Convolutions in Overdrive: Maliciously Secure Convolutions for MPC
Authors: Marc Rivinius (University of Stuttgart), Pascal Reisert (University of Stuttgart), Sebastian Hasler (University of Stuttgart), Ralf Küsters (University of Stuttgart)
Volume: 2023
Issue: 3
Pages: 321–353
DOI: https://doi.org/10.56553/popets-2023-0084
Abstract: Machine learning (ML) has seen a strong rise in popularity in recent years and has become an essential tool for research and industrial applications. Given the large amount of high quality data needed and the often sensitive nature of ML data, privacy-preserving collaborative ML is of increasing importance. In this paper, we introduce new actively secure multiparty computation (MPC) protocols which are specially optimized for privacy-preserving machine learning applications. We concentrate on the optimization of (tensor) convolutions which belong to the most commonly used components in ML architectures, especially in convolutional neural networks but also in recurrent neural networks or transformers, and therefore have a major impact on the overall performance. Our approach is based on a generalized form of structured randomness that speeds up convolutions in a fast online phase. The structured randomness is generated with homomorphic encryption using adapted and newly constructed packing methods for convolutions, which might be of independent interest. Overall our protocols extend the state-of-the-art Overdrive family of protocols (Keller et al., EUROCRYPT 2018). We implemented our protocols on-top of MP-SPDZ (Keller, CCS 2020) resulting in a full-featured implementation with support for faster convolutions. Our evaluation shows that our protocols outperform state-of-the-art actively secure MPC protocols on ML tasks like evaluating ResNet50 by a factor of 3 or more. Benchmarks for depthwise convolutions show order-of-magnitude speed-ups compared to existing approaches.
Keywords: secure multiparty computation, convolutions, neural networks
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.