In this paper, we propose a new secure machine learning inference platform assisted by a small dedicated security processor, which will be easier to protect and deploy compared to today's TEEs integrated into high-performance processors. Our platform provides three main advantages over the state-of-the-art: (i) We achieve significant performance improvements compared to state-of-the-art distributed Privacy-Preserving Machine Learning (PPML) protocols, with only a small security processor that is comparable to a discrete security chip such as the Trusted Platform Module (TPM) or on-chip security subsystems in SoCs similar to the Apple enclave processor. In the semi-honest setting with WAN/GPU, our scheme is 4X-63X faster than Falcon (PoPETs'21) and AriaNN (PoPETs'22) and 3.8X-12X more communication efficient. We achieve even higher performance improvements in the malicious setting. (ii) Our platform guarantees security with abort against malicious adversaries under honest majority assumption. (iii) Our technique is not limited by the size of secure memory in a TEE and can support high-capacity modern neural networks like ResNet18 and Transformer. While previous work investigated the use of high-performance TEEs in PPML, this work represents the first to show that even tiny secure hardware with really limited performance can be leveraged to significantly speed-up distributed PPML protocols if the protocol can be carefully designed for lightweight trusted hardware.

翻译：本文提出了一种新的安全机器学习推理平台，该平台借助一个专用的小型安全处理器，相比当前集成在高性能处理器中的TEE，更易于保护和部署。与现有最优技术相比，我们的平台具有三大优势：(i) 在仅使用一个类似于可信平台模块或SoC中片上安全子系统（类似Apple enclave处理器）的离散安全芯片的小型安全处理器的情况下，相比现有最优的分布式隐私保护机器学习协议，我们实现了显著的性能提升。在半诚实模型且使用广域网/GPU环境下，我们的方案比Falcon (PoPETs'21) 和 AriaNN (PoPETs'22) 快4倍至63倍，通信效率高3.8倍至12倍。在恶意模型下，我们取得了更高的性能提升。(ii) 在诚实多数假设下，我们的平台可保证针对恶意敌手的可中止安全性。(iii) 我们的技术不受TEE中安全内存大小的限制，可支持如ResNet18和Transformer等高容量现代神经网络。虽然先前的研究探索了高性能TEE在隐私保护机器学习中的应用，但本文首次表明，如果协议能够针对轻量级可信硬件进行精心设计，即使性能极其有限的小型安全硬件也可显著加速分布式隐私保护机器学习协议。