@inproceedings{wagh2019securenn, author = {Wagh, Sameer and Gupta, Divya and Chandran, Nishanth}, title = {SecureNN: Efficient and Private Neural Network Training}, organization = {(PETS 2019)}, booktitle = {Privacy Enhancing Technologies Symposium}, year = {2019}, month = {February}, abstract = {Neural Networks (NN) provide a powerful method for machine learning training and inference. To effectively train, it is desirable for multiple parties to combine their data -- however, doing so conflicts with data privacy. In this work, we provide novel three-party secure computation protocols for various NN building blocks such as matrix multiplication, convolutions, Rectified Linear Units, Maxpool, normalization and so on. This enables us to construct three-party secure protocols for training and inference of several NN architectures such that no single party learns any information about the data. Experimentally, we implement our system over Amazon EC2 servers in different settings. Our work advances the state-of-the-art of secure computation for neural networks in three ways: Scalability: We are the first work to provide neural network training on Convolutional Neural Networks (CNNs) that have an accuracy of >99% on the MNIST dataset; Performance: For secure inference, our system outperforms prior 2 and 3-server works (SecureML, MiniONN, Chameleon, Gazelle) by 6x-113x (with larger gains obtained in more complex networks). Our total execution times are 2-4x faster than even just the online times of these works. For secure training, compared to the only prior work (SecureML) that considered a much smaller fully connected network, our protocols are 79x and 7x faster than their 2 and 3-server protocols. In the WAN setting, these improvements are more dramatic and we obtain an improvement of 553x! Security: Our protocols provide two kinds of security: full security (privacy and correctness) against one semi-honest corruption and the notion of privacy against one malicious corruption [Araki et al. CCS'16]. All prior works only provide semi-honest security and ours is the first system to provide any security against malicious adversaries for the secure computation of complex algorithms such as neural network inference and training. Our gains come from a significant improvement in communication through the elimination of expensive garbled circuits and oblivious transfer protocols.}, url = {http://approjects.co.za/?big=en-us/research/publication/securenn-efficient-and-private-neural-network-training/}, }