隨著深度學習應用逐漸融入人類生活，人們對隱私的意識也逐漸提升，對於上傳的資料都更加謹慎。同時，模型開發商也不願意釋出經過大量成本訓練的模型權重給客戶使用。在這種情況下，具備隱私保護的深度學習成為關鍵技術，旨在保護使用者的輸入資料不被他人獲取。然而，使用這類技術會大幅增加計算量或傳輸量，導致執行時間延長。此外，開發具隱私保護的深度學習運算通常需要大量具備資安技術的人力來轉換模型，每次處理不同模型時都會增加成本。

在這篇論文中，我們提出了一套編譯器軟體框架，其針對已訓練的深度學習神經網路可以達到自動轉換成具備隱私保護的模式，而無需重新訓練。這使得在執行時期可以同時保護使用者的輸入資料和模型提供者的模型權重，並完成神經網路的推論運算。我們的框架支援現有知名深度學習框架，例如 TensorFlow, Keras, PyTorch 等。這些框架定義的模型可以作為我們編譯器框架的輸入，用以呈現在深度學習推論運算轉換成隱私保護版本的可依賴性、高效率、擴展性。

針對執行時間變長的問題，我們在本篇論文中提出了一系列的最佳化方法。首先，我們從隱私保護的執行框架著手，有效利用以及改寫其提供特殊資料型別。接著，我們發現到現今常使用遷移學習來解決資料稀缺問題，在遷移學習中會大量用到公開資料集作為初次訓練，再將該模型以較少的目標資料微調一小部份模型。這個發現對於我們提出的選擇性保護提供了很大的最佳化空間，因為那些經由公開資料所訓練的部份可以不用受到保護，從而加速隱私保護運算。

最後，我們根據隱私保護框架的運算模式進行拆解，將與使用者輸入無關的計算資料提前處理並儲存，從而大大減少實際請求隱私保護深度運算服務時的通訊量和計算量，進一步縮短了執行時間。通過我們提出的編譯器軟體框架和這些最佳化方法，我們在深度神經網路模型推論上達到了比目前最好的 CrypTFlow2 快 55 倍的性能。希望這篇論文的內容能對當今隱私意識高漲的社會有所貢獻。

As deep learning applications become integrated into daily life, peoples's awareness of privacy is gradually increasing, leading to caution about uploading personal data. At the same time, model developers are unwilling to release the expensive and resource-intensive trained model weights to clients. Privacy-preserving deep learning becomes a crucial technology at this point, aimed at protecting all input data from being accessed by others. However, using such technology increases computational and communication demands, resulting in longer execution times. Additionally, developing privacy-preserving computations often requires a large amount of cybersecurity expertise to adapt models, which incurs substantial costs each time a different model is encountered.

In this dissertation, we propose a compiler framework that can automatically convert pretrained deep learning neural networks into privacy-preserving modes without the need for retraining. This allows the framework to protect both the user's input data and the model provider's model weights during runtime while performing neural network inference. The framework supports models defined by well-known deep learning frameworks such as TensorFlow, Keras, and PyTorch, serving as input models to our framework. It demonstrates the reliability, efficiency, and scalability of converting deep learning inference programs into privacy-preserving versions.

To address the issue of extended execution time, we also propose a series of optimization methods in this dissertation. Firstly, we focus on the privacy-preserving execution framework, effectively utilizing and rewriting its special data types. Next, we observe that transfer learning, commonly used to tackle data scarcity issues, often employs lots of public datasets for initial training, followed by fine-tuning a small portion of the model with fewer target-specific data. This discovery offers significant optimization opportunities for our proposed selective protection method. Since the parts trained with public data do not require protection, the privacy-preserving computations can be accelerated.

Finally, we decompose the computation model of the privacy-preserving program, precomputing and storing data that is unrelated to the user's input. This essentially reduces the communication and computation for actual requests to the privacy-preserving inference service, further shortening execution time. With the compiler framework and these optimizations we proposed, we achieved inference speed in a deep neural network model that is 55 times faster than the current state-of-the-art, CrypTFlow2. We hope that the content of this dissertation can contribute to the privacy-conscious society of today.

