A typical setup in many machine learning scenarios involves a server that holds a model and a user that possesses data, and the challenge is to perform inference while safeguarding the privacy of both parties. Private Inference has been extensively explored in recent years, mainly from a cryptographic standpoint via techniques like homomorphic encryption and multiparty computation. These approaches often come with high computational overhead and may degrade the accuracy of the model. In our work, we take a different approach inspired by the Private Information Retrieval literature. We view private inference as the task of retrieving inner products of parameter vectors with the data, a fundamental operation in many machine learning models. We introduce schemes that enable such retrieval of inner products for models with quantized (i.e., restricted to a finite set) weights; such models are extensively used in practice due to a wide range of benefits. In addition, our schemes uncover a fundamental tradeoff between user and server privacy. Our information-theoretic approach is applicable to a wide range of problems and robust in privacy guarantees for both the user and the server.

翻译：在许多机器学习场景中，一个典型设定是服务器持有模型而用户拥有数据，其挑战在于确保双方隐私的前提下执行推理。近年来，私有推理得到了广泛研究，主要从密码学角度通过同态加密和多方计算等技术实现。这些方法通常带来高计算开销，并可能降低模型精度。在我们的工作中，我们借鉴私有信息检索文献的思路，采取了不同方法。我们将私有推理视为检索参数向量与数据的内积任务——这是许多机器学习模型的基本运算。我们提出了一系列方案，能够针对具有量化（即限制在有限集合内）权重的模型实现此类内积检索；这类模型因其广泛优势而在实践中被大量使用。此外，我们的方案揭示了用户与服务器隐私之间的基本权衡。这种基于信息论的方法适用范围广泛，且能为用户和服务器提供稳健的隐私保障。