multiparty computation and applicationsaxion university of applied sciences, nl @makrieleftheria...
TRANSCRIPT
-
SESSION ID:
#RSAC
Multiparty Computation and Application
CRYP-F01
Eleftheria MakriLecturer/Researcher Imec-COSIC, KU Leuven, BE & Saxion University of Applied Sciences, NL @MakriEleftheria
-
EPIC: Efficient Private Image Classification (or: Learning from the Masters) E. Makri, D. Rotaru, N. P. Smart, F. Vercauteren
-
#RSAC
EPIC: Efficient Private Image Classification
4
-
#RSAC
5
Feature Extraction
-
#RSACTransfer Learning Feature Extraction (or: Learning from the Masters)
6
-
#RSAC
7
-
#RSAC
EPIC Security
8
Active Security vs. Passive Security
EPICAll other protocols in the related work
-
#RSAC
9
Step 1: Create the ML model
Dragos Rotaru 9
Inceptionβv3 CNN
Linear SVM
Alice
-
#RSAC
10
Step 2: Alice secret shares the ML model
πππππππ΄π΄
πππππππΆπΆ
AliceBob
Charlie
-
#RSAC
11
Step 2: Alice secret shares the ML model
πππππππ΄π΄
πππππππΆπΆ
πΎπΎ1 πΎπΎ2 πΎπΎ3+ + =Dragos Rotaru
πππππππ΄π΄ πππππππ΅π΅ πππππππΆπΆ
AliceBob
Charlie
-
#RSAC
12
Step 3: Bob extracts features
Dragos Rotaru 12
Inceptionβv3 CNN
Features ππ
Bob
-
#RSAC
13
πππππππ΄π΄
πππππππΆπΆ
Dragos Rotaru
Step 4: Bob secret shares features
AliceBob
Charlie
-
#RSAC
14
πππππππ΄π΄
πππππππΆπΆ
Dragos Rotaru
Step 4: Bob secret shares features
πππ΄π΄
πππΆπΆ
πππ΅π΅
πΎπΎ1 πΎπΎ2 πΎπΎ3+ + =Dragos Rotaru
πππ΄π΄ πππ΅π΅ πππΆπΆ CNN-Feat( )
AliceBob
Charlie
-
#RSAC
15
πππππππ΄π΄ πππππππΆπΆ
Step 5: Parties use MPC to help Charlie compute label of SVM-Alice(Bob-Image)
πππ΄π΄ πππΆπΆ
πππ΅π΅
Alice
Bob
Charlie
-
#RSAC
16
πππππππ΄π΄ πππππππΆπΆ
Step 5: Parties use MPC to help Charlie compute label of SVM-Alice(Bob-Image)
πππ΄π΄ πππΆπΆ
πππ΅π΅
***βFloristβ***Alice
Bob
Charlie
-
#RSAC
Video of the Demo of our work will appear here
17
-
#RSAC
EPIC Performance β Simple Variant
18
Computation Cost Communication Cost
0
50
100
150
200
250
300
CIFAR-10(88.8% accuracy)
MIT-67(72.2% accuracy)
Caltech-101(91.4% accuracy)
Communication (MB)
Offline Online Total
0
0.5
1
1.5
2
2.5
3
3.5
4
CIFAR-10(88.8% accuracy)
MIT-67(72.2% accuracy)
Caltech-101(91.4% accuracy)
Runtimes (s)
Offline Online Total
-
#RSAC
Performance of the state-of-the-art private image classification
19
Computation Cost Communication Cost
0.001
0.01
0.1
1
10
100
1000
MiniONN*(81.61% accuracy)
Gazelle**(81.61% accuracy)
EPIC(88.8% accuracy)
Runtimes (s)
Offline Online Total
0.1
1
10
100
1000
10000
MiniONN*(81.61% accuracy)
Gazelle**(81.61% accuracy)
EPIC(88.8% accuracy)
Communication (MB)
Offline Online Total
* Jian Liu, Mika Juuti, Yao Lu, N. Asokan. Oblivious Neural Network Predictions via MiniONN Transformations. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp. 619-631). ACM.** Chiraag Juvekar, Vinod Vaikuntanathan, and Anantha Chandrakasan. GAZELLE: A low latency framework for secure neural network inference. In 27th USENIX Security Symposium (USENIX Security '18), Baltimore, MD, 2018. USENIX Association.
-
#RSAC
EPIC Efficiency Gain over the state-of-the-art
20
EPIC vs. Gazelle1 on CIFAR-10: β 34 times faster runtime;β 50 times improvement of communication cost; β 7% higher classification accuracy.
EPIC vs. Gazelle1 with the same accuracy: β 700 times faster runtime; β 500 times improvement of communication cost.
1 Chiraag Juvekar, Vinod Vaikuntanathan, and Anantha Chandrakasan. GAZELLE: A low latency framework for secure neural network inference. In 27th USENIX Security Symposium (USENIX Security '18), Baltimore, MD, 2018. USENIX Association.
-
#RSAC
Now what?
21
What would transform EPIC to a LEGENDARY solution? β Maintain security β Maintain or increase efficiency β Increase accuracy!
Any ideas on how to do this (using MPC)? β Talk to me during the break, orβ Contact me offline at: [email protected]
mailto:[email protected]
-
Multiparty Computation and Application EPIC: Efficient Private Image Classification (or: Learning from the Masters) Slide Number 3EPIC: Efficient Private Image Classification Slide Number 5Transfer Learning Feature Extraction (or: Learning from the Masters) Slide Number 7EPIC SecurityStep 1: Create the ML modelStep 2: Alice secret shares the ML modelStep 2: Alice secret shares the ML modelStep 3: Bob extracts featuresSlide Number 13Slide Number 14Slide Number 15Slide Number 16Video of the Demo of our work will appear here EPIC Performance β Simple Variant Performance of the state-of-the-art private image classificationEPIC Efficiency Gain over the state-of-the-art Now what? Slide Number 22