Efficient privacy-preserving scheme for secure neural network inference

Liquan CHEN; Zixuan YANG; Peng ZHANG; Yang MA

doi:10.1631/FITEE.2400371

Your Location：

Home >

Browse articles >

Efficient privacy-preserving scheme for secure neural network inference

Regular Papers | Updated：2025-11-05

- Efficient privacy-preserving scheme for secure neural network inference
- 用于安全神经网络推理的高效隐私保护方案
- Frontiers of Information Technology & Electronic Engineering Vol. 26, Issue 9, Pages: 1609-1623(2025)
- Affiliations：
  
  1.School of Cyber Science and Engineering, Southeast University, Nanjing 210096, China
  2.Purple Mountain Laboratories, Nanjing 211189, China
- Author bio：
  
  ‡ Corresponding author
- Funds：
- DOI：10.1631/FITEE.2400371
  CLC： TP391.4
- Received：08 May 2024，
  
  Revised：2024-11-21，
  
  Published：2025-09
- Accepted：
Scan QR Code
Liquan CHEN, Zixuan YANG, Peng ZHANG, et al. Efficient privacy-preserving scheme for secure neural network inference[J]. Frontiers of information technology & electronic engineering, 2025, 26(9): 1609-1623.
DOI：

Liquan CHEN, Zixuan YANG, Peng ZHANG, et al. Efficient privacy-preserving scheme for secure neural network inference[J]. Frontiers of information technology & electronic engineering, 2025, 26(9): 1609-1623. DOI： 10.1631/FITEE.2400371.

摘要

随着智能设备和云服务的广泛应用，加之本地计算与存储资源受限，大量用户倾向于将私有数据传输至云服务器进行处理。然而，敏感数据以明文形式传输引发用户隐私与安全方面的担忧。为应对这些问题，提出一种基于同态加密与安全多方计算的高效隐私保护安全神经网络推理方案，该方案在确保用户与云服务器双方隐私的同时，实现了快速准确的密文推理。首先，将推理过程划分为3个阶段：调整网络结构的合并阶段、执行同态计算的预处理阶段以及隐私数据秘密共享的浮点运算在线阶段。其次，提出一种网络参数合并方法，以降低乘法层级的成本，并减少密文—明文乘法与加法运算次数。最后，提出一种快速卷积算法，以提升计算效率。与其他最先进的方法相比，所提方案在线阶段的线性操作时间至少减少11％，显著降低了推理时间和通信开销。

Abstract

The increasing adoption of smart devices and cloud services

coupled with limitations in local computing and storage resources

prompts numerous users to transmit private data to cloud servers for processing. However

the transmission of sensitive data in plaintext form raises concerns regarding users' privacy and security. To address these concerns

this study proposes an efficient privacy-preserving secure neural network inference scheme based on homomorphic encryption and secure multi-party computation

which ensures the privacy of both the user and the cloud server while enabling fast and accurate ciphertext inference. First

we divide the inference process into three stages

including the merging stage for adjusting the network structure

the preprocessing stage for performing homomorphic computations

and the online stage for floating-point operations on the secret sharing of private data. Second

we propose an approach of merging network parameters

thereby reducing the cost of multiplication levels and decreasing both ciphertext–plaintext multiplication and addition operations. Finally

we propose a fast convolution algorithm to enhance computational efficiency. Compared with other state-of-the-art methods

our scheme reduces the linear operation time in the online stage by at least 11%

significantly reducing inference time and communication overhead.

关键词

Keywords

references

Chabanne H , de Wargny A , Milgram J , et al. , 2017 . Privacy-preserving classification on deep neural network . https://eprint.iacr.org/2017/035 https://eprint.iacr.org/2017/035

Chai XL , Wang YJ , Gan ZH , et al. , 2022 . Preserving privacy while revealing thumbnail for content-based encrypted image retrieval in the cloud . Inform Sci , 604 : 115 - 141 . https://doi.org/10.1016/j.ins.2022.05.008 https://doi.org/10.1016/j.ins.2022.05.008

Chaudhari H , Rachuri R , Suresh A , 2020 . Trident: efficient 4PC framework for privacy preserving machine learning . Network and Distributed System Security Symp . https://doi.org/10.14722/ndss.2020.23005 https://doi.org/10.14722/ndss.2020.23005

Cheon JH , Kim A , Kim M , et al. , 2017 . Homomorphic encryption for arithmetic of approximate numbers . Proc 23 rd Int Conf on Theory and Applications of Cryptology and Information Security , p. 409 - 437 . https://doi.org/10.1007/9783319-70694-8_15 https://doi.org/10.1007/9783319-70694-8_15

