通信学报 ›› 2024, Vol. 45 ›› Issue (4): 27-38.doi: 10.11959/j.issn.1000-436x.2024025

• 学术论文 • 上一篇    下一篇

基于秘密共享的轻量级隐私保护ViT推理框架

马敏1,2, 付钰1(), 黄凯3, 贾潇风4   

  1. 1.海军工程大学信息安全系, 湖北 武汉 430033
    2.湖北开放大学软件工程学院, 湖北 武汉 430074
    3.国防大学联合作战学院, 河北 石家庄 050084
    4.浙江工商大学计算机科学与技术学院, 浙江 杭州 310018
  • 收稿日期:2023-11-02 修回日期:2023-12-14 出版日期:2024-04-30 发布日期:2024-05-27
  • 通讯作者: 付钰 E-mail:fuyu0219@163.com
  • 作者简介:马敏 (1979- ),女,江苏扬州人,海军工程大学博士生,主要研究方向为信息安全、人工智能。
    付钰 (1982- ),女,湖北武汉人,博士,海军工程大学教授、博士生导师,主要研究方向为信息安全、人工智能。
    黄凯 (1986- ),男,安徽安庆人,博士,国防大学讲师,主要研究方向为人工智能、信息安全。
    贾潇风(1998- ),男,河南许昌人,浙江工商大学硕士生,主要研究方向为应用密码学、区块链和隐私计算。
  • 基金资助:
    国家自然科学基金资助项目(62102422)

Light weighted privacy protection ViT inference framework based on secret sharing

Min MA1,2, Yu FU1(), Kai HUANG3, Xiaofeng JIA4   

  1. 1.Department of Information Security, Naval University of Engineering, Wuhan 430033, China
    2.School of Software Engineering, Hubei Open University, Wuhan 430074, China
    3.College of Joint Operation, National Defense University, Shijiazhuang 050084, China
    4.School of Computer Science and Technology, Zhejiang Gongshang University, Hangzhou 310018, China
  • Received:2023-11-02 Revised:2023-12-14 Online:2024-04-30 Published:2024-05-27
  • Contact: Yu FU E-mail:fuyu0219@163.com
  • Supported by:
    The National Natural Science Foundation of China(62102422)

摘要:

针对广泛应用于图像处理的ViT推理框架存在泄露用户隐私数据的风险,而已有隐私保护推理框架存在计算效率较低、在线通信量较大等问题,提出了一种高效隐私保护推理框架SViT。该框架由2个边缘服务器协作执行基于秘密共享设计的安全计算协议SSoftmax、SLayerNorm、SGeLU,在保持ViT-B/16原始框架结构的情况下,解决了隐私保护框架推理开销大的问题。理论分析与实验表明,相比CrypTen,SViT在计算效率和在线通信开销方面分别提升了2~6倍和4~14倍。

关键词: 隐私保护, 秘密共享, 图像分类, 安全计算协议

Abstract:

The ViT (vision transformer) inference framework, which was widely used in image processing, was found to have a risk of leaking user privacy data. However, existing privacy protection inference frameworks had problems such as low computational efficiency and high online communication volume. To address this issue, a highly efficient privacy protection inference framework SViT was proposed. Two edge servers collaborated to execute secure computing protocols based on secret sharing design, such as SSoftmax, SLayerNorm, SGeLU, etc. While maintaining the original framework structure of ViT-B/16, the problem of large inference overhead in privacy protection framework was solved. Theoretical analysis and experiments show that compared to Crypton, SViT has improved computational efficiency by 2~6 times and online communication overhead by 4~14 times, respectively.

Key words: privacy protection, secret sharing, image classification, secure computing protocol

中图分类号: 

No Suggested Reading articles found!