Intellectual Property Protection for Distributed Neural Networks - Towards Confidentiality of Data, Model, and Inference

Laurent Gomez, Alberto Ibarrondo, José Márquez, Patrick Duverger
2018 Proceedings of the 15th International Joint Conference on e-Business and Telecommunications  
Capitalizing on recent advances on HPC, GPUs, GPGPUs along with the rising amounts of publicly available labeled data; (Deep) Neural Networks (NN) have and will revolutionize virtually every current application domain as well as enable novel ones such as those on recognition, autonomous, predictive, resilient, selfmanaged, adaptive, and evolving applications. Nevertheless, it is to point out that NN training is rather resource intensive in data, time and energy; turning the resulting trained
more » ... els into valuable assets representing an Intellectual Property (IP) imperatively worth of being protected. Furthermore, in the wake of Edge computing, NNs are being progressively deployed across decentralized landscapes; as a consequence, IP owners take very seriously the protection of their NN based software products. In this paper we propose to leverage Fully Homomorphic Encryption (FHE) to protect simultaneously the IP of trained NN based software, as well as the input data and inferences. Within the context of a smart city scenario, we outline our NN model-agnostic approach, approximating and decomposing the NN operations into linearized transformations while employing a Single Instruction Multiple Data (SIMD) for vectorizing operations. NOMENCLATURE v,v,V Scalar, Vector, Matrix/Tensor t pub Tensor t encrypted with key pub
doi:10.5220/0006854703130320 dblp:conf/icete/GomezIMD18 fatcat:nx27qgkhkfgg7lrm4ybxo65q2q