| 引用本文: |
-
唐涛,徐海霞,董业,周胤昌,唐锦凌.针对特征纵向分布场景的多方协同安全推理[J].信息安全学报,已采用 [点击复制]
- TANG Tao,XU Haixia,DONG Ye,ZHOU Yinchang,TANG Jinling.Multi-Party Collaborative Secure Inference Protocols for Vertically Distributed Feature Scenarios[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 近年来,基于云存储的神经网络预测服务已经成为人工智能行业的主流发展趋势,并广泛应用于多种场景。在该技术快速普及的同时,随之而来的是一系列隐私问题:如用户的数据敏感性、模型的泄露风险等。基于安全两方计算的推理协议为这些挑战提供了解决方案,保障了神经网络计算过程中的信息保密性和完整性。然而,在特征纵向分布的多方应用场景中,由于每个客户端可能采用不同的技术标准、数据格式和处理协议,导致跨平台、跨组织的数据融合与并发处理更具困难性和不可预知性,目前鲜有研究。基于上述问题和挑战,本文提出了 VSecNN,由单服务器与多客户端协同计算的神经网络联合推理协议。在处理线性层的过程中,通过同态加密技术实现高效矩阵乘法,针对非线性层则结合混淆电路和茫然传输技术实现激活函数的安全计算,每一层计算结果均以加法秘密共享的形式由客户端和服务器分别持有。该协议遵循相对独立的两阶段范式,其中绝大部分计算成本集中于输入无关的预处理阶段,在线阶段仅需两轮通信:一轮用于掩码特征的输入,一轮用于推理结果的输出。实验结果表明,与基于通用 MPC 框架 MP-SPDZ(ACM CCS""20) 构建的解决方案相比,VSecNN 在特征纵向分布场景下的协同推理过程更具高效性和稳定性,同时大幅节省了系统开销与资源消耗。进一步实验表明该方法在极低精度误差(0.7%)的情况下能够完成所有样本的精确推理,相较于传统两方推理的预测准确率实现了显著提升。 |
| 关键词: 多方协同安全推理 隐私保护 安全多方计算 同态加密 混淆电路 |
| DOI: |
| 投稿时间:2023-12-13修订日期:2024-03-20 |
| 基金项目: |
|
| Multi-Party Collaborative Secure Inference Protocols for Vertically Distributed Feature Scenarios |
|
TANG Tao, XU Haixia, DONG Ye, ZHOU Yinchang, TANG Jinling
|
| (INSTITUTE OF INFORMATION ENGINEERING,CAS) |
| Abstract: |
| In recent years, cloud-based neural network prediction services have become the dominant developmental trend in the artificial intelligence industry, with extensive application across a variety of scenarios. The rapid proliferation of this technology has been accompanied by a series of privacy concerns, such as the sensitivity of user data and the risk of model disclosure. Secure two-party computation protocols for inference provide solutions to these chal-lenges by safeguarding the confidentiality and integrity of information during computational processes. However, in multi-party applications with vertically distributed features, the potential for disparate technical standards, data formats, and processing protocols among clients intensifies the complexity and unpredictability of cross-platform and cross-organizational data integration and concurrent processing, with limited research addressing these issues to date. Addressing the aforementioned problems and challenges, this paper introduces VSecNN, a cooperative neural network inference protocol executed by a single server and multiple clients. For linear layers, the protocol employs homomorphic encryption to facilitate efficient matrix multiplication, while for non-linear layers, it inte-grates garbled circuits and oblivious transfer techniques to securely compute activation functions, with each layer’s results securely shared between the client and server via additive secret sharing. The protocol adheres to a two-phase paradigm that is relatively independent, concentrating the bulk of computational costs in an in-put-independent preprocessing stage, with the online phase necessitating only two rounds of interaction: one for the input of masked features and another for the output of inference results. Comparative experiments demonstrate that VSecNN significantly enhances efficiency and stability in the collaborative inference process within vertically dis-tributed feature scenarios, while substantially reducing system communication overhead and resource utilization, compared to solutions built upon the general MPC framework MP-SPDZ (ACM CCS""20). Further experimentation indicates that the method can accurately infer across all samples with minimal precision error (0.7%), marking a notable improvement in prediction accuracy over traditional two-party inference. |
| Key words: multi-party collaborative secure inference privacy preserving secure multi-party computation homomorphic en-cryption garbled circuits |