Cheon JH , Han K , Kim A , et al. , 2019 . A full RNS variant of approximate homomorphic encryption . Proc 25 th Int Conf on Selected Areas in Cryptography , p. 347 - 368 . https://doi.org/10.1007/978-3-030-10970-7_16 https://doi.org/10.1007/978-3-030-10970-7_16

Chou E , Beal J , Levy D , et al. , 2018 . Faster CryptoNets: leveraging sparsity for real-world encrypted inference . https://arxiv.org/abs/1811.09953 https://arxiv.org/abs/1811.09953

Dowlin N , Gilad-Bachrach R , Laine K , et al. , 2016 . CryptoNets: applying neural networks to encrypted data with high throughput and accuracy . Proc 33 rd Int Conf on Machine Learning , p. 201 - 210 .

Halevi S , Shoup V , 2014 . Algorithms in HElib . Proc 34 th Annual Cryptology Conf , p. 554 - 571 . https://doi.org/10.1007/978-3-662-44371-2_31 https://doi.org/10.1007/978-3-662-44371-2_31

Hesamifard E , Takabi H , Ghasemi M , 2017 . CryptoDL: deep neural networks over encrypted data . https://arxiv.org/abs/1711.05189 https://arxiv.org/abs/1711.05189

Iha NK , Ghodsi Z , Garg S , et al. , 2021 . DeepReDuce: ReLU reduction for fast private inference . Proc 38 th Int Conf on Machine Learning , p. 4839 - 4849 .

Ioffe S , Szegedy C , 2015 . Batch normalization: accelerating deep network training by reducing internal covariate shift . Proc 32 nd Int Conf on Machine Learning , p. 448 - 456 .

Ishiyama T , Suzuki T , Yamana H , 2020 . Highly accurate CNN inference using approximate activation functions over homomorphic encryption . Proc IEEE Int Conf on Big Data , p. 3989 - 3995 . https://doi.org/10.1109/BigData50022.2020.9378372 https://doi.org/10.1109/BigData50022.2020.9378372

Juvekar C , Vaikuntanathan V , Chandrakasan AP , 2018 . GAZELLE: a low latency framework for secure neural network inference . Proc 27 th USENIX Security Symp , p. 1651 - 1669 .

Kim D , Guyot C , 2023 . Optimized privacy-preserving CNN inference with fully homomorphic encryption . IEEE Trans Inform Forensic Secur , 18 : 2175 - 2187 . https://doi.org/10.1109/TIFS.2023.3263631 https://doi.org/10.1109/TIFS.2023.3263631

Koti N , Pancholi M , Patra A , et al. , 2021 . SWIFT: super-fast and robust privacy-preserving machine learning . Proc 30 th USENIX Security Symp , p. 2651 - 2668 .

Lai ZZ , Zhou YF , Zheng PJ , et al. , 2024 . Efficient privacy-preserving KAN inference using homomorphic encryption . https://arxiv.org/abs/2409.07751 https://arxiv.org/abs/2409.07751

Li JS , Liu IH , Tsai CJ , et al. , 2020 . Secure content-based image retrieval in the cloud with key confidentiality . IEEE Access , 8 : 114940 - 114952 . https://doi.org/10.1109/ACCESS.2020.3003928 https://doi.org/10.1109/ACCESS.2020.3003928

Li QF , Huang ZC , Lu WJ , et al. , 2020 . HomoPAI: a secure collaborative machine learning platform based on homomorphic encryption . Proc IEEE 36 th Int Conf on Data Engineering , p. 1713 - 1717 . https://doi.org/10.1109/ICDE48307.2020.00152 https://doi.org/10.1109/ICDE48307.2020.00152

Li Y , Yan HY , Huang T , et al. , 2024 . Model architecture level privacy leakage in neural networks . Sci China Inform Sci , 67 ( 3 ): 132101 . https://doi.org/10.1007/s11432-022-3507-7 https://doi.org/10.1007/s11432-022-3507-7

Liu J , Juuti M , Lu Y , et al. , 2017 . Oblivious neural network predictions via MiniONN transformations . Proc ACM SIGSAC Conf on Computer and Communications Security , p. 619 - 631 . https://doi.org/10.1145/3133956.3134056 https://doi.org/10.1145/3133956.3134056

Lou Q , Shen YL , Jin HX , et al. , 2021 . SAFENet: a secure, accurate and fast neural network inference . Proc 9 th Int Conf on Learning Representations .

