CN115345307A - Secure convolution neural network reasoning method and system on ciphertext image - Google Patents
Secure convolution neural network reasoning method and system on ciphertext image Download PDFInfo
- Publication number
- CN115345307A CN115345307A CN202211263823.4A CN202211263823A CN115345307A CN 115345307 A CN115345307 A CN 115345307A CN 202211263823 A CN202211263823 A CN 202211263823A CN 115345307 A CN115345307 A CN 115345307A
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- image
- random
- neural network
- relu
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computing arrangements using knowledge-based models
- G06N5/04—Inference or reasoning models
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- Physics & Mathematics (AREA)
- Computational Linguistics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Artificial Intelligence (AREA)
- Facsimile Transmission Control (AREA)
Abstract
The invention discloses a safe convolution neural network reasoning method and a system on a ciphertext image, and designs a splitting method for splitting an input image; based on the calculation specificity of the convolutional neural network, distributing the inference calculation to three servers for execution, wherein two servers are main calculation nodes, and one server is a ReLU auxiliary calculation node; the calculation protocol ensures that the calculation results of the two main calculation nodes are added to be a real convolution neural network reasoning result. Compared with the prior art, the invention does not need any encryption means and has smaller time overhead. For a user, simple operations such as splitting and merging are only needed to be performed on an input image, and the operation is more convenient and efficient compared with encryption and decryption operations. Server-side pre-computation is avoided, which also reduces overhead. The inference method provided by the invention does not need to use any encrypted primitive, so that the time for inference calculation is shorter; and no cryptographic computing power is required for the user. Compared with the prior art, the invention has stronger practicability.
Description
Technical Field
The invention belongs to the field of image processing, and relates to a secure convolution neural network reasoning method and system on a ciphertext image.
Background
The deep convolutional neural network becomes one of the most active and effective machine learning models, has become a basic model in the research fields of image recognition, image understanding, image generation and the like, and is widely applied to medical treatment, security, social networks and the like. The deep convolutional neural network is a multi-layer computational model, which is composed of convolutional layers, pooling layers, batch normalization (BatchNorm) layers, modified linear unit (ReLU) activation function layers, and the like. In the inference stage, the ReLU activation function and the max pooling layer perform non-linear calculations, and the rest of the layers are linear calculations, according to the calculation type.
Cloud computing service is widely applied to production and life as a basic software information service mode, and a brand-new service mode is generated by combining a deep neural network and a cloud computing technology: deep learning as a service (DLaaS), taking a convolutional neural network as an example, the basic service steps are as follows: deploying a deep convolutional neural network model at the cloud end by a cloud service provider or an enterprise user; the personal user uploads the private image data to the cloud; the cloud service provider uses data of an individual user as input to calculate a deep convolutional neural network model; the cloud service obtains a calculation result and sends the result to the individual user.
For individual users, the above service model faces a potential privacy disclosure risk. After the private data are uploaded to the cloud end by the individual user, access control to the data is lost, and the cloud service provider can obtain complete original data which are not subjected to encryption and other processing. Against this background, it is therefore highly desirable to propose techniques that can protect the privacy of the private data of the user when using deep learning as a service.
Aiming at the problems, a safe multi-party computing technology in cryptography is mainly adopted to design a safe reasoning scheme at present, and basic primitives comprise homomorphic encryption and a garbled circuit. Homomorphic encryption is a novel cryptosystem supporting cryptographic operation, and can enable a calculation executive party to complete algebraic operation (such as addition, multiplication and the like) on the premise of not contacting real data. The garbled circuits can also perform the same function, generally in two steps: the circuit construction and circuit execution generally need symmetric encryption, inadvertent transmission and other technologies to assist in completing the calculation.
The most advanced technical scheme at present is Delphi, which is a safe neural network reasoning scheme of a mixed homomorphic encryption and garbled circuit technology. The scheme has two participants: the user and the server provide data, the server provides a model, and the user and the server cooperate to complete inference calculation. Wherein, the linear part of the convolutional neural network is safely calculated by adopting homomorphic encryption; the obfuscation circuit is used for carrying out safe calculation on the nonlinear part of the convolutional neural network, and in addition, in order to assist in completing the protocol, a server is required to generate a large number of multiplication triples off line. However, the above schemes are all based on encryption technology, so the calculation cost is huge, and the practical use is not facilitated.
The main disadvantages of the prior art are mainly the following three points:
the time consumption is calculated. As is well known, the encryption algorithm has huge time overhead, and the deep convolutional neural network is a computation intensive model, so that the encryption-based deep convolutional neural network security inference scheme is slower by multiple orders of magnitude compared with the common inference scheme.
The user needs to participate in the calculation. In order to complete a computing protocol, users are required to participate, such as some encryption and decryption operations, and certain computing resources are also required for such computing. Many users do not have installed cryptographic software or insufficient computing resources and are therefore limited in use.
The server needs to pre-process the computation. For the cryptographic multiplication in the scheme, the server needs to pre-compute the generated multiplication triple, which brings additional computation overhead.
