@inproceedings{kumar2020cryptflow,
author = {Kumar, Nishant and Rathee, Mayank and Chandran, Nishanth and Gupta, Divya and Rastogi, Aseem and Sharma, Rahul},
title = {CrypTFlow: Secure TensorFlow Inference},
booktitle = {IEEE Symposium on Security and Privacy},
year = {2020},
month = {May},
abstract = {We present CrypTFlow, a first of its kind system that converts TensorFlow inference code into Secure Multi-party Computation (MPC) protocols at the push of a button. To do this, we build three components. Our first component, Athos, is an end-to-end compiler from TensorFlow to a variety of semi-honest MPC protocols. The second component, Porthos, is an improved semi-honest 3-party protocol that provides significant speedups for TensorFlow like applications. Finally, to provide malicious secure MPC protocols, our third component, Aramis, is a novel technique that uses hardware with integrity guarantees to convert any semi-honest MPC protocol into an MPC protocol that provides malicious security. The malicious security of the protocols output by Aramis relies on integrity of the hardware and semi-honest security of MPC. Moreover, our system matches the inference accuracy of plaintext TensorFlow.

We experimentally demonstrate the power of our system by showing the secure inference of real-world neural networks such as ResNet50 and DenseNet121 over the ImageNet dataset with running times of about 30 seconds for semi-honest security and under two minutes for malicious security. Prior work in the area of secure inference has been limited to semi-honest security of small networks over tiny datasets such as MNIST or CIFAR. Even on MNIST/CIFAR, CrypTFlow outperforms prior work.},
publisher = {IEEE},
url = {http://approjects.co.za/?big=en-us/research/publication/cryptflow-secure-tensorflow-inference/},
}