Training deep neural networks often requires large-scale datasets, necessitating storage and processing on cloud servers due to computational constraints. The procedures must follow strict privacy regulations in domains like healthcare. Split Learning (SL), a framework that divides model layers between client(s) and server(s), is widely adopted for distributed model training. While Split Learning reduces privacy risks by limiting server access to the full parameter set, previous research has identified that intermediate outputs exchanged between server and client can compromise client's data privacy. Homomorphic encryption (HE)-based solutions exist for this scenario but often impose prohibitive computational burdens. To address these challenges, we propose CURE, a novel system based on HE, that encrypts only the server side of the model and optionally the data. CURE enables secure SL while substantially improving communication and parallelization through advanced packing techniques. We propose two packing schemes that consume one HE level for one-layer networks and generalize our solutions to n-layer neural networks. We demonstrate that CURE can achieve similar accuracy to plaintext SL while being 16x more efficient in terms of the runtime compared to the state-of-the-art privacy-preserving alternatives.

翻译：深度神经网络的训练通常需要大规模数据集，由于计算资源的限制，这些数据集的存储和处理往往依赖于云服务器。在医疗健康等领域，此类处理流程必须遵循严格的隐私法规。拆分学习作为一种将模型层分布在客户端与服务器之间的分布式训练框架，已被广泛采用。尽管拆分学习通过限制服务器对完整参数的访问来降低隐私风险，但先前研究表明，服务器与客户端之间交换的中间输出仍可能泄露客户端数据隐私。针对此场景，已有基于同态加密的解决方案，但这些方案通常带来极高的计算负担。为应对这些挑战，我们提出了CURE——一个基于同态加密的新型系统，该系统仅对模型服务器端及可选数据进行加密。CURE通过先进的打包技术实现安全的拆分学习，同时显著提升了通信效率与并行化能力。我们提出了两种打包方案：针对单层网络仅消耗一个同态加密层级，并将方案推广至n层神经网络。实验表明，CURE在保持与明文拆分学习相近精度的同时，其运行效率较当前最先进的隐私保护方案提升达16倍。