Ma JPK , Tai RKH , Zhao YJ , et al. , 2021 . Let’s stride blindfolded in a forest: sublinear multi-client decision trees evaluation . Network and Distributed System Security Symp . https://doi.org/10.14722/ndss.2021.23166 https://doi.org/10.14722/ndss.2021.23166

Mishra P , Lehmkuhl R , Srinivasan A , et al. , 2020 . Delphi: a cryptographic inference system for neural networks . Proc Workshop on Privacy-Preserving Machine Learning in Practice , p. 27 - 30 . https://doi.org/10.1145/3411501.3419418 https://doi.org/10.1145/3411501.3419418

Ng LKL , Chow SSM , 2021 . GForce: GPU-friendly oblivious and rapid neural network inference . Proc 30 th USENIX Security Symp , p. 2147 - 2164 .

Riazi MS , Weinert C , Tkachenko O , et al. , 2018 . Chameleon: a hybrid secure computation framework for machine learning applications . Proc Asia Conf on Computer and Communications Security , p. 707 - 721 . https://doi.org/10.1145/3196494.3196522 https://doi.org/10.1145/3196494.3196522

Schroff F , Kalenichenko D , Philbin J , 2015 . FaceNet: a unified embedding for face recognition and clustering . Proc IEEE Conf on Computer Vision and Pattern Recognition , p. 815 - 823 . https://doi.org/10.1109/CVPR.2015.7298682 https://doi.org/10.1109/CVPR.2015.7298682

Shen M , Cheng GH , Zhu LH , et al. , 2020 . Content-based multi-source encrypted image retrieval in clouds with privacy preservation . Fut Gener Comput Syst , 109 : 621 - 632 . https://doi.org/10.1016/j.future.2018.04.089 https://doi.org/10.1016/j.future.2018.04.089

Wang J , He DB , Castiglione A , et al. , 2023 . PCNNCEC: efficient and privacy-preserving convolutional neural network inference based on cloud-edge-client collaboration . IEEE Trans Netw Sci Eng , 10 ( 5 ): 2906 - 2923 . https://doi.org/10.1109/TNSE.2022.3177755 https://doi.org/10.1109/TNSE.2022.3177755

Wang Y , Chen LQ , Wu G , et al. , 2023 . Efficient and secure content-based image retrieval with deep neural networks in the mobile cloud computing . Comput Secur , 128 : 103163 . https://doi.org/10.1016/j.cose.2023.103163 https://doi.org/10.1016/j.cose.2023.103163

Xie TY , Yamana H , Mori T , 2022 . CHE: channel-wise homomorphic encryption for ciphertext inference in convolutional neural network . IEEE Access , 10 : 107446 - 107458 . https://doi.org/10.1109/ACCESS.2022.3210134 https://doi.org/10.1109/ACCESS.2022.3210134

Yagyu K , Takeuchi R , Nishigaki M , et al. , 2023 . Improving classification accuracy by optimizing activation function for convolutional neural network on homomorphic encryption . Proc 17 th Int Conf on Broadband Wireless Computing, Communication and Appli cations , p. 102 - 113 . https://doi.org/10.1007/978-3-031-20029-8_10 https://doi.org/10.1007/978-3-031-20029-8_10

Views

Downloads

CSCD

Alert me when the article has been cited

Submit

Tools

Publicity Resources

Recognition method for underwater communication signals that mimic dolphin whistles using phase-shifting modulation

CRGT-SA: an interlaced and spatiotemporal deep learning model for network intrusion detection

SPJEU: a self-sufficient plaintext-related JPEG image encryption scheme based on a unified key

Reinforcement learning based privacy-preserving consensus tracking control of nonstrict-feedback discrete-time multi-agent systems

Ahybrid-model optimization algorithm based on the Gaussian process and particle swarm optimization for mixed-variable CNN hyperparameter automatic search

Related Author

Fajie DUAN

Xiao FU

Xiaozong HOU

Zhuochen LI

Xiaolong YU

Jiajia JIANG

Qingwang YAO

Xihe QIU

Related Institution

Shenyang Institute of Automation, Chinese Academy of Sciences

State Key Lab of Precision Measuring Technology and Instruments, Tianjin University

School of Electronic and Electrical Engineering, Shanghai University of Engineering Science

School of Information Technology, Deakin University

College of Computer Science and Technology/College of Software, Nanjing University of Aeronautics and Astronautics

Map

Chat

Address：Zhejiang University Press, 148 Tianmushan Road, Hangzhou, China Postal code：310028
Tel：+86-571-88273162 Email：fitee@zju.edu.cn
It is recommended to read the content of this site in Chrome&IE9+. Please switch to extreme mode in browser 360.
Cookies We use cookies to help provide and enhance our service and tailor content. By continuing, you agree to the use of cookies.

⁰