Skip to main content
SpringerLink
Log in

Memory Efficient Privacy-Preserving Machine Learning Based on Homomorphic Encryption

  • Conference paper
  • First Online:
Applied Cryptography and Network Security (ACNS 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14584))

Included in the following conference series:

  • 242 Accesses

Abstract

Fully Homomorphic Encryption (FHE) enables computation on encrypted data and can be used to provide privacy-preserving computation for machine learning models. However, FHE is computationally expensive and requires significant memory. Single instruction multiple data (SIMD) can offset this cost. Batch-packing, an SIMD technique that packs data along the batch dimension, requires significant memory. In convolutional neural networks, we can exploit their regular and repeating structure to reduce the memory cost by caching recurring values. In this paper, we investigate strategies for dynamically loading data from persistent storage and how to cache it effectively. We propose a method that reorders operations inside the convectional layer to increase caching effectiveness and reduce memory requirements. We achieve up to 50x reduction in memory requirements with only a 13% increase in runtime compared to keeping the data in memory during the entire computation. Our method is up to 38% faster at no significant memory difference compared to not using caching. We also show that our approach is up to 4.5x faster than the operating system’s swapping technique. These improvements allow us to run the models on less powerful and cheaper hardware.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abadi, M., et al.: Deep learning with differential privacy. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 308–318 (2016)

    Google Scholar 

  2. Aharoni, E., et al.: HeLayers: A Tile Tensors Framework for Large Neural Networks on Encrypted Data. Proceedings on Privacy Enhancing Technologies 2023(1), 325–342 (Jan 2023). https://doi.org/10.56553/popets-2023-0020, http://arxiv.org/abs/2011.01805, arXiv:2011.01805 [cs]

  3. Akavia, A., Oren, N., Sapir, B., Vald, M.: Compact storage for homomorphic encryption. Cryptology ePrint Archive (2022)

    Google Scholar 

  4. Al Badawi, A., et al.: Towards the AlexNet Moment for Homomorphic Encryption: HCNN, the First Homomorphic CNN on Encrypted Data with GPUs. IEEE Trans. Emerg. Topics Comput. (2020). https://doi.org/10.1109/TETC.2020.3014636, conference Name: IEEE Transactions on Emerging Topics in Computing

  5. Al Badawi, A., et al.: OpenFHE: open-source fully homomorphic encryption library. in: proceedings of the 10th workshop on encrypted computing & applied homomorphic cryptography, pp. 53–63. WAHC’22, Association for Computing Machinery, New York, NY, USA (2022). https://doi.org/10.1145/3560827.3563379 event-place: Los Angeles, CA, USA

  6. Amazon.com, I.: Amazon alexa voice ai, alexa developer offical site. https://developer.amazon.com/en-US/alexa Accessed 17 Oct 2023

  7. Boemer, F., Costache, A., Cammarota, R., Wierzynski, C.: ngraph-he2: A high-throughput framework for neural network inference on encrypted data. In: Proceedings of the 7th ACM Workshop on Encrypted Computing & Applied Homomorphic Cryptography, pp. 45–56 (2019)

    Google Scholar 

  8. Boemer, F., Lao, Y., Cammarota, R., Wierzynski, C.: ngraph-he: a graph compiler for deep learning on homomorphically encrypted data. In: Proceedings of the 16th ACM International Conference on Computing Frontiers, pp. 3–13 (2019)

    Google Scholar 

  9. Brutzkus, A., Gilad-Bachrach, R., Elisha, O.: Low latency privacy preserving inference. In: International Conference on Machine Learning, pp. 812–821. PMLR (2019)

    Google Scholar 

  10. Cai, Y., Zhang, Q., Ning, R., Xin, C., Wu, H.: Hunter: he-friendly structured pruning for efficient privacy-preserving deep learning. In: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, pp. 931–945 (2022)

    Google Scholar 

  11. Chabanne, H., de Wargny, A., Milgram, J., Morel, C., Prouff, E.: Privacy-preserving classification on deep neural network. IACR Cryptol. ePrint Arch. 2017, 35 (2017)

    Google Scholar 

  12. Chaudhari, H., Rachuri, R., Suresh, A.: Trident: efficient 4pc framework for privacy preserving machine learning. In: Proceedings 2020 Network and Distributed System Security Symposium. NDSS 2020, Internet Society (2020). https://doi.org/10.14722/ndss.2020.23005, http://dx.doi.org/10.14722/ndss.2020.23005

  13. Cheon, J.H., Han, K., Kim, A., Kim, M., Song, Y.: A full RNS variant of approximate homomorphic encryption. In: Cid, C., Jacobson, M.J. (eds.) Selected Areas in Cryptography – SAC 2018: 25th International Conference, Calgary, AB, Canada, August 15–17, 2018, Revised Selected Papers, pp. 347–368. Springer International Publishing, Cham (2019). https://doi.org/10.1007/978-3-030-10970-7_16

