請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/85129
標題: | 最佳化以全同態加密作為推論隱私保護機制之效能 Optimizing Privacy-Preserving Inference with Fully Homomorphic Encryption |
作者: | Chen-Che Chien 簡辰哲 |
指導教授: | 洪士灝(Shih-Hao Hung) 洪士灝(Shih-Hao Hung | hungsh@csie.ntu.edu.tw | ), |
關鍵字: | 密碼學,全同態加密,隱私保護,神經網路,人工智慧, Cryptography,Fully homomorphic encryption,Privacy-preserving,Neural networks,Artificial Intelligence, |
出版年 : | 2022 |
學位: | 碩士 |
摘要: | 機器學習已經在許多領域發展出了實際應用,而這樣的廣大商機促使許多公司提供機器學習即服務(MLaaS),而這需要用戶將他們的數據上傳到雲端才能使用。然而,一些數據被認為是私人且敏感的,例如醫療和財務記錄,使用這些數據需要承擔相關的法律責任。為了解決這個隱私安全問題,之前的研究採用了使用同態加密技術來進行隱私保護推論,由數據所有者上傳加密過的資訊,讓模型所有者在無法得知確切資訊的前提下進行推論。如此雖然能夠有效防止資訊洩露,但也衍生出額外、沉重的代價,尤其是準確率下降、計算時間長、記憶體膨脹等三個問題,密切影響機器學習即服務的性價比。雖然先前已有單獨解決這三個問題的的研究文獻,但其實這三個問題並非完全獨立。因此,本論文提出了一種綜合方法,希望有系統地應用了一系列優化的方法共同解決這些問題。除了前人提出的方法之外,我們引入了兩種融合方法: 非線性融合(non-linear fusion) 和 常數融合(constant fusion),與現有的線性融合(linear fusion) 技術一起解決計算和記憶體容量問題。實驗結果顯示,使用我們的方法,CIFAR-10資料集的隱私保護推理的準確度提升2.42%、時間減少86% 、記憶體減少78%。希望本論文所提出的方法能為未來更完整的自動化優化方案奠定基礎。 Machine learning has enabled practical applications in many fields, leading many companies to offer Machine Learning as a Service (MLaaS). However, it requires users to upload their data to the service provider, including private and sensitive data, such as medical and financial records, which may be associated with legal responsibilities. In order to solve such privacy and legal concerns, previous studies have employed homomorphic encryption (HE) for privacy-preserving inferences, where the data owner uploads encrypted data and the model owner makes inferences without knowing the exact information. While adopting HE is capable of preventing information leakage, it also incurs substantial overheads, especially in terms of dropping accuracy, lengthy computing time and inflated memory, which seriously affect the cost-performance of MLaaS. While there are works to address these three issues individually, they are not entirely independent. Therefore, in this thesis, we propose an integrated approach which systematically applies a series of methods for optimizing HE-based privacy-preserving inference to mitigate the issues jointly. In addition to the methods proposed by previous works, we introduce two fusion methods: non-linear fusion and constant fusion, which are combined with the existing linear fusion techniques to solve computational and memory problems simultaneously. Experimental results show that our approach provides a +2.42% accuracy boost, an 86% time decrease, and a 78% RAM reduction for privacy-preserving inference on the CIFAR-10 dataset. Hopefully, this thesis paves the groundwork for more complete automated optimization schemes in the future. |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/85129 |
DOI: | 10.6342/NTU202204072 |
全文授權: | 同意授權(限校園內公開) |
電子全文公開日期: | 2022-10-20 |
顯示於系所單位: | 資訊工程學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
U0001-2609202212525500.pdf 授權僅限NTU校內IP使用(校園外請利用VPN校外連線服務) | 1.29 MB | Adobe PDF | 檢視/開啟 |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。