[1] Martín Abadi, Ashish Agarwal, Paul Barham, Eugene Brevdo, Zhifeng Chen, Craig Citro, Greg S. Corrado, Andy Davis, Jeffrey Dean, Matthieu Devin, Sanjay Ghemawat, Ian Goodfellow, Andrew Harp, Geoffrey Irving, Michael Isard, Yangqing Jia, Rafal Jozefowicz, Lukasz Kaiser, Manjunath Kudlur, Josh Levenberg, Dandelion Mané, Rajat Monga, Sherry Moore, Derek Murray, Chris Olah, Mike Schuster, Jonathon Shlens, Benoit Steiner, Ilya Sutskever, Kunal Talwar, Paul Tucker, Vincent Vanhoucke, Vijay Vasudevan, Fernanda Viégas, Oriol Vinyals, Pete Warden, Martin Wattenberg, Martin Wicke, Yuan Yu, and Xiaoqiang Zheng. TensorFlow: Large-Scale Machine Learning on Heterogeneous Systems. https://www.tensorflow.org/. Software available from tensorflow.org. 2015 (cit. on pp. 4, 10).
[2] Gilad Asharov, Yehuda Lindell, Thomas Schneider, and Michael Zohner. “More efficient oblivious transfer and extensions for faster secure computation”. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, 2013, pp. 535–548. DOI: 10.1145/2508859.2516738 (cit. on pp. 15, 100, 105).
[3] Junjie Bai, Fang Lu, Ke Zhang, et al. ONNX: Open Neural Network Exchange. https://github.com/onnx/onnx. 2019 (cit. on pp. 9, 10).
[4] Donald Beaver. “Efficient Multiparty Protocols Using Circuit Randomization”. In: Annual International Cryptology Conference (CRYPTO). Vol. 576. Springer, 1991, pp. 420–432. DOI: 10.1007/3-540-46766-1_34 (cit. on p. 20).
[5] Donald Beaver, Silvio Micali, and Phillip Rogaway. “The Round Complexity of Secure Protocols”. In: Proceedings of the 22nd Annual ACM Symposium on Theory of Computing (STOC). ACM, 1990, pp. 503–513. DOI: 10.1145/100216.100287 (cit. on p. 18).
[6] Mihir Bellare, Viet Tung Hoang, Sriram Keelveedhi, and Phillip Rogaway. “Efficient Garbling from a Fixed-Key Blockcipher”. In: 2013 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 2013, pp. 478–492. DOI: 10.1109/SP.2013. 39 (cit. on pp. 19, 27, 28).
[7] Mihir Bellare, Viet Tung Hoang, and Phillip Rogaway. “Foundations of Garbled Circuits”. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS). ACM, 2012, pp. 784–796. DOI: 10.1145/2382196.2382279 (cit. on pp. 15, 16).
[8] Fabian Boemer, Anamaria Costache, Rosario Cammarota, and Casimir Wierzynski. “nGraph-HE2: A High-Throughput Framework for Neural Network Inference on Encrypted Data”. In: Proceedings of the 7th ACM Workshop on Encrypted Computing & Applied Homomorphic Cryptography (WAHC). ACM, 2019, pp. 45–56. DOI: 10. 1145/3338469.3358944 (cit. on pp. 1, 2, 4, 34, 88).
[9] Fabian Boemer, Yixing Lao, Rosario Cammarota, and Casimir Wierzynski. “nGraph-HE: a graph compiler for deep learning on homomorphically encrypted data”. In: Proceedings of the 16th ACM International Conference on Computing Frontiers (CF). ACM, 2019, pp. 3–13. DOI: 10.1145/3310273.3323047 (cit. on pp. 1, 4, 34).
[10] Joppe W. Bos, Kristin E. Lauter, Jake Loftus, and Michael Naehrig. “Improved Security for a Ring-Based Fully Homomorphic Encryption Scheme”. In: Cryptography and Coding 14th IMA International Conference (IMACC). Vol. 8308. Springer, 2013, pp. 45–64. DOI: 10.1007/978-3-642-45239-0_4 (cit. on p. 33).
[11] Stevo Bozinovski and Ante Fulgosi. “The influence of pattern similarity and transfer of learning upon training of a base perceptron b2”. In: Proceedings of Symposium Informatica. 1976, pp. 121–126. DOI: 10.31449/inf.v44i3.2828 (cit. on pp. 1, 4).
[12] Lennart Braun, Daniel Demmler, Thomas Schneider, and Oleksandr Tkachenko. “MOTION A Framework for Mixed-Protocol Multi-Party Computation”. In: ACM Transactions on Privacy and Security 25.2 (2022), 8:1–8:35. DOI: 10.1145/3490390 (cit. on p. 42).
[13] Niklas Büscher, Daniel Demmler, Stefan Katzenbeisser, David Kretzmer, and Thomas Schneider. “HyCC: Compilation of Hybrid Protocols for Practical Secure Computation”. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, 2018, pp. 847–861. DOI: 10.1145/3243734.3243786 (cit. on pp. 1, 28, 29, 61).
[14] Nishanth Chandran, Divya Gupta, Aseem Rastogi, Rahul Sharma, and Shardul Tripathi. “EzPC: Programmable and Efficient Secure Two-Party Computation for Machine Learning”. In: 2019 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE Computer Society, 2019, pp. 496–511. DOI: 10.1109/EuroSP.2019. 00043 (cit. on pp. 1, 28, 29).
[15] Tianqi Chen, Thierry Moreau, Ziheng Jiang, Lianmin Zheng, Eddie Q. Yan, Haichen Shen, Meghan Cowan, Leyuan Wang, Yuwei Hu, Luis Ceze, Carlos Guestrin, and Arvind Krishnamurthy. “TVM: An Automated End-to-End Optimizing Compiler for Deep Learning”. In: 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI). USENIX Association, 2018, pp. 578–594. URL: https://www.usenix.org/conference/osdi18/presentation/chen (cit. on pp. 4, 9, 10).
[16] François Chollet et al. Keras. https://keras.io.2015 (cit. on pp. 4, 78).
[17] Scott Cyphers, Arjun K. Bansal, Anahita Bhiwandiwalla, Jayaram Bobba, Matthew Brookhart, Avijit Chakraborty, Will Constable, Christian Convey, Leona Cook, Omar Kanawi, Robert Kimball, Jason Knight, Nikolay Korovaiko, Varun Kumar, Yixing Lao, Christopher R. Lishka, Jaikrishnan Menon, Jennifer Myers, Sandeep Aswath Narayana, Adam Procter, and Tristan J. Webb. Intel nGraph: An Intermediate Representation, Compiler, and Executor for Deep Learning. 2018. DOI: 10.48550/ARXIV. 1801.08058 (cit. on pp. 4, 9, 34).
[18] Roshan Dathathri, Olli Saarikivi, Hao Chen, Kim Laine, Kristin E. Lauter, Saeed Maleki, Madanlal Musuvathi, and Todd Mytkowicz. “CHET: an optimizing compiler for fully-homomorphic neural-network inferencing”. In: Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI). ACM, 2019, pp. 142–156. DOI: 10.1145/3314221.3314628 (cit. on pp. 1, 2, 34).
[19] Daniel Demmler, Thomas Schneider, and Michael Zohner. “ABY A Framework for Efficient Mixed-Protocol Secure Two-Party Computation”. In: 22nd Annual Network and Distributed System Security Symposium (NDSS). The Internet Society, 2015. URL: https://www.ndss-symposium.org/ndss2015/aby---framework-efficient-mixed-protocol-secure-two-party-computation (cit. on pp. 6, 7, 22, 27–29, 32, 40, 54, 102, 105, 110).
[20] Jia Deng, Wei Dong, Richard Socher, Li-Jia Li, Kai Li, and Li Fei-Fei. “ImageNet: A large-scale hierarchical image database”. In: 2009 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). IEEE Computer Society, 2009, pp. 248–255. DOI: 10.1109/CVPR.2009.5206848 (cit. on pp. 4, 78).
[21] Jeffrey L Elman. “Finding Structure in Time”. In: Cognitive Science 14.2 (1990), pp. 179–211. DOI: 10.1207/s15516709cog1402_1 (cit. on p. 41).
[22] David Evans, Vladimir Kolesnikov, and Mike Rosulek. A Pragmatic Introduction to Secure Multi-Party Computation. Now Publishers Inc, 2018. DOI: 10.1561/3300000019 (cit. on pp. 1, 12, 23, 27).
[23] Shimon Even, Oded Goldreich, and Abraham Lempel. “A randomized protocol for signing contracts”. In: Communications of the ACM 28.6 (June 1985), pp. 637–647. DOI: 10.1145/3812.3818 (cit. on p. 14).
[24] Zeming Fan, Mudasir Jamil, Muhammad Tariq Sadiq, Xiwei Huang, and Xiaojun Yu. “Exploiting multiple optimizers with transfer learning techniques for the identification of COVID-19 patients”. In: Journal of Healthcare Engineering 2020 (2020). DOI: 10. 1155/2020/8889412 (cit. on pp. 1, 4).
[25] Dengguo Feng and Kang Yang. “Concretely efficient secure multi-party computation protocols: survey and more”. In: Security and Safety 1 (2022), p. 2021001. DOI: 10. 1051/sands/2021001 (cit. on pp. 1, 12, 19).
[26] Craig Gentry. “A fully homomorphic encryption scheme”. PhD thesis. Stanford University, 2009 (cit. on pp. 1, 24).
[27] Ran Gilad-Bachrach, Nathan Dowlin, Kim Laine, Kristin E. Lauter, Michael Naehrig, and John Wernsing. “CryptoNets: Applying Neural Networks to Encrypted Data with High Throughput and Accuracy”. In: Proceedings of the 33nd International Conference on Machine Learning (ICML). Vol. 48. JMLR.org, 2016, pp. 201–210. URL: http://proceedings.mlr.press/v48/gilad-bachrach16.html (cit. on pp. 1, 2, 33, 41, 78).
[28] Oded Goldreich. Foundations of cryptography: basic applications. Vol. 2. Cambridge University Press, 2004. DOI: 10.1017/CBO9780511721656 (cit. on pp. 23, 27).
[29] Oded Goldreich, Silvio Micali, and Avi Wigderson. “How to play any mental game”. In: Proceedings of the 19th ACM Symposium on Theory of Computing (STOC). ACM, 1987, pp. 218–229. DOI: 10.1145/28395.28420 (cit. on pp. 1, 14, 20).
[30] Shay Gueron. Intel advanced encryption standard (AES) new instructions set. https://www.intel.com/content/dam/doc/white-paper/advanced-encryptionstandard-new-instructions-set-paper.pdf (visited on 2023-08-17). 2010 (cit. on p. 19).
[31] Shay Gueron, Yehuda Lindell, Ariel Nof, and Benny Pinkas. “Fast garbling of circuits under standard assumptions”. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, 2015, pp. 567–578. DOI: 10.1145/2810103.2813619 (cit. on p. 19).
[32] Marcella Hastings, Brett Hemenway, Daniel Noble, and Steve Zdancewic. “SoK: General Purpose Compilers for Secure Multi-Party Computation”. In: 2019 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 2019, pp. 1220–1237. DOI: 10.1109/SP.2019.00028 (cit. on p. 5).
[33] Carmit Hazay and Yehuda Lindell. Efficient secure two-party protocols: Techniques and constructions. Springer, 2010. DOI: 10.1007/978-3-642-14303-8 (cit. on pp. 1, 12).
[34] Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. “Deep residual learning for image recognition”. In: 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). IEEE Computer Society, 2016, pp. 770–778. DOI: 10.1109/CVPR.2016.90 (cit. on p. 78).
[35] Xianzhen He, Xiang Meng, Yixuan Wang, and Zhengjie Wang. “The Impact of COVID-19 on Various Aspects of Remote Work Software and Future development”. In: Proceedings of the 2022 7th International Conference on Financial Innovation and Economic Development (ICFIED). Atlantis Press, 2022, pp. 2761–2767. DOI: 10.2991/aebmr.k.220307.450 (cit. on p. 6).
[36] Sepp Hochreiter and Jürgen Schmidhuber. “Long Short-Term Memory”. In: Neural Computation 9.8 (1997), pp. 1735–1780. DOI: 10.1162/neco.1997.9.8.1735 (cit. on p. 41).
