Gated Recurrent Unit (GRU) has wide application fields, such as sentiment analysis, speech recognition, and other sequential data processing. For efficient prediction, a growing number of model owners choose to deploy the trained GRU models through the machine-learning-as-a-service method (MLaaS). However, deploying a GRU model in cloud generates privacy issues for both model owners and prediction clients. This paper presents the architecture of PrivGRU and designs the privacy-preserving protocols to complete the secure inference. The protocols include base protocols and principal protocols. Base protocols define basic linear and non-linear computations, while principal protocols construct the gating mechanisms of GRUs. The main benefit of PrivGRU is to address privacy problems while enjoying the efficiency and convenience of MLaaS. The overall secure inference is performed on shares, which retain two properties of security: correctness and privacy. To prove the security, this work adopts Universal Composability (UC) framework with the honest-but-curious corruption model. As each protocol is proved to UC-realize the ideal functionality, it can be arbitrarily composed in any manner. This strong security feature makes PrivGRU more flexible and practical in future implementation.
AgarapA.F., PepitoF.J.H., Towards Building an Intelligent Anti-Malware System: A Deep Learning Approach using Support Vector Machine (SVM) for Malware Classification. arXiv preprint arXiv:1801.00318, 2017.
2.
BarniM., FaillaP., KolesnikovV., LazzerettiR., SadeghiA.-R., Schneider.T., Secure evaluation of private linear branching programs with medical applications. In European Symposium on Research in Computer Security, pages 424–439. Springer, 2009.
3.
BeigiG., ShuK., GuoR., WangS., LiuH., Privacy Preserving Text Representation Learning. Proceedings of the 30th on Hypertext and Social Media (HTâ.ĂŹ19). ACM, 2019.
4.
BiswasS., ChaddaE., AhmadF., Sentiment Analysis with Gated Recurrent Units. Department of Computer Engineering. Annual Report Jamia Millia Islamia New Delhi, India, 2015.
5.
BlakleyG.R., et al. Safeguarding Cryptographic Keys. In Proceedings of the National Computer Conference, volume 48, 1979.
6.
CanettiR., Security and composition of multiparty cryptographic protocols, Journal of CRYPTOLOGY13(1) (2000), 143–202.
7.
CanettiR., Universally Composable Security: A new Paradigm for Cryptographic Protocols. In Proceedings 42nd IEEE Symposium on Foundations of Computer Science, pages 136–145. IEEE, 2001.
8.
CapesT., ColesP., ConkieA., GolipourL., HadjitarkhaniA., HuQ., HuddlestonN., HuntM., LiJ., NeeracherM., et al. Siri on-device deep learning-guided unit selection text-to-speech system. In INTERSPEECH, pages 4011–4015, 2017.
9.
ChenC.-M., WangK.-H., YehK.-H., XiangB., WuT.-Y., Attacks and solutions on a three-party password-based authenticated key exchange protocol for wireless communications, Journal of Ambient Intelligence and Humanized Computing, 10(8) (2019), 3133–3142.
10.
ChenC.-M., XiangB., LiuY., WangK.-H., A secure authentication protocol for internet of vehicles, IEEEAccess 7 (2019), 12047–12057.
11.
ChiuC.-C., SainathT.N., WuY., PrabhavalkarR., NguyenP., ChenZ., KannanA., WeissR.J., RaoK., GoninaE., et al. State-of-the-art Speech Recognition with Sequence-to-sequenceModels. In 2018 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pages 4774–4778. IEEE, 2018.
12.
ChoK., Van MerriënboerB., GulcehreC., BahdanauD., BougaresF., SchwenkH., BengioY., Learning Phrase Representations using RNN Encoder-decoder for Statistical Machine Translation. arXiv preprint arXiv:1406.1078, 2014.
13.
De CockM., DowsleyR., NascimentoA.C., ReichD., TodokiA., Privacy-preserving classification of personal text messages with secure multi-party computation: An application to hate-speech detection. arXiv preprint arXiv:1906.02325, 2019.
14.
DemmlerD., SchneiderT., ZohnerM., Aby-a framework for efficient mixed-protocol secure two-party computation. In NDSS, 2015.
15.
DuW., AtallahM.J., Protocols for Secure Remote Database Access with Approximate Matching. In E Commerce Security and Privacy, pages 87–111. Springer, 2001.
16.
DworkC., Differential Privacy. Encyclopedia of Cryptography and Security, pages 338–340, 2011.
