CipherDM: Secure Three-Party Inference for Diffusion Model Sampling
This addresses privacy protection for users of Diffusion Models in applications like image generation, though it is incremental as it optimizes existing MPC techniques for a specific domain.
The paper tackled the problem of privacy violations in Diffusion Models during sampling by proposing CipherDM, a secure three-party inference framework using MPC, which improved running time by up to 2.328× and reduced communication costs by up to 1.791× compared to direct implementations.
Diffusion Models (DMs) achieve state-of-the-art synthesis results in image generation and have been applied to various fields. However, DMs sometimes seriously violate user privacy during usage, making the protection of privacy an urgent issue. Using traditional privacy computing schemes like Secure Multi-Party Computation (MPC) directly in DMs faces significant computation and communication challenges. To address these issues, we propose CipherDM, the first novel, versatile and universal framework applying MPC technology to DMs for secure sampling, which can be widely implemented on multiple DM based tasks. We thoroughly analyze sampling latency breakdown, find time-consuming parts and design corresponding secure MPC protocols for computing nonlinear activations including SoftMax, SiLU and Mish. CipherDM is evaluated on popular architectures (DDPM, DDIM) using MNIST dataset and on SD deployed by diffusers. Compared to direct implementation on SPU, our approach improves running time by approximately 1.084\times \sim 2.328\times, and reduces communication costs by approximately 1.212\times \sim 1.791\times.