[37] Gao Huang, Zhuang Liu, Laurens Van Der Maaten, and Kilian Q Weinberger. “Densely connected convolutional networks”. In: 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). IEEE Computer Society, 2017, pp. 2261–2269. DOI: 10.1109/CVPR.2017.243 (cit. on p. 78).
[38] Po-Hsuan Huang, Chia-Heng Tu, and Shen-Ming Chung. “TONIC: Towards Oblivious Neural Inference Compiler”. In: Proceedings of the 36th Annual ACM Symposium on Applied Computing (SAC). ACM, 2021, pp. 491–500. DOI: 10.1145/3412841.3441929 (cit. on pp. 1, 2, 4, 7, 35, 42, 63, 79, 81, 88, 108).
[39] Po-Hsuan Huang, Ting-Wei Chang, Chia-Heng Tu, and Shen-Ming Chung. “POPS: An Off-Peak Precomputing Scheme for Privacy-Preserving Computing”. In: The Journal of Supercomputing 78.15 (2022), pp. 16841–16860. DOI: 10.1007/s11227-022-04552-x (cit. on p. 28).
[40] Po-Hsuan Huang, Chia-Heng Tu, Shen-Ming Chung, Pei-Yuan Wu, Tung-Lin Tsai, Yi-An Lin, Chun-Yi Dai, and Tzu-Yi Liao. “SecureTVM: A TVM-based Compiler Framework for Selective Privacy-preserving Neural Inference”. In: ACM Transactions on Design Automation of Electronic Systems 28.4 (2023), 61:1–61:28. DOI: 10.1145/3579049 (cit. on pp. 4, 35).
[41] Jeremy Irvin, Pranav Rajpurkar, Michael Ko, Yifan Yu, Silviana Ciurea-Ilcus, Chris Chute, Henrik Marklund, Behzad Haghgoo, Robyn L. Ball, Katie S. Shpanskaya, Jayne Seekins, David A. Mong, Safwan S. Halabi, Jesse K. Sandberg, Ricky Jones, David B. Larson, Curtis P. Langlotz, Bhavik N. Patel, Matthew P. Lungren, and Andrew Y. Ng. “CheXpert: A Large Chest Radiograph Dataset with Uncertainty Labels and Expert Comparison”. In: Proceedings of the AAAI conference on Artificial Intelligence (AAAI). AAAI Press, 2019, pp. 590–597. DOI: 10.1609/aaai.v33i01.3301590 (cit. on p. 4).
[42] Yuval Ishai, Joe Kilian, Kobbi Nissim, and Erez Petrank. “Extending Oblivious Transfers Efficiently”. In: Advances in Cryptology CRYPTO 2003. Vol. 2729. Springer, 2003, pp. 145–161. DOI: 10.1007/978-3-540-45146-4_9 (cit. on pp. 15, 31, 100, 103).
[43] Ismat Jarin and Birhanu Eshete. “PRICURE: Privacy-Preserving Collaborative Inference in a Multi-Party Setting”. In: Proceedings of the 2021 ACM Workshop on Security and Privacy Analytics (IWSPA). ACM, 2021, pp. 25–35. DOI: 10.1145/3445970.3451156 (cit. on p. 88).
[44] Chiraag Juvekar, Vinod Vaikuntanathan, and Anantha Chandrakasan. “GAZELLE: A Low Latency Framework for Secure Neural Network Inference”. In: 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, 2018, pp. 1651–1669. URL: https://www.usenix.org/conference/usenixsecurity18/presentation/juvekar (cit. on pp. 1, 2, 25, 33).
[45] Yarden Katz. “Manufacturing an artificial intelligence revolution”. In: Available at SSRN 3078224 (Nov. 2017). DOI: 10.2139/ssrn.3078224 (cit. on p. 1).
[46] Marcel Keller. “MP-SPDZ: A Versatile Framework for Multi-Party Computation”. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, 2020, pp. 1575–1590. DOI: 10.1145/3372297.3417872 (cit. on p. 6).
