使用混合位元長度乘法的安全訓練

戴俊儀; Jyun-Yi Dai

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/92118

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	吳沛遠	zh_TW
dc.contributor.advisor	Pei-Yuan Wu	en
dc.contributor.author	戴俊儀	zh_TW
dc.contributor.author	Jyun-Yi Dai	en
dc.date.accessioned	2024-03-05T16:22:24Z	-
dc.date.available	2024-03-06	-
dc.date.copyright	2024-03-05	-
dc.date.issued	2024	-
dc.date.submitted	2024-02-17	-
dc.identifier.citation	[1] N. Agrawal, A. Shahin Shamsabadi, M. J. Kusner, and A. Gascón. Quotient: two-party secure neural network training and prediction. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pages 1231–1247, 2019. [2] J. Alvarez-Valle, P. Bhatu, N. Chandran, D. Gupta, A. Nori, A. Rastogi, M. Rathee, R. Sharma, and S. Ugare. Secure medical image analysis with cryptflow. arXiv preprint arXiv:2012.05064, 2020. [3] A. Aly and N. P. Smart. Benchmarking privacy preserving scientific operations. In Applied Cryptography and Network Security: 17th International Conference, ACNS 2019, Bogota, Colombia, June 5–7, 2019, Proceedings, pages 509–529. Springer, 2019. [4] G. Asharov, Y. Lindell, T. Schneider, and M. Zohner. More efficient oblivious transfer and extensions for faster secure computation. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pages 535–548, 2013. [5] N. Chandran, D. Gupta, S. L. B. Obbattu, and A. Shah. {SIMC}:{ML} inference secure against malicious clients at {Semi-Honest} cost. In 31st USENIX Security Symposium (USENIX Security 22), pages 1361–1378, 2022. [6] M. Colleen, F. Michelle, A. Monica, and P. Eugenie. Views of data privacy risks, personal data and digital privacy laws in america. Pew Research Center, 2023. [7] I. Goodfellow, Y. Bengio, and A. Courville. Deep Learning. MIT Press, 2016. http://www.deeplearningbook.org. [8] E. Harding. Top data privacy and protection updates nationwide. National Law Review, 2022. [9] Z. Huang, W.-j. Lu, C. Hong, and J. Ding. Cheetah: Lean and fast secure {Two-Party} deep neural network inference. In 31st USENIX Security Symposium (USENIX Security 22), pages 809–826, 2022. [10] Y. Ishai, J. Kilian, K. Nissim, and E. Petrank. Extending oblivious transfers efficiently. In Crypto, volume 2729, pages 145–161. Springer, 2003. [11] C. Juvekar, V. Vaikuntanathan, and A. Chandrakasan. {GAZELLE}: A low latency framework for secure neural network inference. In 27th {USENIX} Security Symposium ({USENIX} Security 18), pages 1651–1669, 2018. [12] M. Keller. Mp-spdz: A versatile framework for multi-party computation. In Proceedings of the 2020 ACM SIGSAC conference on computer and communications security, pages 1575–1590, 2020. [13] M. Keller and K. Sun. Effectiveness of mpc-friendly softmax replacement. arXiv preprint arXiv:2011.11202, 2020. [14] M. Keller and K. Sun. Secure quantized training for deep learning. In International Conference on Machine Learning, pages 10912–10938. PMLR, 2022. [15] B. Knott, S. Venkataraman, A. Hannun, S. Sengupta, M. Ibrahim, and L. van der Maaten. Crypten: Secure multi-party computation meets machine learning. In arXiv 2109.00984, 2021. [16] V. Kolesnikov and R. Kumaresan. Improved ot extension for transferring short secrets. In Advances in Cryptology–CRYPTO 2013: 33rd Annual Cryptology Conference, Santa Barbara, CA, USA, August 18-22, 2013. Proceedings, Part II, pages 54–70. Springer, 2013. [17] A. Krizhevsky. Learning multiple layers of features from tiny images. Technical report, University of Toronto, 2009. [18] Y. LeCun, L. Bottou, Y. Bengio, and P. Haffner. Gradient-based learning applied to document recognition. Proceedings of the IEEE, 86(11):2278–2324, 1998. [19] R. Lehmkuhl, P. Mishra, A. Srinivasan, and R. A. Popa. Muse: Secure inference resilient to malicious clients. In USENIX Security Symposium, pages 2201–2218, 2021. [20] J. Liu, M. Juuti, Y. Lu, and N. Asokan. Oblivious neural network predictions via minionn transformations. In Proceedings of the 2017 ACM SIGSAC conference on computer and communications security, pages 619–631, 