    Chapter  Google Scholar 

  14. Choi, W.S., Reagen, B., Wei, G.Y., Brooks, D.: Impala: Low-Latency, Communication-Efficient Private Deep Learning Inference. arXiv preprint arXiv:2205.06437 (2022)

  15. Dathathri, R., et al.: CHET: an optimizing compiler for fully-homomorphic neural-network inferencing. In: Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 142–156. PLDI 2019, Association for Computing Machinery, New York, NY, USA (Jun 2019). https://doi.org/10.1145/3314221.3314628, https://doi.org/10.1145/3314221.3314628

  16. Dilsizian, S.E., Siegel, E.L.: Artificial intelligence in medicine and cardiac imaging: harnessing big data and advanced computing to provide personalized medical diagnosis and treatment. Curr. Cardiol. Rep. 16, 1–8 (2014)

    Article  Google Scholar 

  17. Dowlin, N., Gilad-Bachrach, R., Laine, K., Lauter, K., Naehrig, M., Wernsing, J.: Cryptonets: applying neural networks to encrypted data with high throughput and accuracy. In: International Conference on Machine Learning, pp. 201–210 (2016)

    Google Scholar 

  18. Dwork, C., Roth, A.: The algorithmic foundations of differential privacy. Found. Trends Theor. Comput. Sci. 9(3–4), 211–407 (2014)

    MathSciNet  Google Scholar 

  19. Goodfellow, I., Bengio, Y., Courville, A.: Deep Learning. MIT Press (2016). http://www.deeplearningbook.org

  20. Google, I.: Bard - chat based ai tool from google, powered by palm2. https://bard.google.com/ Accessed 17 Oct 2023

  21. Google, I.: Google assitant, your own personal google. https://assistant.google.com/Accessed 17 Oct 2023

  22. Grammarly, I.: Grammarly: free writing ai assistance. https://www.grammarly.com/Accessed 17 Oct 2023

  23. Hao, M., Li, H., Chen, H., Xing, P., Xu, G., Zhang, T.: Iron: Private Inference on Transformers. In: Advances in Neural Information Processing Systems (2022)

    Google Scholar 

  24. Hesamifard, E., Takabi, H., Ghasemi, M.: Cryptodl: Deep neural networks over encrypted data. arXiv preprint arXiv:1711.05189 (2017)

  25. Hesamifard, E., Takabi, H., Ghasemi, M.: Deep Neural networks classification over encrypted data. In: Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy, pp. 97–108. ACM, Richardson Texas USA (Mar 2019). https://doi.org/10.1145/3292006.3300044

  26. Huang, Z., Lu, W.j., Hong, C., Ding, J.: Cheetah: Lean and Fast Secure $$two-party$$ Deep Neural Network Inference. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 809–826 (2022)

    Google Scholar 

  27. Inc., A.: Siri - apple. https://www.apple.com/siri/ Accessed 17 Oct 2023

  28. Jiang, X., Kim, M., Lauter, K., Song, Y.: Secure outsourced matrix computation and application to neural networks. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. pp. 1209–1222. ACM, Toronto Canada (Oct 2018). https://doi.org/10.1145/3243734.3243837

  29. Juvekar, C., Vaikuntanathan, V., Chandrakasan, A.: GAZELLE: a low latency framework for secure neural network inference. In: 27th USENIX Security Symposium (USENIX Security 18), pp. 1651–1669 (2018)

    Google Scholar 

  30. Kashyap, A., Plis, S., Ritter, P., Keilholz, S.: A deep learning approach to estimating initial conditions of brain network models in reference to measured fmri data. Front. Neurosci. 17 (2023)

    Google Scholar 

  31. Kim, D., Park, J., Kim, J., Kim, S., Ahn, J.H.: HyPHEN: A Hybrid Packing Method and Optimizations for Homomorphic Encryption-Based Neural Networks. arXiv preprint arXiv:2302.02407 (2023)

  32. Krizhevsky, A., Hinton, G.: Learning multiple layers of features from tiny images,: publisher: Toronto. ON, Canada (2009)

    Google Scholar 

  33. Lee, E., et al.: Low-complexity deep convolutional neural networks on fully homomorphic encryption using multiplexed parallel convolutions. In: International Conference on Machine Learning, pp. 12403–12422. PMLR (2022)

    Google Scholar 

  34. Lee, J.W., et al.: Privacy-Preserving Machine Learning With Fully Homomorphic Encryption for Deep Neural Network. IEEE Access 10, 30039–30054 (2022). https://doi.org/10.1109/ACCESS.2022.3159694, conference Name: IEEE Access