Disclosure of Invention
The invention aims to solve the problems that the inference method in the prior art is large in calculated amount and users need to master the encryption calculation capacity, and provides a secure convolution neural network inference method and a secure convolution neural network inference system on a ciphertext image.
In order to achieve the purpose, the invention adopts the following technical scheme to realize the purpose:
in a first aspect, the present invention provides a secure convolutional neural network inference method on a ciphertext image, including the following steps:
the main computing node receives ciphertext image information processed by a user, and computes a linear layer of the deep convolutional neural network according to the ciphertext image information to obtain a linear layer result;
the main computing node sends the linear layer result to the ReLU auxiliary computing node so that the ReLU auxiliary computing node can compute the computation result of the nonlinear layer ReLU of the deep convolutional neural network according to the linear layer result;
and the main computing node receives the computation result of the nonlinear layer ReLU of the deep convolutional neural network and sends the computation result of the nonlinear layer ReLU to the user, so that the inference of the ciphertext image is realized.
Preferably, the ciphertext image information processing by the user comprises the following steps:
splitting an original image into a plurality of ciphertext sub-images, and randomly selecting a random number as a random seed;
and combining the plurality of ciphertext sub-images with the random seeds respectively to obtain a plurality of sets, namely ciphertext image information.
Preferably, the step of splitting the original image into a plurality of ciphertext sub-images is as follows:
step 1, calculating an original imageMean value of,Calculating the original imageVariance of (2),WhereinAs an original imageEach pixel in totalA plurality of;
Step 3, generatingSum original imageRandom matrix with same sizeThe specific method comprises the following steps: original imageComprisesIndividual pixels, in turn, based on uniform distributionGeneratingThe random pixels form a random matrixWherein, in the process,;
Step 5, before calculationA ciphertext sub-image(ii) a First, theA ciphertext sub-image,The number of nodes is calculated for the master,。
preferably according to a uniform distribution, normal distribution or log positiveMethod for generating random matrix by state distribution。
wherein the content of the first and second substances,in order to be the weight of the model,in order to bias the model in a way that,is the ciphertext image information of the current layer.
Preferably, the result of the ReLU auxiliary computation node computing the ReLU of the non-linear layer of the deep convolutional neural network according to the result of the linear layer is as follows:
a. generating random disorder tablesSimultaneously recording the random disorder table of each element in the original sequencePosition in (2) to generate a reduced table;
b. Computing mask ciphertext subimagesAccording to a disorder tableComputing out-of-order ciphertext sub-imagesOut-of-order ciphertext subimagesSending the data to a ReLU auxiliary computing node; wherein the content of the first and second substances,,is composed ofEach of the plurality of ciphertext sub-images,in order to be a random mask, the mask is,as mask ciphertext sub-imageEach of the elements of (a) to (b),as ciphertext sub-image of maskTo (1)The value of each of the elements is,is an out-of-order tableTo (1)A value of each element;
c. ReLU auxiliary computing node selects a random seedIn uniform distributionGenerating anda ciphertext sub-imageRandom matrix of the same size as random perturbationEach random disturbanceThe specific generation method comprises the following steps:a ciphertext sub-imageComprisesIndividual pixels, in turn, based on uniform distributionGeneratingThe random pixels form random disturbance;
d. The ReLU auxiliary computing node receives the out-of-order ciphertext sub-images sent by each main computing nodeCalculating intermediate parameters;
e. If the intermediate parameterBefore calculationThe out-of-order ciphertext output is:calculating the firstThe out-of-order ciphertext output is:wherein, in the step (A),is as followsAn out-of-order sub-image of the ciphertext,is as followsAn out-of-order ciphertext sub-image; if the intermediate parameterBefore calculationThe out-of-order ciphertext output is:calculating the firstThe out-of-order ciphertext output is:will be calculatedOut-of-order ciphertext outputRespectively sending the data to each main computing node;
f. then according to the reduction tableCalculating to obtain a mask cipher text outputWherein, in the step (A),is composed ofOut-of-order ciphertext outputEach of the elements of (a) to (b),is composed ofOut-of-order ciphertext outputTo (1)The value of each of the elements is,to restore the watchToA value of each element; computing a ciphertext output result based on the mask ciphertext outputCompleting the calculation of nonlinear layer ReLU to obtain the cipher text output result(ii) a Wherein the true inference result。
each master computing node using the same random numberAs random seeds, according to uniform distributionGenerating anda ciphertext sub-imageUsing random matrix with same size as random mask(ii) a Then the sequences are combinedRandom disorder, generating random disorder table(ii) a Wherein the content of the first and second substances,is composed ofA ciphertext sub-imageThe number of the elements in the Chinese character 'Zhongqin'.
In a second aspect, the present invention provides a secure convolutional neural network inference system on a ciphertext image, comprising:
the linear result acquisition module is used for receiving ciphertext image information processed by a user through the main computing node, and calculating a linear layer of the deep convolutional neural network according to the ciphertext image information to obtain a linear layer result;
the nonlinear result acquisition module is used for sending the linear layer result to the ReLU auxiliary computing node by the main computing node so that the ReLU auxiliary computing node can compute the computation result of the nonlinear layer ReLU of the deep convolutional neural network according to the linear layer result;
and the ciphertext image inference module is used for receiving the calculation result of the nonlinear layer ReLU of the deep convolutional neural network by the main calculation node and sending the calculation result of the nonlinear layer ReLU to a user to realize the inference of the ciphertext image.
In a third aspect, the present invention provides a computer device comprising a memory storing a computer program and a processor implementing the steps of the secure convolutional neural network inference method on a ciphertext image when executing the computer program.
In a fourth aspect, the present invention provides a computer readable storage medium storing a computer program which, when executed by a processor, implements the steps of a secure convolutional neural network inference method on a ciphertext image.
Compared with the prior art, the invention has the following beneficial effects:
compared with the prior art, the safe convolutional neural network reasoning method on the ciphertext image, provided by the invention, has the advantages that the main computing node receives ciphertext image information processed by a user, calculates the linear layer of the deep convolutional neural network, and sends the linear layer result to the ReLU auxiliary computing node so that the ReLU auxiliary computing node can calculate the ReLU of the nonlinear layer according to the linear layer result. For a user, the input image is only needed to be simply processed, and compared with encryption and decryption operations, the method is more convenient and efficient, pre-calculation of a main calculation node is avoided, and the total cost is reduced. The inference method does not need to use any encryption primitive, is shorter in inference calculation time and has no requirement on encryption calculation capacity of a user.
Furthermore, simple operations such as splitting and merging are carried out on the input image, and compared with encryption and decryption operations, the operation is more convenient and efficient.
The secure convolution neural network reasoning system on the ciphertext image, provided by the invention, divides the system into a linear result acquisition module, a nonlinear result acquisition module and a ciphertext image reasoning module, adopts a modularization idea to enable the modules to be mutually independent, and is convenient for uniformly managing the modules.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention, and therefore should not be considered as limiting the scope, and those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
FIG. 1 is a flow chart of a secure convolutional neural network inference method on a ciphertext image.
Fig. 2 is a schematic diagram of the interaction flow between the user and the server in the security inference scheme of the present invention.
FIG. 3 is a diagram of a secure convolutional neural network inference system on a ciphertext image of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be obtained by a person skilled in the art without inventive step based on the embodiments of the present invention, are within the scope of protection of the present invention.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
In the description of the embodiments of the present invention, it should be noted that if the terms "upper", "lower", "horizontal", "inner", etc. are used for indicating the orientation or positional relationship based on the orientation or positional relationship shown in the drawings or the orientation or positional relationship which is usually arranged when the product of the present invention is used, the description is merely for convenience and simplicity, and the indication or suggestion that the referred device or element must have a specific orientation, be constructed and operated in a specific orientation, and thus, cannot be understood as limiting the present invention. Furthermore, the terms "first," "second," and the like are used merely to distinguish one description from another, and are not to be construed as indicating or implying relative importance.
The invention is described in further detail below with reference to the accompanying drawings:
the invention provides a secure convolution neural network reasoning method on a ciphertext image, which comprises the following steps as shown in figure 1:
s1, a main computing node receives ciphertext image information processed by a user, and a linear layer of a deep convolutional neural network is computed according to the ciphertext image information to obtain a linear layer result;
the steps of the ciphertext image information processed by the user are as follows:
splitting an original image into a plurality of ciphertext sub-images, and randomly selecting a random number as a random seed;
and combining the plurality of ciphertext sub-images with the random seeds respectively to obtain a plurality of sets, namely ciphertext image information.
The steps of splitting the original image into a plurality of ciphertext sub-images are as follows:
step 1, calculating an original imageMean value of,Calculating the original imageVariance of (2),WhereinAs an original imageEach pixel in totalA plurality of;
Step 3, generatingSum original imageRandom matrix with same sizeThe specific method comprises the following steps: original imageComprisesPixels, in turn, based on uniform distributionGeneratingThe random pixels form a random matrixWherein, in the process,;
Step 5, before calculationA ciphertext sub-image(ii) a First, theA ciphertext sub-image,The number of nodes is calculated for the master,。
generating random matrix according to uniform distribution, normal distribution or log-normal distribution method。
wherein, the first and the second end of the pipe are connected with each other,in order to be the weight of the model,in order to bias the model in a way that,is the ciphertext image information of the current layer.
S2, the main computing node sends the linear layer result to the ReLU auxiliary computing node so that the ReLU auxiliary computing node can compute the computation result of the nonlinear layer ReLU of the deep convolutional neural network according to the linear layer result;
the ReLU auxiliary computing node computes the computation result of the nonlinear layer ReLU of the deep convolutional neural network according to the linear layer result as follows:
a. generating random disorder tablesSimultaneously recording the random disorder table of each element in the original sequencePosition in (2) to generate a reduction table;
b. Computing mask ciphertext sub-imageAccording to a disorder tableComputing out-of-order ciphertext sub-imagesOut-of-order ciphertext subimagesSending the data to a ReLU auxiliary computing node; wherein the content of the first and second substances,,is composed ofEach of the plurality of ciphertext sub-images,in order to be a random mask, the mask is,as mask ciphertext sub-imageEach of the elements of (a) to (b),as ciphertext sub-image of maskToThe value of each of the elements is,is an out-of-order tableTo (1)A value of an element;
c. ReLU auxiliary computing node selects a random seedIn uniform distributionGenerating anda ciphertext sub-imageRandom matrix of the same size as random perturbationEach random disturbanceThe specific generation method comprises the following steps:a ciphertext sub-imageComprisesIndividual pixels, in turn, based on uniform distributionGeneratingThe random pixels form random disturbance;
d. The ReLU auxiliary computing node receives the out-of-order ciphertext sub-images sent by each main computing nodeCalculating intermediate parameters;
e. If the intermediate parameterThen before calculationThe out-of-order ciphertext output is:calculating the firstThe out-of-order ciphertext output is:wherein, in the process,is a firstAn out-of-order sub-image of the ciphertext,is a firstAn out-of-order ciphertext sub-image; if the intermediate parameterBefore calculationThe out-of-order ciphertext output is:calculating the firstThe out-of-order ciphertext output is:will be calculatedOut-of-order ciphertext outputRespectively sending the data to each main computing node;
f. then according to a reduction tableCalculating to obtain a mask cipher text outputWherein, in the step (A),is composed ofOut-of-order ciphertext outputEach of the elements of (a) to (b),is composed ofOut-of-order ciphertext outputToThe value of each of the elements is,to restore the watchToA value of an element; computing a ciphertext output result based on the mask ciphertext outputCompleting the calculation of the nonlinear layer ReLU to obtain the ciphertext output result(ii) a Wherein the true inference results。
each master computing node using the same random numberAs random seeds, according to uniform distributionGenerating anda ciphertext sub-imageRandom matrix with same size as random mask(ii) a Then the sequence is processedRandom disorder, generating random disorder table(ii) a Wherein the content of the first and second substances,is composed ofA ciphertext sub-imageThe number of the elements in the Chinese character 'Zhongqin'.
And S3, the main computing node receives the calculation result of the nonlinear layer ReLU of the deep convolutional neural network and sends the calculation result of the nonlinear layer ReLU to the user, so that the reasoning of the ciphertext image is realized.
The invention provides a secure convolution neural network reasoning method on a ciphertext image, which is suitable for n main computing nodes (a, b and c)) The complete steps are as follows:
firstly, executing a data transmitting stage of a user, and comprising the following 3 steps:
1. user will private original imageIs split intoA ciphertext sub-imageThe resolution method comprises the following steps:
a. computing an original imageMean value of,Calculating the original imageVariance of (2),In whichAs an original imageEach pixel of the pixelAnd (4) respectively.
c. GeneratingSum original imageRandom matrix with same sizeThe specific method comprises the following steps: original imageComprisesPixels, in turn, based on uniform distributionGeneratingThe random pixels form a random matrixWherein, in the step (A),(ii) a The random matrix may also be generated by replacing the uniform distribution in the above process with a normal distribution or a log-normal distributionAs long as the random matrix is guaranteedJust as random.
Secondly, executing a server computing stage, which comprises the following 3 steps:
2. Each layer of the deep convolutional neural network is computed in turn. Wherein, for the linear layer of the deep convolutional neural network, the linear layer result executed by each main computing nodeThe following:,in order to be the weight of the model,in order to bias the model, the bias of the model,is the ciphertext image information of the current layer,calculating the number of nodes for the master; for the nonlinear layer ReLU of the deep convolutional neural network, the computation performed by the ReLU-aided compute node is as follows:
a. each master computing node using the same random numberAs random seeds, according to uniform distributionGenerating anda ciphertext sub-imageRandom matrix with same size as random mask(ii) a Then the sequences are combinedRandom disorder, generating random disorder table(ii) a Wherein the content of the first and second substances,is composed ofA ciphertext sub-imageThe number of the elements in the original sequence is recorded, and the random disorder table of each element in the original sequence is recorded at the same timePosition in (2) to generate a reduced table。
b. Computing mask ciphertext subimagesAccording to a disorder tableComputing out-of-order ciphertext sub-imagesOut-of-order ciphertext subimagesSending the data to a ReLU auxiliary computing node; wherein, the first and the second end of the pipe are connected with each other,,is composed ofEach of the plurality of ciphertext sub-images,in order to be a random mask, the mask is,as mask ciphertext sub-imageEach of the elements of (a) to (b),as mask ciphertext sub-imageToThe value of each of the elements is,is an out-of-order tableToA value of each element;
c. ReLU auxiliary computing node selects a random seedIn uniform distributionGenerating anda ciphertext sub-imageRandom matrix of the same size as random disturbanceEach random disturbanceThe specific generation method comprises the following steps:a ciphertext sub-imageComprisesIndividual pixels, in turn, based on uniform distributionGeneratingThe random pixels form random disturbance;
d. The ReLU auxiliary computing node receives the out-of-order secret transmitted by each main computing nodeText imageCalculating intermediate parameters;
e. If the intermediate parameterBefore calculationThe out-of-order ciphertext output is:calculating the firstThe out-of-order ciphertext output is:wherein, in the process,is as followsAn out-of-order sub-image of the ciphertext,is as followsAn out-of-order ciphertext sub-image; if the intermediate parameterBefore calculationThe out-of-order ciphertext output is:calculating the firstThe out-of-order ciphertext output is:will be calculatedOut-of-order ciphertext outputRespectively sending the information to each main computing node;
f. then according to the reduction tableCalculating to obtain a mask cipher text outputWherein, in the step (A),is composed ofOut-of-order ciphertext outputEach of the elements of (a) to (b),is composed ofOut-of-order ciphertext outputTo (1)The value of each of the elements is,to restore the watchTo (1)A value of an element; computing a ciphertext output result based on the mask ciphertext outputAnd completing the calculation of the nonlinear layer ReLU.
