Certified Private Inference on Neural Networks via Lipschitz-Guided Abstraction Refinement⋆

Edoardo Manino; Bernardo Magri; Mustafa A. Mustafa; Lucas C. Cordeiro

Certified Private Inference on Neural Networks via Lipschitz-Guided Abstraction Refinement⋆

Research output: Chapter in Book/Conference proceeding › Conference contribution › peer-review

90 Downloads (Pure)

Abstract

Private inference on neural networks requires running all the computation on encrypted data. Unfortunately, neural networks contain a large number of non-arithmetic operations, such as ReLU activation functions and max pooling layers, which incur a high latency cost in their encrypted form. To address this issue, the majority of private inference methods replace some or all of the non-arithmetic operations with a polynomial approximation. This step introduces approximation errors that can substantially alter the output of the neural network and decrease its predictive performance. In this paper, we propose a Lipschitz-Guided Abstraction Refinement method (LiGAR), which provides strong guarantees on the global approximation error. Our method is iterative, and leverages state-of-the-art Lipschitz constant estimation techniques to produce increasingly tighter bounds on the worst-case error. At each iteration, LiGAR designs the least expensive polynomial approximation by solving the dual of the corresponding optimization problem. Our preliminary experiments show that LiGAR can easily converge to the optimum on medium-sized neural networks.

Original language	English
Title of host publication	6th Workshop on Formal Methods for ML-Enabled Autonomous Systems (FoMLAS 2023), July 17 - 18, 2023, Paris, France
Publication status	Accepted/In press - 6 Jun 2023

Keywords

Privacy-Preserving Machine Learning
Homomorphic Encryption
Deep Neural Networks
Lipschitz Constant
Polynomial Approximation
Abstract Interpretation

Access to Document

Certified_Private_Inference_on_Neural_Networks_(revised)Accepted author manuscript, 552 KB

EnnCore: End-to-End Conceptual Guarding of Neural Architectures
Cordeiro, L. (PI), Brown, G. (CoI), Freitas, A. (CoI), Luján, M. (CoI) & Mustafa, M. (CoI)
1/02/21 → 31/12/25
Project: Research

Cite this

@inproceedings{a55fc3b11f454546a3da9f8ad90c811e,

title = "Certified Private Inference on Neural Networks via Lipschitz-Guided Abstraction Refinement⋆",

abstract = "Private inference on neural networks requires running all the computation on encrypted data. Unfortunately, neural networks contain a large number of non-arithmetic operations, such as ReLU activation functions and max pooling layers, which incur a high latency cost in their encrypted form. To address this issue, the majority of private inference methods replace some or all of the non-arithmetic operations with a polynomial approximation. This step introduces approximation errors that can substantially alter the output of the neural network and decrease its predictive performance. In this paper, we propose a Lipschitz-Guided Abstraction Refinement method (LiGAR), which provides strong guarantees on the global approximation error. Our method is iterative, and leverages state-of-the-art Lipschitz constant estimation techniques to produce increasingly tighter bounds on the worst-case error. At each iteration, LiGAR designs the least expensive polynomial approximation by solving the dual of the corresponding optimization problem. Our preliminary experiments show that LiGAR can easily converge to the optimum on medium-sized neural networks. ",

keywords = "Privacy-Preserving Machine Learning, Homomorphic Encryption, Deep Neural Networks, Lipschitz Constant, Polynomial Approximation, Abstract Interpretation",

author = "Edoardo Manino and Bernardo Magri and Mustafa, \{Mustafa A.\} and Cordeiro, \{Lucas C.\}",

year = "2023",

month = jun,

day = "6",

language = "English",

booktitle = "6th Workshop on Formal Methods for ML-Enabled Autonomous Systems (FoMLAS 2023), July 17 - 18, 2023, Paris, France",

}

Certified Private Inference on Neural Networks via Lipschitz-Guided Abstraction Refinement⋆. / Manino, Edoardo ; Magri, Bernardo ; Mustafa, Mustafa A. et al.
6th Workshop on Formal Methods for ML-Enabled Autonomous Systems (FoMLAS 2023), July 17 - 18, 2023, Paris, France. 2023.

Research output: Chapter in Book/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Certified Private Inference on Neural Networks via Lipschitz-Guided Abstraction Refinement⋆

AU - Manino, Edoardo

AU - Magri, Bernardo

AU - Mustafa, Mustafa A.

AU - Cordeiro, Lucas C.

PY - 2023/6/6

Y1 - 2023/6/6

N2 - Private inference on neural networks requires running all the computation on encrypted data. Unfortunately, neural networks contain a large number of non-arithmetic operations, such as ReLU activation functions and max pooling layers, which incur a high latency cost in their encrypted form. To address this issue, the majority of private inference methods replace some or all of the non-arithmetic operations with a polynomial approximation. This step introduces approximation errors that can substantially alter the output of the neural network and decrease its predictive performance. In this paper, we propose a Lipschitz-Guided Abstraction Refinement method (LiGAR), which provides strong guarantees on the global approximation error. Our method is iterative, and leverages state-of-the-art Lipschitz constant estimation techniques to produce increasingly tighter bounds on the worst-case error. At each iteration, LiGAR designs the least expensive polynomial approximation by solving the dual of the corresponding optimization problem. Our preliminary experiments show that LiGAR can easily converge to the optimum on medium-sized neural networks.

AB - Private inference on neural networks requires running all the computation on encrypted data. Unfortunately, neural networks contain a large number of non-arithmetic operations, such as ReLU activation functions and max pooling layers, which incur a high latency cost in their encrypted form. To address this issue, the majority of private inference methods replace some or all of the non-arithmetic operations with a polynomial approximation. This step introduces approximation errors that can substantially alter the output of the neural network and decrease its predictive performance. In this paper, we propose a Lipschitz-Guided Abstraction Refinement method (LiGAR), which provides strong guarantees on the global approximation error. Our method is iterative, and leverages state-of-the-art Lipschitz constant estimation techniques to produce increasingly tighter bounds on the worst-case error. At each iteration, LiGAR designs the least expensive polynomial approximation by solving the dual of the corresponding optimization problem. Our preliminary experiments show that LiGAR can easily converge to the optimum on medium-sized neural networks.

KW - Privacy-Preserving Machine Learning

KW - Homomorphic Encryption

KW - Deep Neural Networks

KW - Lipschitz Constant

KW - Polynomial Approximation

KW - Abstract Interpretation

M3 - Conference contribution

BT - 6th Workshop on Formal Methods for ML-Enabled Autonomous Systems (FoMLAS 2023), July 17 - 18, 2023, Paris, France

ER -

Certified Private Inference on Neural Networks via Lipschitz-Guided Abstraction Refinement⋆

Abstract

Keywords

Access to Document

Fingerprint

Projects

EnnCore: End-to-End Conceptual Guarding of Neural Architectures

Cite this