2017. [21] P. Mishra, R. Lehmkuhl, A. Srinivasan, W. Zheng, and R. A. Popa. Delphi: a cryptographic inference system for neural networks. In Proceedings of the 2020 Workshop on Privacy-Preserving Machine Learning in Practice, pages 27–30, 2020. [22] P. Mohassel and P. Rindal. Aby3: A mixed protocol framework for machine learning. In Proceedings of the 2018 ACM SIGSAC conference on computer and communications security, pages 35–52, 2018. [23] P. Mohassel and Y. Zhang. Secureml: A system for scalable privacy-preserving machine learning. In 2017 IEEE symposium on security and privacy (SP), pages 19–38. IEEE, 2017. [24] D. Rathee, A. Bhattacharya, D. Gupta, R. Sharma, and D. Song. Secure floating-point training. Cryptology ePrint Archive, 2023. [25] D. Rathee, A. Bhattacharya, R. Sharma, D. Gupta, N. Chandran, and A. Rastogi. Secfloat: Accurate floating-point meets secure 2-party computation. In 2022 IEEE Symposium on Security and Privacy (SP), pages 576–595. IEEE, 2022. [26] D. Rathee, M. Rathee, R. K. K. Goli, D. Gupta, R. Sharma, N. Chandran, and A. Rastogi. Sirnn: A math library for secure rnn inference. In 2021 IEEE Symposium on Security and Privacy (SP), pages 1003–1020. IEEE, 2021. [27] D. Rathee, M. Rathee, N. Kumar, N. Chandran, D. Gupta, A. Rastogi, and R. Sharma. Cryptflow2: Practical 2-party secure inference. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pages 325–342, 2020. [28] A. Shah, N. Chandran, M. Dema, D. Gupta, A. Gururajan, and H. Yu. Secure featurization and applications to secure phishing detection. In Proceedings of the 2021 on Cloud Computing Security Workshop, pages 83–95, 2021. [29] S. Tan, B. Knott, Y. Tian, and D. J. Wu. Cryptgpu: Fast privacy-preserving machine learning on the gpu. In 2021 IEEE Symposium on Security and Privacy (SP), pages 1021–1038. IEEE, 2021. [30] T. Tung-Lin and W. Pei-Yuan. Sepmm: A general matrix multiplication optimization approach for privacy-preserving machine learning. In 2023 IEEE Conference on Dependable and Secure Computing (DSC), pages 1–10. IEEE, 2023. [31] S. Wagh, D. Gupta, and N. Chandran. Securenn: 3-party secure computation for neural network training. Proc. Priv. Enhancing Technol., 2019(3):26–49, 2019.	-
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/92118	-
dc.description.abstract	機器學習在應用上的快速發展引發了人們對資料隱私的擔憂，促使人們對於隱私維護機器學習的研究。為了確保機器學習訓練資料的隱私，一個有潛力的解決方案是使用涉及高成本密碼技術的雙方安全計算。然而，這導致這種訓練方式的效率比明文的方式低幾個數量級。矩陣乘法在基於雙方安全方計算的隱私保護機器學習中通常會消耗大量時間，我們利用混合位元長度乘法來取代固定位元長度的通用乘法，以提高矩陣乘法的效率。另外，我們也提供調整位元長度以防止溢出的機制。我們透過利用預先存在的資訊和具有較小誤差的高效率截斷來提高針對訓練模型的對數效率。我們的實驗表明，與使用相同的函式庫的固定位元長度訓練相比，我們的混合位元長度訓練減少了至少 22% 的時間延遲，同時減少了至少 34% 的通訊開銷。	zh_TW
dc.description.abstract	The rapid development of machine learning applications has raised concerns about data privacy, driving the need for privacy-preserving machine learning research. To ensure the privacy of machine learning training data, a potential solution is to use secure two-party computation involving high-cost cryptography techniques. However, this results in training efficiency that is several orders of magnitude lower than plaintext machine learning. Our work utilizes multiplication with mixed bit-length to replace generic multiplication with fixed bit-length to enhance the efficiency of matrix multiplication, which typically consumes a significant amount of time in privacy-preserving machine learning based on secure two-party computation. We also provide mechanisms that adjust the bit-length to prevent overflow. In addition, we improve the efficiency of the logarithm for the training model by leveraging pre-existing information and efficient truncation with a minor error. Our experiment demonstrates that our mixed bit-length training has at least 22% latency reduction along with at least 34% communication overhead reduction compared to fixed bit-length training using the same two-party computation library.	en
dc.description.provenance	Submitted by admin ntu (admin@lib.ntu.edu.tw) on 2024-03-05T16:22:24Z No. of bitstreams: 0	en