  35. Li, B., Micciancio, D.: On the security of homomorphic encryption on approximate numbers. In: Canteaut, A., Standaert, F.-X. (eds.) Advances in Cryptology – EUROCRYPT 2021: 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, October 17–21, 2021, Proceedings, Part I, pp. 648–677. Springer International Publishing, Cham (2021). https://doi.org/10.1007/978-3-030-77870-5_23

    Chapter  Google Scholar 

  36. Li, S., et al.: FALCON: a fourier transform based approach for fast and secure convolutional neural network predictions. In: 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 8702–8711. IEEE, Seattle, WA, USA (Jun 2020). https://doi.org/10.1109/CVPR42600.2020.00873, https://ieeexplore.ieee.org/document/9156980/

  37. Liu, J., Juuti, M., Lu, Y., Asokan, N.: Oblivious neural network predictions via minionn transformations. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 619–631 (2017)

    Google Scholar 

  38. Mohassel, P., Zhang, Y.: SecureML: a system for scalable privacy-preserving machine learning. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 19–38 (May 2017). https://doi.org/10.1109/SP.2017.12, iSSN: 2375-1207

  39. OpenAI: Chatgpt. https://openai.com/chatgpt Accessed 17 Oct 2023

  40. Papernot, N., Song, S., Mironov, I., Raghunathan, A., Talwar, K., Erlingsson, U.: Scalable private learning with pate. arXiv preprint arXiv:1802.08908 (2018)

  41. Podschwadt, R., Takabi, D.: Classification of encrypted word embeddings using recurrent neural networks. In: PrivateNLP@ WSDM, pp. 27–31 (2020)

    Google Scholar 

  42. Podschwadt, R., Takabi, D.: Non-interactive privacy preserving recurrent neural network prediction with homomorphic encryption. In: 2021 IEEE 14th International Conference on Cloud Computing (CLOUD), pp. 65–70. IEEE (2021)

    Google Scholar 

  43. Shivdikar, K., et al.: Accelerating polynomial multiplication for homomorphic encryption on gpus. In: 2022 IEEE International Symposium on Secure and Private Execution Environment Design (SEED), pp. 61–72. IEEE (2022)

    Google Scholar 

  44. Smart, N.. P.., Vercauteren, F..: Fully homomorphic SIMD operations. Designs, Codes and Cryptography 71(1), 57–81 (2014). https://doi.org/10.1007/s10623-012-9720-4

    Article  Google Scholar 

  45. Tramèr, F., Zhang, F., Juels, A., Reiter, M.K., Ristenpart, T.: Stealing Machine Learning Models via Prediction \$\$apis\$\$. In: 25th USENIX security symposium (USENIX Security 16), pp. 601–618 (2016)

    Google Scholar 

  46. Zheng, M., Lou, Q., Jiang, L.: Primer: fast private transformer inference on encrypted data (Mar 2023). arXiv:2303.13679 [cs]

Download references

Author information

Authors and Affiliations

  1. Georgia State University, Atlanta, GA, 30303, USA

    Robert Podschwadt & Parsa Ghazvinian

  2. Old Dominion University, Norfolk, VA, 23529, USA

    Mohammad GhasemiGol & Daniel Takabi

Authors
  1. Robert Podschwadt
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Parsa Ghazvinian
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohammad GhasemiGol
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Daniel Takabi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Robert Podschwadt .

Editor information

Editors and Affiliations

  1. New York University Abu Dhabi, Abu Dhabi, United Arab Emirates

    Christina Pöpper

  2. Radboud University Nijmegen, Nijmegen, The Netherlands

    Lejla Batina

Appendix

Appendix

Table 6. Measurements for Time in seconds, Memory (Mem) in MB, for all Schedules with small parameters on the PC with 16 and the server with 104 Threads. Additionally, the table shows the memory Estimate in MB and Score.
Full size table
Table 7. Measurements for Time in seconds, Memory (Mem) in MB, for all Schedules with medium parameters on the PC with 16 and the server with 104 Threads. Additionally, the table shows the memory Estimate in MB and Score. * values are unavailable because the execution ran out of memory.
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Podschwadt, R., Ghazvinian, P., GhasemiGol, M., Takabi, D. (2024). Memory Efficient Privacy-Preserving Machine Learning Based on Homomorphic Encryption. In: Pöpper, C., Batina, L. (eds) Applied Cryptography and Network Security. ACNS 2024. Lecture Notes in Computer Science, vol 14584. Springer, Cham. https://doi.org/10.1007/978-3-031-54773-7_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-54773-7_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-54772-0

  • Online ISBN: 978-3-031-54773-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation