Research On Forward Propagation Method Of Privacy-preserving Convolutional Neural Network

With the continuous development of cloud technology and machine learning research,a new form of cloud computing service,machine learning as a service,has emerged.Users can solve the problem of limited local resources of users through the data storage and computing resources of cloud service providers.In this form,users can use the more powerful computing power of the cloud to perform model training tasks in machine learning.At the same time,for the model that has been trained by the cloud service provider,the user can also use these models to complete the prediction task as needed.This form covers many application scenarios.For example,cases have appeared which cloud service providers and medical research institutions cooperate to construct medical image diagnostic and prediction models via the form of big data.The models deployed in cloud providers are then used to provide users with medical diagnosis services.While these services greatly facilitate the relevant applications,issues on user data privacy are gradually exposed.Users sending raw data directly to cloud service providers are undoubtedly facing great security threats.For example,users may conduct medical image prediction and analysis through the cloud,and meanwhile the users' private health information is directly exposed to the cloud service provider,which is extremely unfavorable for user privacy.In view of the above problems,that is,cloud prediction tasks need to ensure user data security,and considering the excellent performance of convolutional neural networks in the image field,this paper focuses on the method of forward propagation of convolutional neural networks under privacy preserving,aiming to complete the image classification and prediction task based on the convolutional neural network model under the protection of privacy.The main contributions of this thesis are as follows:1.This paper analyzes the structure of Crypto Nets proposed by Microsoft Research Institute,and makes a detailed analysis of the unexplained part of its work.This thesis explains the underlying reason for choosing square function as the activation function,the detailed construction of it,the parameter selection method of the BFV homomorphic encryption scheme,the encoding scheme of model parameters of the already trained model,and the details of encrypted image classification prediction by means of the Chinese remainder theorem.At the same time,the parameter redundancy of Crypto Nets model leads to the problem of low computational efficiency.This thesis proposes the idea of extending the notion of Network in Network to the forward calculation of ciphertext images,thereby optimizing and improving the network structure and reducing the redundant model parameters,especially the improvement of calculation efficiency.The relevant experimental results demonstrate the correctness and efficiency of the method.2.There are scenarios where instead of high throughput,faster response is more favored.Inspiring by Bellafqira et al.'s work on training multi-layer perceptron using ciphertext,in this paper a new convolutional neural network method with Paillier encryption is proposed,which is then used for encrypted image classification and prediction.By means of a two-server model the related operations are constructed,which are not supported in the basic computational features of Paillier scheme.These newly constructed operations includes multiplication,division,inner product,and maximum.Based on these operations and the original Paillier basic operations,this thesis elaborates on the ciphertext calculation method for constructing each network layer,especially how to construct the activation layer supporting Re LU function.Experiments are carried out on image classification and prediction tasks,using the proposed method.The results show the correctness of the method,and more importantly the faster single response time.