICMLA), pages 896–902. IEEE, 2015. R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–126, 1978. R. Shokri, M. Stronati, C. Song, and V. Shmatikov. Membership inference attacks against machine learning models. In 2017 IEEE symposium on security and privacy (SP), pages 3–18. IEEE, 2017. C. Szegedy, V. Vanhoucke, S. Ioffe, J. Shlens, and Z. Wojna. Rethinking the inception architecture for computer vision. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 2818–2826, 2016. S. Wagh, D. Gupta, and N. Chandran. Securenn: 3-party secure computation for neural network training. Proc. Priv. Enhancing Technol., 2019(3):26–49, 2019. K. Yang, C. Weng, X. Lan, J. Zhang, and X. Wang. Ferret: Fast extension for correlated ot with small communication. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pages 1607–1626, 2020. A. C. Yao. Protocols for secure computations. In 23rd annual symposium on foundations of computer science (sfcs 1982), pages 160–164. IEEE, 1982. | - |
dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/88484 | - |
dc.description.abstract | 隨著獲得機器學習準確預測的同時,保護敏感資料隱私的需求愈來愈高,隱私維護機器學習 (PPML) 受到了廣泛的關注。這項技術歸功於同態加密和安全多方計算等安全加密方案的出現,這些方案允許一些參與方在不知道其他參與方數據的情況下共同計算結果。然而,這些方法的實際實現需要在加密下進行安全計算,相比於明文計算,會顯著增加通信成本和計算成本。鑑於矩陣乘法在機器學習的應用中是一項關鍵操作,由於安全矩陣乘法需要在參與方之間進行大量通信,通常在安全多方計算框架下成為瓶頸,所以我們提出了一種名為 SepMM 的新型安全矩陣乘法改善方法,適用於加速兩方安全計算。
SepMM 確保在均勻分佈的條件下,對於惡意方揭示矩陣中的任何欄位的機會將會隨著位元數的增加而呈指數級下降。SepMM 可以跟能與明文執行結果位元等效的安全矩陣乘法的方法相互結合。實驗結果表明,通過將 SepMM 與最先進的 PPML 框架 SIRNN 結合使用,對於廣泛採用的神經網絡 SqueezeNet、ResNet50 和 DenseNet121,通信成本和推理時間分別減少了 4.67-13.29 倍和 3.64-9.44 倍。 | zh_TW |
dc.description.abstract | Privacy-preserving machine learning (PPML) has gained significant attention in recent years due to the increasing need to protect sensitive data while obtaining accurate predictions. This is attributed to secure encryption schemes such as homomorphic encryption and secure multi-party computation, which allow some parties to jointly compute the results without knowing others' data. However, practical implementations of these methods require secure computation under encryption, which significantly increase communication and computation costs compared to plaintext computation. In view that matrix multiplication is a key operation in machine learning applications, and typically serves as a bottleneck under secure multi-party computation framework due to the massive communications it requires between parties, we propose SepMM as a novel secure matrix multiplication optimization approach for 2-party computation.
SepMM ensures that, assuming uniform distribution prior, the chances for the adverary to reveal any entity in the matrix decreases exponentially with the increase in bitlength. SepMM can be integrated with secure matrix multiplication methods that are bitwise equivalent to plaintext execution. Experimental results show that, by integrating SepMM with state-of-the-art PPML framework SIRNN, the communication cost and inference time are reduced by 4.67x - 13.29x and 3.64x - 9.44x, respectively, for widely adopted neural networks SqueezeNet, ResNet50, and DenseNet121. | en |
dc.description.provenance | Submitted by admin ntu (admin@lib.ntu.edu.tw) on 2023-08-15T16:30:38Z No. of bitstreams: 0 | en |
dc.description.provenance | Made available in DSpace on 2023-08-15T16:30:38Z (GMT). No. of bitstreams: 0 | en |
dc.description.tableofcontents | Verification Letter from the Oral Examination Committee i
Acknowledgements iii 摘要 v Abstract vii Contents ix List of Figures xi List of Tables xiii Chapter 1 Introduction 1 1.1 Secure Training Models 2 1.2 ABYstyle Inference Models 3 1.3 DevelopingFriendly Frameworks 3 1.4 Faithful Truncation 6 1.5 Contribution 6 Chapter 2 Preliminaries 9 2.1 Threat model 9 2.2 Cryptographic Primitives 10 2.2.1 Additive secret sharing 10 2.2.2 Oblivious Transfer 10 2.2.3 Homomorphic encryption 11 2.3 Secure Neural Network Inference 13 Chapter 3 Methodology 15 3.1 Notation 15 3.2 Workflow 15 3.3 Protocol 16 3.4 Security 18 Chapter 4 Experiments 25 4.1 System Details 26 4.2 Implementation Details 26 4.3 Results 27 Chapter 5 Conclusion 31 References 33 | - |
dc.language.iso | en | - |
dc.title | 用於隱私維護機器學習的通用矩陣乘法改善方法 | zh_TW |
dc.title | SepMM : A General Matrix Multiplication Improvement Approach for Privacy-Preserving Machine Learning | en |
dc.type | Thesis | - |
dc.date.schoolyear | 111-2 | - |
dc.description.degree | 碩士 | - |
dc.contributor.oralexamcommittee | 雷欽隆;張致恩 | zh_TW |
dc.contributor.oralexamcommittee | Chin-Laung Lei;Ji-En Chang | en |
dc.subject.keyword | 隱私維護機器學習,安全多方計算,安全兩方計算,安全推理,矩陣乘法, | zh_TW |
dc.subject.keyword | privacy-preserving machine learning,secure multi-party computation,2-party computation,secure inference,matrix multiplication, | en |
dc.relation.page | 39 | - |
dc.identifier.doi | 10.6342/NTU202302160 | - |
dc.rights.note | 同意授權(全球公開) | - |
dc.date.accepted | 2023-08-02 | - |
dc.contributor.author-college | 電機資訊學院 | - |
dc.contributor.author-dept | 電機工程學系 | - |
顯示於系所單位: | 電機工程學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-111-2.pdf | 8.89 MB | Adobe PDF | 檢視/開啟 |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。