3. Each main computing node respectively obtains a ciphertext output resultAnd the results are sent back to the user.
And (III) finally executing a user result reduction stage, which comprises the following 2 steps:
The invention provides a secure convolution neural network reasoning method on a ciphertext image, which comprises two main computing nodes and comprises the following complete steps: four entities are involved: the safe convolutional neural network reasoning method comprises three stages of: the method comprises a user data sending stage, a server calculation stage and a user result restoring stage.
Firstly, executing a data sending stage of a user, and comprising the following 3 steps:
1. user will privately make the original imageSplit into ciphertext sub-images 1And ciphertext sub-image 2The resolution method comprises the following steps:
a. computing an original imageIs recorded as the mean value of,Calculating the original imageThe variance of (A) is recorded as,WhereinAs an original imageEach pixel of the pixelAnd (4) respectively.
c. Generating a sum of original images in a uniform distributionRandom matrix with same sizeThe specific method comprises the following steps: original imageComprisesIndividual pixels, in turn, based on uniform distributionGeneratingEach random pixel forms a random matrixAlternatively, the random matrix may be generated according to a normal distribution or a lognormal distribution methodAs long as the random matrix is guaranteedJust as random.
Secondly, executing a server computing stage, which comprises the following 3 steps:
2. Each layer of the deep convolutional neural network is computed in turn. Wherein, for the linear layer of the deep convolutional neural network, the linear layer result executed by each main computing nodeThe following were used:,in order to be the weight of the model,in order to bias the model, the bias of the model,ciphertext image information of a current layer; for the nonlinear layer ReLU of the deep convolutional neural network, the computation performed by the ReLU-aided compute node is as follows:
a. each master computing node using the same random numberAs random seeds, first according to a uniform distributionGenerating and ciphertext sub-imagesUsing random matrix with same size as random mask(ii) a Then the sequences are combinedRandom disorder, generating random disorder tableSimultaneously recording the random disorder table of each element in the original sequencePosition in (2) to generate a reduction table(ii) a Wherein the content of the first and second substances,for ciphertext sub-imagesThe number of the elements in the Chinese herbal medicine composition,。
b. computing mask ciphertext sub-imageAccording to a disorder tableComputing out-of-order ciphertext sub-imagesOut-of-order ciphertext subimagesSending the data to a ReLU auxiliary computing node; wherein the content of the first and second substances,in order to be a random mask, the mask is,as mask ciphertext sub-imageEach of the elements of (a) to (b),as ciphertext sub-image of maskTo (1)The value of each of the elements is,is an out-of-order tableToA value of each element.
c. ReLU auxiliary computing node selects a random seedIn uniform distributionGenerating and ciphertext subimageRandom matrix of the same size as random perturbationRandom perturbationThe specific generation method comprises the following steps: ciphertext subimageComprisesIndividual pixels based on uniform distributionGeneratingThe random pixels constitute random disturbance。
d. The ReLU auxiliary computing node receives the out-of-order ciphertext sub-images sent by the two main computing nodesCalculating intermediate parameters。
e. If the intermediate parameterThen calculate the out-of-order ciphertext output 1 as:the out-of-order ciphertext output 2 is:(ii) a If the intermediate parameterThen calculate the out-of-order ciphertext output 1 as:the out-of-order ciphertext output 2 is:. Outputting the two out-of-order ciphertexts obtained by calculationRespectively, to two master computing nodes, wherein,in order to scramble the ciphertext image 1,is the scrambled ciphertext image 2.
f. Then according to the reduction tableCalculating to obtain a mask cipher text outputWhereinOutputting for two out-of-order ciphertextsEach of the elements of (a) to (b),output for two out-of-order ciphertextsToThe value of each of the elements is,to restore the watchToA value of each element; computing a ciphertext output result based on the mask ciphertext outputAnd completing the calculation of the nonlinear layer ReLU.
