Privacy-preserving and verifiable convolution neural network inference and training in cloud computing

Journal Article (2025)
Author(s)

Wei Cao (Qingdao University)

Wenting Shen (Qingdao University)

Jing Qin (Shandong University - Jinan)

Hao Lin (TU Delft - Electrical Engineering, Mathematics and Computer Science)

Research Group
Cyber Security
DOI related publication
https://doi.org/10.1016/j.future.2024.107560 Final published version
More Info
expand_more
Publication Year
2025
Language
English
Research Group
Cyber Security
Bibliographical Note
Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.
Journal title
Future Generation Computer Systems
Volume number
164
Article number
107560
Downloads counter
126
Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Abstract

With the rapid development of cloud computing, outsourcing massive data and complex deep learning model to cloud servers (CSs) has become a popular trend, which also brings some security problems. One is that the model stored in the CSs may be corrupted, leading to incorrect inference and training results. The other is that the privacy of outsourced data and model may be compromised. However, existing privacy-preserving and verifiable inference schemes suffer from low detection probability, high communication overhead and substantial computational time. To solve the above problems, we propose a privacy-preserving and verifiable scheme for convolutional neural network inference and training in cloud computing. In our scheme, the model owner generates the authenticators for model parameters before uploading the model to CSs. In the phase of model integrity verification, model owner and user can utilize these authenticators to check model integrity with high detection probability. Furthermore, we design a set of privacy-preserving protocols based on replicated secret sharing for both the inference and training phases, significantly reducing communication overhead and computational time. Through security analysis, we demonstrate that our scheme is secure. Experimental evaluations show that the proposed scheme outperforms existing schemes in privacy-preserving inference and model integrity verification.

Files

1-s2.0-S0167739X24005247-main.... (pdf)
(pdf | 3.24 Mb)
- Embargo expired in 19-04-2025
License info not available