PRISM: Privacy-preserving Inference System with Homomorphic Encryption and Modular Activation
This work addresses data privacy concerns in critical infrastructures by enabling secure CNN inference, though it is incremental in optimizing existing homomorphic encryption methods for machine learning.
The paper tackles the challenge of deploying convolutional neural networks (CNNs) in privacy-sensitive settings by proposing a framework that uses homomorphic encryption with approximated activation functions, achieving 94.4% accuracy on CIFAR-10 with specific computational times for encrypted samples.
With the rapid advancements in machine learning, models have become increasingly capable of learning and making predictions in various industries. However, deploying these models in critical infrastructures presents a major challenge, as concerns about data privacy prevent unrestricted data sharing. Homomorphic encryption (HE) offers a solution by enabling computations on encrypted data, but it remains incompatible with machine learning models like convolutional neural networks (CNNs), due to their reliance on non-linear activation functions. To bridge this gap, this work proposes an optimized framework that replaces standard non-linear functions with homomorphically compatible approximations, ensuring secure computations while minimizing computational overhead. The proposed approach restructures the CNN architecture and introduces an efficient activation function approximation method to mitigate the performance trade-offs introduced by encryption. Experiments on CIFAR-10 achieve 94.4% accuracy with 2.42 s per single encrypted sample and 24,000 s per 10,000 encrypted samples, using a degree-4 polynomial and Softplus activation under CKKS, balancing accuracy and privacy.