[47] Vladimir Kolesnikov and Thomas Schneider. “Improved garbled circuit: Free XOR gates and applications”. In: International Colloquium on Automata, Languages, and Programming (ICALP). Springer, 2008, pp. 486–498. DOI: 10.1007/978-3-540-70583-3_40 (cit. on p. 19).
[48] Raghavendra Kotikalapudi and contributors. keras-vis. https://github.com/raghakot/keras-vis. 2017 (cit. on p. 86).
[49] Alex Krizhevsky, Vinod Nair, and Geoffrey Hinton. CIFAR-10 and CIFAR-100 datasets (Canadian Institute for Advanced Research). http://www.cs.toronto.edu/~kriz/cifar.html (cit. on p. 78).
[50] Nishant Kumar, Mayank Rathee, Nishanth Chandran, Divya Gupta, Aseem Rastogi, and Rahul Sharma. “Cryptflow: Secure tensorflow inference”. In: 2020 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 2020, pp. 336–353. DOI: 10.1109/SP40000.2020.00092 (cit. on pp. 1, 4, 61).
[51] Yann LeCun, Yoshua Bengio, and Geoffrey Hinton. “Deep learning”. In: nature 521.7553 (2015), pp. 436–444. DOI: 10.1038/nature14539 (cit. on p. 1).
[52] Yann LeCun and Corinna Cortes. MNIST handwritten digit database. http://yann.lecun.com/exdb/mnist/. 2010 (cit. on pp. 78, 85).
[53] Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, and Elaine Shi. “ObliVM: A Programming Framework for Secure Computation”. In: 2015 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 2015, pp. 359–376. DOI: 10.1109/SP.2015.29 (cit. on pp. 28, 54, 55, 108).
[54] Jian Liu, Mika Juuti, Yao Lu, and N. Asokan. “Oblivious Neural Network Predictions via MiniONN Transformations”. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, 2017, pp. 619–631. DOI: 10.1145/3133956.3134056 (cit. on pp. 1, 2, 33, 41, 54, 78, 79, 81).
[55] Shervin Minaee, Rahele Kafieh, Milan Sonka, Shakib Yazdani, and Ghazaleh Jamalipour Soufi. “Deep-COVID: Predicting COVID-19 from chest X-ray images using deep transfer learning”. In: Medical image analysis 65 (2020), p. 101794. DOI: 10.1016/j.media.2020.101794 (cit. on pp. 1, 4, 5).
[56] Payman Mohassel and Yupeng Zhang. “SecureML: A System for Scalable Privacy-Preserving Machine Learning”. In: 2017 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 2017, pp. 19–38. DOI: 10.1109/SP.2017.12 (cit. on pp. 1, 2, 34, 61, 78).
[57] Janine Morley, Kelly Widdicks, and Mike Hazas. “Digitalisation, energy and data demand: The impact of Internet traffic on overall and peak electricity consumption”. In: Energy Research & Social Science 38 (2018), pp. 128–137. DOI: 10.1016/j.erss.2018.01.018 (cit. on p. 6).
[58] Moni Naor and Benny Pinkas. “Efficient oblivious transfer protocols”. In: Proceedings of the Twelfth Annual ACM-SIAM Symposium on Discrete Algorithms (SODA). ACM/SIAM, 2001, pp. 448–457. URL: https://dl.acm.org/doi/10.5555/365411.365502 (cit. on pp. 14, 100, 102).
[59] Moni Naor, Benny Pinkas, and Reuban Sumner. “Privacy Preserving Auctions and Mechanism Design”. In: Proceedings of the 1st ACM Conference on Electronic Commerce (EC). ACM, 1999, pp. 129–139. DOI: 10.1145/336992.337028 (cit. on p. 18).
[60] Pascal Paillier. “Public-key cryptosystems based on composite degree residuosity classes”. In: International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT). Springer, 1999, pp. 223–238. DOI: 10.1007/3540-48910-X_16 (cit. on pp. 1, 24).
[61] PALISADE Lattice Cryptography Library (release 1.11.5). https://palisade-crypto.org/. Sept. 2021 (cit. on pp. 29, 33).