dc.description.provenance	Made available in DSpace on 2024-03-05T16:22:24Z (GMT). No. of bitstreams: 0	en
dc.description.tableofcontents	口試委員審定書 i 致謝 iii 摘要 v Abstract vii 目次 ix 圖次 xiii 表次 xv 第一章 Introduction 1 1.1 Contribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 第二章 Related works 7 2.1 Three-party computation . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.2 PPML inference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.2.1 Semi-honest security . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.2.2 Client malicious security . . . . . . . . . . . . . . . . . . . . . . . 9 2.3 Floating-point representation . . . . . . . . . . . . . . . . . . . . . . . 9 第三章 Preliminaries 11 3.1 Threat model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.2 Oblivious transfer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.3 Notation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 3.4 Fixed-point representation . . . . . . . . . . . . . . . . . . . . . . . . 12 3.5 Additive secret sharing . . . . . . . . . . . . . . . . . . . . . . . . . . 12 3.6 2PC Functionalities . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3.6.1 Less Than [27] . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3.6.2 Exponentiation with base 2 . . . . . . . . . . . . . . . . . . . . . . 13 3.6.3 Multiplication with mixed bit-lengths [26] . . . . . . . . . . . . . . 13 3.6.4 Most Significant Non-Zero Bit (MSNZB) [26] . . . . . . . . . . . . 14 3.6.5 LeftShift by ⟨y⟩ bits . . . . . . . . . . . . . . . . . . . . . . . . . . 14 3.6.6 Extension [26] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 3.6.7 Truncate and Reduce (TR) [26] . . . . . . . . . . . . . . . . . . . . 14 3.6.8 Multiplexer (MUX) [27] . . . . . . . . . . . . . . . . . . . . . . . 14 3.6.9 If Else . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.6.10 AND [27] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.6.11 MSB [27] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.6.12 Reduce [26] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.6.13 Open . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.6.14 Aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.6.15 Digit decomposition [26] . . . . . . . . . . . . . . . . . . . . . . . 16 第四章 Privacy-Preserving Machine Learning Components 19 4.1 Linear Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 4.1.1 SepMM matrix multiplication algorithm . . . . . . . . . . . . . . . 20 4.1.2 Dynamic bit-length adjustment . . . . . . . . . . . . . . . . . . . . 21 4.1.3 A trade-off between security and efficiency . . . . . . . . . . . . . 23 4.2 ReLU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 4.3 Cross Entropy Loss and Softmax . . . . . . . . . . . . . . . . . . . . . 24 4.3.1 Logarithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 第五章 Experiments 27 5.1 Environment setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 5.2 Logarithm MPC speedup . . . . . . . . . . . . . . . . . . . . . . . . . 28 5.3 MPC-empowered deep learning speedup . . . . . . . . . . . . . . . . . 29 第六章 Conclusion 33 第七章 Acknowledgement 35 參考文獻 37	-
dc.language.iso	en	-
dc.title	使用混合位元長度乘法的安全訓練	zh_TW
dc.title	Secure training using multiplication with mixed bit-length	en
dc.type	Thesis	-
dc.date.schoolyear	112-1	-
dc.description.degree	碩士	-
dc.contributor.oralexamcommittee	雷欽隆;左瑞麟;王紹睿	zh_TW
dc.contributor.oralexamcommittee	Chin-Laung Lei;Ray-Lin Tso;Shao-Jui Wang	en
dc.subject.keyword	隱私維護機器學習,多方安全計算,雙方安全計算,隱私強化技術,隱私維護訓練,	zh_TW
dc.subject.keyword	Privacy-preserving machine learning,Secure multi-party computation,Secure two-party computation,Privacy-enhancing technology,Privacy-preserving training,	en
dc.relation.page	41	-
dc.identifier.doi	10.6342/NTU202400572	-
dc.rights.note	同意授權(限校園內公開)	-
dc.date.accepted	2024-02-17	-
dc.contributor.author-college	電機資訊學院	-
dc.contributor.author-dept	電機工程學系	-
顯示於系所單位：	電機工程學系

文件中的檔案：

檔案	大小	格式
ntu-112-1.pdf 授權僅限NTU校內IP使用（校園外請利用VPN校外連線服務）	683.13 kB	Adobe PDF	檢視/開啟

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。