Privacy-preserving Convolutional Neural Network Image Classification Prediction Scheme

Convolutional neural networks have a wide range of applications in various fields centered on image recognition.With the continuous emergence of machine learning as a service,users need to upload large amounts of data to service providers or untrustworthy cloud platforms to support model training or classification prediction on neural networks,which inevitably contain private and sensitive information,and users may face security threats to data privacy when making classification predictions.Therefore,developing a secure and effective privacy-preserving convolutional neural network scheme for image classification prediction is very much in line with the practical needs,which requirements can satisfy the privacy protection as well as correct and more accurate image classification prediction result.In addition,it can also support multi-key environment and light-weighted users.1.We propose a privacy-preserving convolutional neural network image classification prediction scheme with multiple keys.So far,there are problems with the correctness and accuracy of the scheme for calculating the activation function in the case of homomorphic encryption.To address this phenomenon,a secure activation function computing protocol is proposed,in which the activation function is calculated using approximate polynomials with4-series Taylor expansions at piecewise integer points,which replaces the activation function itself.We also propose a homogenization algorithm to ensure the correctness in the computation of the activation function that exists in common schemes.What's more,we approximate the Relu function by constructing a new continuous and derivable Tanhplus function,which makes the Relu function suit the the protocol well.The protocol is not only suitable for the computation for specific activation functions,but also satisfies ordinary nonlinear activation functions,which is of universal significance.The whole scheme adopts the distributed two trapdoors DT-PKC public-key cryptosystem,and through theoretical analysis and experimental evaluation,it is shown that it not only achieves security and accuracy in image classification prediction,but also supports multiple keys and lightweighted users.2.We propose a privacy-preserving convolutional neural network image classification prediction scheme with low latency and light-weighted users.Considering the accuracy of the underlying network without loss,we improve the high latency problem that occurs during the computation of the activation function in existing privacy-preserving schemes.First,we construct a secure activation function computing protocol using a commodity-based secure comparison protocol,which makes it consistent with the underlying accuracy of convolutional neural network and requires only simple addition and multiplication operations,improving the complexity and high latency on activation function computation under ciphertexts in common schemes.Second,to further support light-weighted users,a secure output layer protocol is designed,which enables users to obtain the image classification results with simple operations without extra decryption steps.Then,the whole scheme can also well obviate security issues such as semi-honest participant wiretapping by utilizing DT-PKC public-key cryptosystem,which can achieve both data security and model security.At last,from the perspective of underlying accuracy,with security analysis and experimental evaluation,we can see that the whole scheme achieves privacy protection for classification prediction,greatly reduces high latency for users,and supports multiple keys and light-weighted users as well.