Most existing secure neural network inference protocols based on secure multi-party computation (MPC) typically support at most four participants, demonstrating severely limited scalability. Liu et al. (USENIX Security'24) presented the first relatively practical approach by utilizing Shamir secret sharing with Mersenne prime fields. However, when processing deeper neural networks such as VGG16, their protocols incur substantial communication overhead, resulting in particularly significant latency in wide-area network (WAN) environments. In this paper, we propose a high-throughput and scalable MPC protocol for neural network inference against semi-honest adversaries in the honest-majority setting. The core of our approach lies in leveraging packed Shamir secret sharing (PSS) to enable parallel computation and reduce communication complexity. The main contributions are three-fold: i) We present a communication-efficient protocol for vector-matrix multiplication, based on our newly defined notion of vector-matrix multiplication-friendly random share tuples. ii) We design the filter packing approach that enables parallel convolution. iii) We further extend all non-linear protocols based on Shamir secret sharing to the PSS-based protocols for achieving parallel non-linear operations. Extensive experiments across various datasets and neural networks demonstrate the superiority of our approach in WAN. Compared to Liu et al. (USENIX Security'24), our scheme reduces the communication upto 5.85x, 11.17x, and 6.83x in offline, online and total communication overhead, respectively. In addition, our scheme is upto 1.59x, 2.61x, and 1.75x faster in offline, online and total running time, respectively.

翻译：现有基于安全多方计算的神经网络推断协议通常仅支持至多四方参与，展现出严重的可扩展性限制。Liu等人（USENIX Security'24）通过利用梅森素数域上的Shamir秘密共享，首次提出了相对实用的方案。然而在处理VGG16等深层神经网络时，其协议会产生显著的通信开销，尤其在广域网环境下导致明显的延迟。本文提出一种针对诚实多数设置下半诚实敌手的高通量可扩展神经网络推断安全多方计算协议。其核心在于利用打包Shamir秘密共享实现并行计算并降低通信复杂度。主要贡献包含三个方面：i) 基于新定义的向量-矩阵乘法友好随机共享元组概念，提出通信高效的向量-矩阵乘法协议；ii) 设计支持并行卷积的滤波器打包方法；iii) 将基于Shamir秘密共享的非线性协议全面扩展为基于打包Shamir秘密共享的协议，实现并行非线性操作。在多种数据集和神经网络上的广泛实验验证了本方案在广域网环境中的优越性。与Liu等人（USENIX Security'24）的方案相比，本方案在离线、在线及总通信开销上分别降低至5.85倍、11.17倍和6.83倍，同时离线、在线及总运行时间分别加速至1.59倍、2.61倍和1.75倍。