Privacy-Preserving Inference of Machine Learning Models without Retraining

抄録

This work investigates the application of fully homomorphic encryption (FHE) to privacy-preserving machine learning, specifically focusing on reproducing traditional models and reusing existing parameters. Machine Learning as a Service (MLaaS) allows businesses to outsource machine learning tasks. However, ensuring data privacy in this context remains a significant challenge. Although many works propose a solution to this problem, none of them simultaneously meet our goal of security, privacy, consistency with existing architectures, and backward compatibility with existing training parameters. To tackle this issue, this research proposes a non-interactive, fully homomorphic encryption-based system for executing convolutional neural networks (CNNs) privately, ensuring that data remains encrypted throughout the entire process. The proposed system effectively manages homomorphic operations' restrictions and computational overhead. Experimental results demonstrate the robustness of the proposed system, achieving a high agreement with the plaintext model with only a minimal drop in accuracy on the CIFAR-10 and ImageNet datasets. These results highlight the minimal impact of encryption noise on model performance.