3. Two main computing nodes respectively obtain ciphertext output results 1And ciphertext output result 2And sending the cipher text output result back to the user.
And (III) finally executing a user result reduction stage, which comprises the following 2 steps:
TABLE 1 ciphertext image reasoning case
As shown in fig. 2, which is a schematic flow of interaction between a user and a server in the security inference scheme of the present invention, for the case of two main computing nodes: smiley faces represent users and clouds represent cloud providers, requiring three servers to participate. First, the user will encrypt the subimage 1Ciphertext subimage 2And a random numberOne and sent to both servers (primary compute nodes); then, the two servers are at the third server (ReLU auxiliary computing node)) With the help of (2), the inference calculation of the deep convolutional neural network is completed according to the step (II), and ciphertext output results 1 are respectively obtainedAnd ciphertext output result 2And the result is sent back to the user. The user outputs the ciphertext to the result 1 according to the steps in the stage (three)And ciphertext output result 1Adding to obtain true inference result. Thus, all reasoning is completed.
The invention provides a secure convolution neural network inference system on a ciphertext image, as shown in fig. 3, comprising:
the linear result acquisition module is used for receiving ciphertext image information processed by a user through the main computing node, and calculating a linear layer of the deep convolutional neural network according to the ciphertext image information to obtain a linear layer result;
the nonlinear result acquisition module is used for sending the linear layer result to the ReLU auxiliary calculation node by the main calculation node so that the ReLU auxiliary calculation node can calculate the calculation result of the ReLU of the nonlinear layer of the deep convolutional neural network according to the linear layer result;
and the ciphertext image reasoning module is used for receiving the calculation result of the nonlinear layer ReLU of the deep convolutional neural network by the main calculation node and sending the calculation result of the nonlinear layer ReLU to the user so as to realize the reasoning of the ciphertext image.
Compared with Delphi, the secure convolutional neural network reasoning method and system on the ciphertext image, provided by the invention, do not need any encryption means, and are relatively low in time overhead. For a user, simple operations such as splitting and merging are only needed to be performed on an input image, and the operation is more convenient and efficient compared with encryption and decryption operations. Server-side pre-computation is avoided, which also reduces the overhead. The inference method provided by the invention does not need to use any encryption primitive, so that the time for inference calculation is shorter; and no cryptographic computing power is required for the user. Compared with the prior art, the invention has stronger practicability.
The invention splits the input image, and designs a splitting method; based on the calculation specificity of the convolutional neural network, distributing the inference calculation to three server systems for execution, wherein two are main calculation nodes, and one is a ReLU auxiliary calculation node; designing a safe ReLU calculation protocol based on confusion and disorder; the calculation protocol of the stage (II) ensures that the addition of the calculation results of the two main calculation nodes is the true inference result of the convolutional neural network.
In an embodiment of the present invention, a terminal device includes: a processor, a memory, and a computer program stored in the memory and executable on the processor. The processor realizes the steps of the above method embodiments when executing the computer program. Alternatively, the processor implements the functions of the modules/units in the above device embodiments when executing the computer program.
The computer program may be partitioned into one or more modules/units that are stored in the memory and executed by the processor to implement the invention.
The terminal device can be a desktop computer, a notebook, a palm computer, a cloud server and other computing devices. The terminal device may include, but is not limited to, a processor, a memory.
The Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, etc.
The memory may be used to store the computer programs and/or modules, and the processor may implement various functions of the terminal device by executing or executing the computer programs and/or modules stored in the memory and calling data stored in the memory.
The modules/units integrated in the terminal device may be stored in a computer-readable storage medium if they are implemented in the form of software functional units and sold or used as separate products. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, read-Only Memory (ROM), random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer-readable medium may contain suitable additions or subtractions depending on the requirements of legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer-readable media may not include electrical carrier signals or telecommunication signals in accordance with legislation and patent practice.
The above is only a preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes will occur to those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A secure convolution neural network reasoning method on a ciphertext image is characterized by comprising the following steps:
the main computing node receives ciphertext image information processed by a user, and computes a linear layer of the deep convolutional neural network according to the ciphertext image information to obtain a linear layer result;
the main computing node sends the linear layer result to the ReLU auxiliary computing node, so that the ReLU auxiliary computing node can compute the computation result of the ReLU of the nonlinear layer of the deep convolutional neural network according to the linear layer result;
and the main computing node receives the computation result of the nonlinear layer ReLU of the deep convolutional neural network and sends the computation result of the nonlinear layer ReLU to the user, so that the inference of the ciphertext image is realized.
2. The secure convolutional neural network inference method on ciphertext images as claimed in claim 1, wherein the user-processed ciphertext image information steps are as follows:
splitting an original image into a plurality of ciphertext sub-images, and randomly selecting a random number as a random seed;
and combining the plurality of ciphertext sub-images with the random seeds respectively to obtain a plurality of sets, namely ciphertext image information.