[62] Adam Paszke, Sam Gross, Francisco Massa, Adam Lerer, James Bradbury, Gregory Chanan, Trevor Killeen, Zeming Lin, Natalia Gimelshein, Luca Antiga, Alban Desmaison, Andreas Kopf, Edward Yang, Zachary DeVito, Martin Raison, Alykhan Tejani, Sasank Chilamkurthy, Benoit Steiner, Lu Fang, Junjie Bai, and Soumith Chintala. “PyTorch: An Imperative Style, High-Performance Deep Learning Library”. In: Advances in Neural Information Processing Systems 32. Curran Associates, Inc., 2019, pp. 8024–8035. URL: http://papers.neurips.cc/paper/9015-pytorch-animperativestyle-high-performance-deep-learning-library.pdf (cit. on p. 10).
[63] Rupa Patel and Anita Chaware. “Transfer Learning with Fine-Tuned MobileNetV2 for Diabetic Retinopathy”. In: 2020 International Conference for Emerging Technology (INCET). IEEE Computer Society, 2020, pp. 1–4. DOI: 10.1109/INCET49848.2020.9154014 (cit. on pp. 1, 4).
[64] Sachin Patel. A-Z Handwritten Alphabets in .csv format. https://www.kaggle.com/sachinpatel21/az-handwritten-alphabets-in-csv-format. Feb. 2018 (cit. on p. 85).
[65] Michael O. Rabin. How to exchange secrets with oblivious transfer. Tech. rep. https://www.iacr.org/museum/rabin-obt.html (visited on 2024-05-29); scanned copy: https://eprint.iacr.org/2005/187. Aiken Computation Lab, Harvard University, 1981 (cit. on p. 14).
[66] Maithra Raghu, Chiyuan Zhang, Jon Kleinberg, and Samy Bengio. Transfusion: Understanding Transfer Learning for Medical Imaging. 2019. DOI: 10.48550/ARXIV. 1902.07208 (cit. on pp. 1, 88).
[67] Deevashwer Rathee, Mayank Rathee, Nishant Kumar, Nishanth Chandran, Divya Gupta, Aseem Rastogi, and Rahul Sharma. “CrypTFlow2: Practical 2-Party Secure Inference”. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, 2020, pp. 325–342. DOI: 10.1145/3372297. 3417274 (cit. on pp. 1, 2, 4, 7, 34, 61, 62, 82, 84).
[68] A. Sai Bharadwaj Reddy and D. Sujitha Juliet. “Transfer Learning with ResNet-50 for Malaria Cell-Image Classification”. In: 2019 International Conference on Communication and Signal Processing (ICCSP). IEEE Computer Society, 2019, pp. 0945–0949. DOI: 10.1109/ICCSP.2019.8697909 (cit. on pp. 4, 5).
[69] M. Sadegh Riazi, Mohammad Samragh, Hao Chen, Kim Laine, Kristin E. Lauter, and Farinaz Koushanfar. “XONN: XNOR-based Oblivious Deep Neural Network Inference”. In: 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, 2019, pp. 1501–1518. URL: https://www.usenix.org/conference/usenixsecurity19/presentation/riazi (cit. on pp. 1, 34).
[70] Mike Rosulek. A Brief History of Practical Garbled Circuit Optimizations. https://simons.berkeley.edu/talks/brief-history-practical-garbled-circuit-optimizations (visited on 2023-08-16). Securing Computation, Calvin Lab Auditorium. 2015 (cit. on p. 19).
[71] Bita Darvish Rouhani, M. Sadegh Riazi, and Farinaz Koushanfar. “Deepsecure: scalable provably-secure deep learning”. In: Proceedings of the 55th Annual Design Automation Conference (DAC). ACM, 2018, pp. 1–6. DOI: 10.1145/3195970.3196023 (cit. on pp. 1, 2, 33, 78).
[72] Mark Sandler, Andrew G. Howard, Menglong Zhu, Andrey Zhmoginov, and Liang-Chieh Chen. “MobileNetV2: Inverted Residuals and Linear Bottlenecks”. In: 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). IEEE Computer Society, 2018, pp. 4510–4520. DOI: 10.1109/CVPR.2018.00474 (cit. on p. 78).
[73] Microsoft SEAL (release 3.4). https://github.com/Microsoft/SEAL. Microsoft Research, Redmond, WA. 2019 (cit. on pp. 29, 33).
[74] Adi Shamir. “How to Share a Secret”. In: Communications of the ACM 22.11 (Nov. 1979), pp. 612–613. DOI: 10.1145/359168.359176 (cit. on p. 19).
[75] Adi Shamir, Ronald L Rivest, and Leonard M Adleman. Mental Poker. Tech. rep. https://apps.dtic.mil/dtic/tr/fulltext/u2/a066331.pdf (visited on 2023-08-21). Massachusetts Institute of Technology Laboratory for Computer Science, Cambridge, Massachusetts, 1979 (cit. on p. 12).
[76] Alex Sherstinsky. “Fundamentals of recurrent neural network (RNN) and long short-term memory (LSTM) network”. In: Physica D: Nonlinear Phenomena 404 (2020), p. 132306. DOI: 10.1016/j.physd.2019.132306 (cit. on p. 41).
[77] Sonit Singh, Kevin Ho-Shon, Sarvnaz Karimi, and Len Hamey. “Modality Classification and Concept Detection in Medical Images Using Deep Transfer Learning”. In: 2018 International Conference on Image and Vision Computing New Zealand (IVCNZ). IEEE, 2018, pp. 1–9. DOI: 10.1109/IVCNZ.2018.8634803 (cit. on p. 1).
[78] Adrian Smith. If you want to generate code, make sure your target language is not Java. https://web.archive.org/web/20210512173415/https://www.databasesandlife.com/java-method-64k-limit/. 2010 (cit. on p. 109).
[79] Alan M. Turing. “Computing machinery and intelligence”. In: Mind LIX.236 (1950), pp. 433–460. DOI: 10.1093/MIND/LIX.236.433 (cit. on p. 1).
[80] Xiao Wang, Alex J. Malozemoff, and Jonathan Katz. EMP-toolkit: Efficient Multi-Party computation toolkit. https://github.com/emp-toolkit. 2016 (cit. on pp. 27, 28).
[81] Josef Weidendorfer, Markus Kowarschik, and Carsten Trinitis. “A Tool Suite for Simulation Based Analysis of Memory Access Behavior”. In: Proceedings of the International Conference on Computational Science (ICCS). Springer Berlin Heidelberg, 2004, pp. 440–447. DOI: 10.1007/978-3-540-24688-6_58 (cit. on p. 59).
[82] Karl R. Weiss, Taghi M. Khoshgoftaar, and Dingding Wang. “A survey of transfer learning”. In: Journal of Big Data 3 (2016), p. 9. DOI: 10.1186/s40537-016-0043-6 (cit. on pp. 1, 4).
[83] Zheng Xiao, Mengyuan Wang, Anthony Theodore Chronopoulos, and Jiuchuan Jiang. “A method for reducing cloud service request peaks based on game theory”. In: Journal of Parallel and Distributed Computing 165 (2022), pp. 107–119. DOI: 10.1016/j.jpdc.2022.03.002 (cit. on p. 6).
[84] Vijay Kumar Yadav, Nitish Andola, Shekhar Verma, and S. Venkatesan. “A Survey of Oblivious Transfer Protocol”. In: ACM Computing Surveys 54.10s (Sept. 2022). DOI: 10.1145/3503045 (cit. on p. 14).
[85] Andrew Chi-Chih Yao. “Protocols for secure computations”. In: 23rd Annual Symposium on Foundations of Computer Science (SFCS). IEEE Computer Society, 1982, pp. 160–164. DOI: 10.1109/SFCS.1982.38 (cit. on pp. 1, 12, 14, 15).
[86] Samee Zahur and David Evans. Obliv-C: A Language for Extensible Data-Oblivious Computation. Cryptology ePrint Archive, Paper 2015/1153. https://eprint.iacr.org/2015/1153. 2015 (cit. on p. 28).
[87] 鍾勝民, 何志良, and 丁川偉. “安全多方運算-確保使用者隱私的雲端「盲服 務」”. In: 電腦與通訊176 (Dec. 2018). https://www.airitilibrary.com/Publication/alDetailedMesh?DocID=1019391x-201812-201901070025-201901070025-13-22 (visited on 2023-08-15), pp. 13–22 (cit. on p. 108).