Privacy-preserving deep learning addresses privacy concerns in Machine Learning as a Service (MLaaS) by using Homomorphic Encryption (HE) for linear computations. However, the computational overhead remains a major challenge. While prior work has improved efficiency, most approaches build on models originally designed for plaintext inference. Such models incur architectural inefficiencies when adapted to HE. We argue that substantial gains require networks tailored to HE rather than retrofitting plaintext architectures. Our design has two components: the building block and the overall architecture. First, StriaBlock targets the most expensive HE operation, rotation. It integrates ExRot-Free Convolution and a novel Cross Kernel, eliminating external rotations and requiring only 19% of the internal rotations used by plaintext models. Second, our architectural principles include (i) the Focused Constraint Principle, which limits cost-sensitive factors while preserving flexibility elsewhere, and (ii) the Channel Packing-Aware Scaling Principle, which adapts bottleneck ratios to ciphertext channel capacity that varies with depth. Together, these strategies control both local and end-to-end HE cost, enabling a balanced HE-tailored network. We evaluate the resulting StriaNet across datasets of varying scales, including ImageNet, Tiny ImageNet, and CIFAR-10. At comparable accuracy, StriaNet achieves speedups of 9.78x, 6.01x, and 9.24x on ImageNet, Tiny ImageNet, and CIFAR-10, respectively.

翻译：隐私保护深度学习通过使用同态加密（HE）进行线性计算，解决了机器学习即服务（MLaaS）中的隐私问题。然而，计算开销仍然是一个主要挑战。尽管先前的研究提升了效率，但大多数方法基于最初为明文推理设计的模型。此类模型在适配HE时会产生架构上的低效性。我们认为，要实现显著增益，需要专门为HE定制网络，而非改造明文架构。我们的设计包含两个组成部分：基础构建块和整体架构。首先，StriaBlock针对最昂贵的HE操作——旋转进行优化。它集成了无外部旋转卷积和一种新颖的交叉核，消除了外部旋转，仅需明文模型内部旋转次数的19%。其次，我们的架构原则包括：（i）聚焦约束原则，在保持其他部分灵活性的同时限制成本敏感因素；（ii）通道打包感知缩放原则，根据随网络深度变化的密文通道容量调整瓶颈比率。这些策略共同控制了局部和端到端的HE成本，实现了平衡的HE定制网络。我们在不同规模的数据集上评估了由此构建的StriaNet，包括ImageNet、Tiny ImageNet和CIFAR-10。在精度相当的情况下，StriaNet在ImageNet、Tiny ImageNet和CIFAR-10上分别实现了9.78倍、6.01倍和9.24倍的加速。