3. The secure convolutional neural network inference method on ciphertext images as claimed in claim 2, wherein the step of splitting the original image into a plurality of ciphertext sub-images is as follows:
step 1, calculating an original imageMean value of,Calculating the original imageVariance of (2),WhereinAs an original imageEach pixel of the pixelA plurality of;
Step 3, generatingSum original imageRandom matrix with same sizeThe specific method comprises the following steps: original imageComprisesPixels, in turn, based on uniform distributionGeneratingEach random pixel forms a random matrixWherein, in the process,;
5. The secure convolutional neural network inference method on ciphertext images of claim 3, wherein the linear layer resultThe following:
6. The secure convolutional neural network inference method on ciphertext images as claimed in claim 5, wherein the ReLU auxiliary computation node computes the computation result of the ReLU of the nonlinear layer of the deep convolutional neural network according to the linear layer result as follows:
a. generating random disorder tablesAt the same timeRecording each element in the original sequence in a random disorder tablePosition in (2) to generate a reduction table;
b. Computing mask ciphertext sub-imageAccording to a disorder tableComputing out-of-order ciphertext sub-imagesOut-of-order ciphertext subimagesSending the data to a ReLU auxiliary computing node; wherein, the first and the second end of the pipe are connected with each other,,is composed ofA number of the ciphertext sub-images,in order to be a random mask, the mask is,as ciphertext sub-image of maskEach of the elements of (a) to (b),as mask ciphertext sub-imageToThe value of each of the elements is,is an out-of-order tableTo (1)A value of an element;
c. ReLU auxiliary computing node selects a random seedIn uniform distributionGenerating anda ciphertext sub-imageRandom matrix of the same size as random perturbationEach random disturbanceThe specific generation method comprises the following steps:a ciphertext sub-imageComprisesPixels, in turn, based on uniform distributionGeneratingThe random pixels constitute random disturbance;
d. The ReLU auxiliary computing node receives the out-of-order ciphertext sub-images sent by each main computing nodeCalculating intermediate parameters;
e. If the intermediate parameterThen before calculationThe out-of-order ciphertext output is:calculating the firstThe out-of-order ciphertext output is:wherein, in the step (A),is a firstAn out-of-order sub-image of the ciphertext,is as followsAn out-of-order ciphertext sub-image; if the intermediate parameterBefore calculationThe out-of-order ciphertext output is:calculating the firstThe out-of-order ciphertext output is:will be calculatedOut-of-order ciphertext outputRespectively sending the data to each main computing node;
f. then according to the reduction tableCalculating to obtain a mask cipher text outputWherein, in the step (A),is composed ofOut-of-order ciphertext outputEach of the elements of (a) to (b),is composed ofOut-of-order ciphertext outputTo (1)The value of each of the elements is,to restore the watchToA value of an element; computing a ciphertext output result based on the mask ciphertext outputCompleting the calculation of nonlinear layer ReLU to obtain the cipher text output result(ii) a Wherein the true inference results。
7. The secure convolutional neural network inference method on ciphertext images of claim 6, wherein a random disorder table is generatedComprises the following steps:
each master computing node using the same random numberAs random seeds, according to uniform distributionGenerating anda ciphertext sub-imageRandom matrix with same size as random mask(ii) a Then the sequences are combinedRandom disorder, generating random disorder table(ii) a Wherein the content of the first and second substances,is composed ofA ciphertext sub-imageThe number of the elements in the Chinese character 'Zhongqin'.
8. A secure convolutional neural network inference system on a ciphertext image, comprising:
the linear result acquisition module is used for receiving ciphertext image information processed by a user through the main computing node, and calculating a linear layer of the deep convolutional neural network according to the ciphertext image information to obtain a linear layer result;
the nonlinear result acquisition module is used for sending the linear layer result to the ReLU auxiliary computing node by the main computing node so that the ReLU auxiliary computing node can compute the computation result of the nonlinear layer ReLU of the deep convolutional neural network according to the linear layer result;
and the ciphertext image inference module is used for receiving the calculation result of the nonlinear layer ReLU of the deep convolutional neural network by the main calculation node and sending the calculation result of the nonlinear layer ReLU to a user to realize the inference of the ciphertext image.
9. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor when executing the computer program implements the steps of the secure convolutional neural network inference method on ciphertext images as claimed in any one of claims 1 to 7.
