Lightweight Privacy-Preserving Training and Evaluation for Discretized Neural Networks

Chen, J; Zhou, J; Cao, Z; Vasilakos, AV; Dong, X; Choo, KKR

Lightweight Privacy-Preserving Training and Evaluation for Discretized Neural Networks

Chen, J Zhou, J Cao, Z Vasilakos, AV Dong, X Choo, KKR

Permalink

Publisher:: IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
Publication Type:: Journal Article
Citation:: IEEE Internet of Things Journal, 2020, 7, (4), pp. 2663-2678
Issue Date:: 2020-04-01

Closed Access

	Filename	Description	Size
	08843956.pdf	Published version	1.74 MB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Chen, J
dc.contributor.author	Zhou, J
dc.contributor.author	Cao, Z
dc.contributor.author	Vasilakos, AV
dc.contributor.author	Dong, X
dc.contributor.author	Choo, KKR
dc.date.accessioned	2021-02-24T22:02:46Z
dc.date.available	2021-02-24T22:02:46Z
dc.date.issued	2020-04-01
dc.identifier.citation	IEEE Internet of Things Journal, 2020, 7, (4), pp. 2663-2678
dc.identifier.issn	2327-4662
dc.identifier.issn	2327-4662
dc.identifier.uri	http://hdl.handle.net/10453/146426
dc.description.abstract	© 2014 IEEE. Machine learning, particularly the neural network (NN), is extensively exploited in dizzying applications. In order to reduce the burden of computing for resource-constrained clients, a large number of historical private datasets are required to be outsourced to the semi-trusted or malicious cloud for model training and evaluation. To achieve privacy preservation, most of the existing work either exploited the technique of public key fully homomorphic encryption (FHE) resulting in considerable computational cost and ciphertext expansion, or secure multiparty computation (SMC) requiring multiple rounds of interactions between user and cloud. To address these issues, in this article, a lightweight privacy-preserving model training and evaluation scheme LPTE for discretized NNs (DiNNs) is proposed. First, we put forward an efficient single key fully homomorphic data encapsulation mechanism (SFH-DEM) without exploiting public key FHE. Based on SFH-DEM, a series of atomic calculations over the encrypted domain, including multivariate polynomial, nonlinear activation function, gradient function, and maximum operations are devised as building blocks. Furthermore, a lightweight privacy-preserving model training and evaluation scheme LPTE for DiNNs is proposed, which can also be extended to convolutional NN. Finally, we give the formal security proofs for dataset privacy, model training privacy, and model evaluation privacy under the semi-honest environment and implement the experiment on real dataset MNIST for recognizing handwritten numbers in DiNN to demonstrate the high efficiency and accuracy of our proposed LPTE.
dc.language	English
dc.publisher	IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
dc.relation.ispartof	IEEE Internet of Things Journal
dc.relation.isbasedon	10.1109/JIOT.2019.2942165
dc.rights	© 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.	en_US
dc.rights	info:eu-repo/semantics/closedAccess
dc.subject	0805 Distributed Computing, 1005 Communications Technologies
dc.title	Lightweight Privacy-Preserving Training and Evaluation for Discretized Neural Networks
dc.type	Journal Article
utslib.citation.volume	7
utslib.for	0805 Distributed Computing
utslib.for	1005 Communications Technologies
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Electrical and Data Engineering
pubs.organisational-group	/University of Technology Sydney
utslib.copyright.status	closed_access	*
dc.date.updated	2021-02-24T22:02:44Z
pubs.issue	4
pubs.publication-status	Published
pubs.volume	7
utslib.citation.issue	4

Abstract:

© 2014 IEEE. Machine learning, particularly the neural network (NN), is extensively exploited in dizzying applications. In order to reduce the burden of computing for resource-constrained clients, a large number of historical private datasets are required to be outsourced to the semi-trusted or malicious cloud for model training and evaluation. To achieve privacy preservation, most of the existing work either exploited the technique of public key fully homomorphic encryption (FHE) resulting in considerable computational cost and ciphertext expansion, or secure multiparty computation (SMC) requiring multiple rounds of interactions between user and cloud. To address these issues, in this article, a lightweight privacy-preserving model training and evaluation scheme LPTE for discretized NNs (DiNNs) is proposed. First, we put forward an efficient single key fully homomorphic data encapsulation mechanism (SFH-DEM) without exploiting public key FHE. Based on SFH-DEM, a series of atomic calculations over the encrypted domain, including multivariate polynomial, nonlinear activation function, gradient function, and maximum operations are devised as building blocks. Furthermore, a lightweight privacy-preserving model training and evaluation scheme LPTE for DiNNs is proposed, which can also be extended to convolutional NN. Finally, we give the formal security proofs for dataset privacy, model training privacy, and model evaluation privacy under the semi-honest environment and implement the experiment on real dataset MNIST for recognizing handwritten numbers in DiNN to demonstrate the high efficiency and accuracy of our proposed LPTE.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/146426