17.
FuR., ZhangZ., LiL., Using lstm and gru neural network methods for traffic flow prediction. In 2016 31st Youth Academic Annual Conference of Chinese Association of Automation (YAC), pages 324–328. IEEE, 2016.
18.
GoldreichO., Foundations of Cryptography: volume 1, basic tools. Cambridge university press, 2007.
19.
GUQ., LUN., LIUL., A novel recurrent neural network algorithm with long short-term memory model for futures trading, Journal of Intelligent & Fuzzy Systems, (Preprint):1–8.
JiZ., LiptonZ.C., ElkanC., Differential Privacy and Machine Learning: A Survey and Review. arXiv preprint arXiv:1412.7584, 2014.
22.
JuvekarC., VaikuntanathanV., ChandrakasanA., GAZELLE: A Low Latency Framework for Secure Neural Network Inference. In 27th USENIX Security Symposium (USENIX Security 18), pages 1651–1669, 2018.
23.
LiY., BaldwinT., CohnT., Towards Robust and Privacy-preserving Text Representations. arXiv preprint arXiv:1805.06093, 2018.
24.
LindellY., How to Simulate It–A Tutorial on the Simulation Proof Technique. In Tutorials on the Foundations of Cryptography, pages 277–346. Springer, 2017.
25.
LiuJ., JuutiM., LuY., AsokanN., Oblivious Neural Network Predictions via Minionn Transformations. In Proceedings of the 2017 ACMSIGSAC Conference on Computer and Communications Security, pages 619–631. ACM, 2017.
26.
MaL., LiuS., WangY., A DRM model based on Proactive Secret Sharing Scheme for P2P Networks. In 9th IEEE International Conference on Cognitive Informatics (ICCI’10), pages 859–862. IEEE, 2010.
27.
MohasselP., ZhangY., Secureml: A System for Scalable Privacy-preserving Machine Learning. In 2017 IEEE Symposium on Security and Privacy (SP), pages 19–38. IEEE, 2017.
28.
PanJ.-S., KongL., SungT.-W., TsaiP.-W., SnášelV., α-Fraction first strategy for hierarchical model in wireless sensor networks, Journal of Internet Technology19(6) (2018), 1717–1726.
29.
PanJ.-S., LeeC.-Y., SghaierA., ZeghidM., XieJ., Novel systolization of subquadratic space complexity multipliers based on toeplitz matrix-vector product approach. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 2019.
30.
Pumrapee PoomkaN.K., PongsenaWattana, KerdprasopK., SMS spam detection based on long short-term memory and gated recurrent unit, International Journal of Future Computer and Communication8(2019).
31.
RiaziM.S., WeinertC., TkachenkoO., SonghoriE.M., SchneiderT., KoushanfarF., Chameleon: A Hybrid Secure Computation Framework for Machine Learning Applications. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pages 707–721. ACM, 2018.
32.
RouhaniB.D., RiaziM.S., KoushanfarF., Deepsecure: Scalable Provably-secure Deep Learning. In Proceedings of the 55th Annual Design Automation Conference, page 2. ACM, 2018.
33.
SaleemN., Irfan KhattakM., QaziA.B., Supervised speech enhancement based on deep neural network, Journal of Intelligent & Fuzzy Systems, (Preprint):1–15, 2019.
34.
ShamirA., How to share a secret, Communications of the ACM22(11) (1979), 612–613.
35.
WaghS., GuptaD., ChandranN., SecureNN: 3-Party secure computation for neural network training, Proceedings on Privacy Enhancing Technologies1(2019), 24.
36.
WangL., ShenX., LiJ., ShaoJ., YangY., Cryptographic primitives in blockchains, Journal of Network and Computer Applications127 (2019), 43–58.
WuT.-Y., ChenC.-M., WangK.-H., MengC., WangE.K., A provably secure certificateless public key encryption with keyword search, Journal of the Chinese Institute of Engineers42(1) (2019), 20–28.
39.
YaoA.C.-C., How to Generate and Exchange Secrets. In 27th Annual Symposium on Foundations of Computer Science (sfcs 1986), pages 162–167. IEEE, 1986.
40.
YinW., KannK., YuM., SchützeH., Comparative Study of CNN and RNN for Natural Language Processing. arXiv preprint arXiv:1702.01923, 2017.
41.
ZhangA., LiptonZ.C., LiM., SmolaA.J., Dive into Deep Learning, 2019.