10. A computer-readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the steps of the secure convolutional neural network inference method on ciphertext images of any of claims 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211263823.4A CN115345307B (en) | 2022-10-17 | 2022-10-17 | Secure convolution neural network reasoning method and system on ciphertext image |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211263823.4A CN115345307B (en) | 2022-10-17 | 2022-10-17 | Secure convolution neural network reasoning method and system on ciphertext image |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115345307A true CN115345307A (en) | 2022-11-15 |
CN115345307B CN115345307B (en) | 2023-02-14 |
Family
ID=83957095
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211263823.4A Active CN115345307B (en) | 2022-10-17 | 2022-10-17 | Secure convolution neural network reasoning method and system on ciphertext image |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115345307B (en) |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140164772A1 (en) * | 2012-12-07 | 2014-06-12 | At&T Intellectual Property I, L.P. | Augmented reality based privacy and decryption |
US20190065974A1 (en) * | 2017-08-30 | 2019-02-28 | Axell Corporation | Inference device, inference system, and inference method |
US20200235908A1 (en) * | 2017-11-27 | 2020-07-23 | Mitsubishi Electric Corporation | Homomorphic inference device, homomorphic inference method, computer readable medium, and privacy-preserving information processing system |
CN111444522A (en) * | 2020-03-19 | 2020-07-24 | 南昌大学 | Random blocking chaotic image encryption method |
CN112906715A (en) * | 2021-02-19 | 2021-06-04 | 电子科技大学 | Safety image feature extraction and classification method based on deep neural network |
CN114003961A (en) * | 2021-12-03 | 2022-02-01 | 青岛大学 | Deep neural network reasoning method with privacy protection |
CN114912132A (en) * | 2022-05-11 | 2022-08-16 | 南京大学 | Method for realizing privacy protection convolutional neural network reasoning based on model conversion |
-
2022
- 2022-10-17 CN CN202211263823.4A patent/CN115345307B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140164772A1 (en) * | 2012-12-07 | 2014-06-12 | At&T Intellectual Property I, L.P. | Augmented reality based privacy and decryption |
US20190065974A1 (en) * | 2017-08-30 | 2019-02-28 | Axell Corporation | Inference device, inference system, and inference method |
US20200235908A1 (en) * | 2017-11-27 | 2020-07-23 | Mitsubishi Electric Corporation | Homomorphic inference device, homomorphic inference method, computer readable medium, and privacy-preserving information processing system |
CN111444522A (en) * | 2020-03-19 | 2020-07-24 | 南昌大学 | Random blocking chaotic image encryption method |
CN112906715A (en) * | 2021-02-19 | 2021-06-04 | 电子科技大学 | Safety image feature extraction and classification method based on deep neural network |
CN114003961A (en) * | 2021-12-03 | 2022-02-01 | 青岛大学 | Deep neural network reasoning method with privacy protection |
CN114912132A (en) * | 2022-05-11 | 2022-08-16 | 南京大学 | Method for realizing privacy protection convolutional neural network reasoning based on model conversion |
Non-Patent Citations (4)
Title |
---|
VIKTOR M. LIDKEA 等: "Convolutional Neural Network Framework for Encrypted Image Classification in Cloud-Based ITS", 《IEEE》 * |
刘飞: "安全的神经网络计算及应用", 《硕士电子期刊》 * |
石晓玲等: "基于卷积神经网络的交通监控模糊图像复原技术", 《智能城市》 * |
谢四江等: "基于同态加密的卷积神经网络前向传播方法", 《计算机应用与软件》 * |
Also Published As
Publication number | Publication date |
---|---|
CN115345307B (en) | 2023-02-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Giacomelli et al. | Privacy-preserving ridge regression with only linearly-homomorphic encryption | |
EP3075098B1 (en) | Server-aided private set intersection (psi) with data transfer | |
US9331984B2 (en) | Secret sharing method and system | |
CN107196926B (en) | Cloud outsourcing privacy set comparison method and device | |
CN113518092B (en) | Set intersection method for realizing multi-party privacy | |
CN110580409B (en) | Model parameter determining method and device and electronic equipment | |
CN109214201A (en) | A kind of data sharing method, terminal device and computer readable storage medium | |
Gupta et al. | Single secret image sharing scheme using neural cryptography | |
WO2018099577A1 (en) | System and method for providing a collective decentralized authority for sharing sensitive data | |
CN113179158B (en) | Multi-party combined data processing method and device for controlling bandwidth | |
CN112668046A (en) | Feature interleaving method, apparatus, computer-readable storage medium, and program product | |
Roman’kov | Cryptanalysis of a combinatorial public key cryptosystem | |
Lyu | Lightweight crypto-assisted distributed differential privacy for privacy-preserving distributed learning | |
CN115037439A (en) | Multi-party privacy set intersection method and system suitable for small set | |
CN115994559A (en) | Efficient method for converting unintentional neural network | |
CN115345307B (en) | Secure convolution neural network reasoning method and system on ciphertext image | |
CN117355834A (en) | Privacy-secure bulk retrieval using private information retrieval and secure multiparty computing | |
TWI746296B (en) | Homomorphic multi-level visual image encryption system and method and its application | |
Zhou et al. | A survey of security aggregation | |
CN115150055A (en) | Privacy protection ridge regression method based on homomorphic encryption | |
Debbarma et al. | 2D Chaos based color image encryption using pseudorandom key generation | |
Thanikaiselvan et al. | Encrypting multiple images using stacked autoencoders | |
Mancy et al. | Protection of encrypted medical image using consent based access control | |
CN111368309A (en) | Information processing method, system and equipment | |
Wang et al. | Improving the proof of “Privacy-preserving attribute-keyword based data publish-subscribe service on cloud platforms” |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |