| In recent years,machine learning based on neural networks such as deep learning has achieved great success in many application fields.Training a reliable deep learning model relies on a large amount of data.A well-trained deep learning model is also an important intellectual property of enterprise and the relevant model parameters will not be published.When users need to use deep learning technology to complete prediction tasks,they need to upload the data to the cloud server.However,a lot of data used for deep learning training or prediction involves a variety of privacy consideration of users,so how to preserve the privacy of sensitive data is an important issue.There exist several crucial problems with the current privacy-preserving deep learning schemes,such as the computational overhead or communication overhead of some schemes is too heavy,and some schemes only support simple deep learning models.Most privacy-preserving deep learning schemes based on encryption algorithms only support the prediction phase of deep learning,and cannot support training deep learning models over encrypted data.In order to solve the above problems,this thesis studies privacy-preserving deep learning scheme.Aiming at the prediction phase of deep learning,this thesis proposes a privacy-preserving predication scheme to support running deep neural networks on encrypted data.The scheme uses the Paillier homomorphic encryption algorithm to rewrite the operation process of the convolutional neural network so that it can run on the ciphertext.Under the semi-honest adversary model,the scheme can preserve the privacy of prediction sample data and prediction results.Compared with the previous work,the scheme has the advantages of low computational overhead and low communication overhead,and deep learning prediction on ciphertext provides a higher accuracy.This paper has conducted sufficient experimental analysis under the MNIST data set and the FASHION data set.The results of the experiment verify the effectiveness and advantages of the scheme.Aiming at the training phase of deep learning,this thesis designs a privacy-preserving training scheme to support training deep neural networks over encrypted data.The scheme is implemented based on symmetric homomorphic encryption technology,which can preserve the privacy of the training data set and the real classification label under the semi-honest adversary model.The scheme adopts the method of separating neural network graph.In feed-forward propagation process,only one operation is required in the ciphertext environment,which greatly improves the operating efficiency;in addition,the scheme decrypts each piece of training feature data separately,the scheme can support stochastic gradient descent or mini-batch gradient descent more flexibly.Experimental analysis proof that the neural network model trained using our scheme has similar accuracy to the original deep learning model. |
PDF Full Text Request