CryptoNAS: Private Inference on a ReLU Budget
- URL: http://arxiv.org/abs/2006.08733v2
- Date: Thu, 13 May 2021 16:52:51 GMT
- Title: CryptoNAS: Private Inference on a ReLU Budget
- Authors: Zahra Ghodsi, Akshaj Veldanda, Brandon Reagen, Siddharth Garg
- Abstract summary: Existing models are ill-suited for private inference (PI): methods to process inferences without disclosing inputs.
This paper makes the observation that existing models are ill-suited for PI and proposes a novel NAS method, named CryptoNAS, for finding and tailoring models to the needs of PI.
We develop the idea of a ReLU budget as a proxy for inference latency and use CryptoNAS to build models that maximize accuracy within a given budget.
- Score: 8.8438567779565
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Machine learning as a service has given raise to privacy concerns surrounding
clients' data and providers' models and has catalyzed research in private
inference (PI): methods to process inferences without disclosing inputs.
Recently, researchers have adapted cryptographic techniques to show PI is
possible, however all solutions increase inference latency beyond practical
limits. This paper makes the observation that existing models are ill-suited
for PI and proposes a novel NAS method, named CryptoNAS, for finding and
tailoring models to the needs of PI. The key insight is that in PI operator
latency cost are non-linear operations (e.g., ReLU) dominate latency, while
linear layers become effectively free. We develop the idea of a ReLU budget as
a proxy for inference latency and use CryptoNAS to build models that maximize
accuracy within a given budget. CryptoNAS improves accuracy by 3.4% and latency
by 2.4x over the state-of-the-art.
Related papers
- Towards Fast and Scalable Private Inference [2.2702420046035865]
New paradigm of computing exists, which we refer to as privacy-preserving (PPC)
PPC technologies can be leveraged for secure outsourced computation or to enable two parties to compute without revealing either users' secret data.
Despite their phenomenal potential to revolutionize user protection in the digital age, the realization has been limited due to exorbitant computational, communication, and storage overheads.
arXiv Detail & Related papers (2023-07-09T00:55:30Z) - $\beta$-DARTS++: Bi-level Regularization for Proxy-robust Differentiable
Architecture Search [96.99525100285084]
Regularization method, Beta-Decay, is proposed to regularize the DARTS-based NAS searching process (i.e., $beta$-DARTS)
In-depth theoretical analyses on how it works and why it works are provided.
arXiv Detail & Related papers (2023-01-16T12:30:32Z) - TAN Without a Burn: Scaling Laws of DP-SGD [70.7364032297978]
Differentially Private methods for training Deep Neural Networks (DNNs) have progressed recently.
We decouple privacy analysis and experimental behavior of noisy training to explore the trade-off with minimal computational requirements.
We apply the proposed method on CIFAR-10 and ImageNet and, in particular, strongly improve the state-of-the-art on ImageNet with a +9 points gain in top-1 accuracy.
arXiv Detail & Related papers (2022-10-07T08:44:35Z) - Selective Network Linearization for Efficient Private Inference [49.937470642033155]
We propose a gradient-based algorithm that selectively linearizes ReLUs while maintaining prediction accuracy.
The results demonstrate up to $4.25%$ more accuracy (iso-ReLU count at 50K) or $2.2times$ less latency (iso-accuracy at 70%) than the current state of the art.
arXiv Detail & Related papers (2022-02-04T19:00:24Z) - Sphynx: ReLU-Efficient Network Design for Private Inference [49.73927340643812]
We focus on private inference (PI), where the goal is to perform inference on a user's data sample using a service provider's model.
Existing PI methods for deep networks enable cryptographically secure inference with little drop in functionality.
This paper presents Sphynx, a ReLU-efficient network design method based on micro-search strategies for convolutional cell design.
arXiv Detail & Related papers (2021-06-17T18:11:10Z) - Circa: Stochastic ReLUs for Private Deep Learning [6.538025863698682]
We re-think the ReLU computation and propose optimizations for PI tailored to neural networks.
Specifically, we reformulate ReLU as an approximate sign test and introduce a novel truncation method for the sign test.
We demonstrate improvements of up to 4.7x storage and 3x runtime over baseline implementations.
arXiv Detail & Related papers (2021-06-15T22:52:45Z) - DeepReDuce: ReLU Reduction for Fast Private Inference [6.538025863698682]
Recent rise of privacy concerns has led researchers to devise methods for private neural inference.
computing on encrypted data levies an impractically-high latency penalty.
This paper proposes DeepReDuce: a set of optimizations for the judicious removal of ReLUs to reduce private inference latency.
arXiv Detail & Related papers (2021-03-02T01:16:53Z) - Faster Secure Data Mining via Distributed Homomorphic Encryption [108.77460689459247]
Homomorphic Encryption (HE) is receiving more and more attention recently for its capability to do computations over the encrypted field.
We propose a novel general distributed HE-based data mining framework towards one step of solving the scaling problem.
We verify the efficiency and effectiveness of our new framework by testing over various data mining algorithms and benchmark data-sets.
arXiv Detail & Related papers (2020-06-17T18:14:30Z) - CryptoSPN: Privacy-preserving Sum-Product Network Inference [84.88362774693914]
We present a framework for privacy-preserving inference of sum-product networks (SPNs)
CryptoSPN achieves highly efficient and accurate inference in the order of seconds for medium-sized SPNs.
arXiv Detail & Related papers (2020-02-03T14:49:18Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.