Skip to content
/ SecureQ8 Public

Input scripts for securely evaluating quantized ImageNet models with mp-spdz

20 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

anderspkd/SecureQ8

BranchesTags

Repository files navigation

SecureQ8 – Tools for running secure quantized models

Small set of scripts that can be used to prep a model and input for evaluation with MP-SPDZ.

Installation (with Docker)

Run the following from this directory to build a Docker container:

$ docker build .

At the of the installation, the example below is run automatically.

Installation (without Docker)

The scripts require Google flatbuffers and the schema for .tflite models. Refer to build.sh for instructions/guide on how to install these. Alternatively, running

$ ./build.sh all

should do the trick on most systems.

The code works with all MobileNetV1 models, and compatible versions can be downloaded here.

The images folder contains a couple of example images that can be used as inputs.

MP-SPDZ needs to be present in the directory of the same name. You can either use a script to download the tested version:

$ ./get-mp-spdz.sh

Note the precompiled binaries are less optimized for compatibility. To reproduce the benchmarks, you can download the source and build it:

$ git submodule update --init MP-SPDZ
$ ./build-mp-spdz.sh

This requires a range of dependencies, see the Dockerfile for more information.

Running locally

After setting everything up, you can use this script to run the computation:

$ ./run-local.sh <model> <image> <protocol> <trunc> <n_threads>

The options are as follows:

  • model is one of v1_{0.25,0.5,0.75,1.0}_{128,160,192,224}. It will be input by party 0.
  • image is the image to be classified. It will be input by party 1.
  • protocol is the number of the column (0-7) in Tables 1/3 in https://eprint.iacr.org/2019/131 or one of semi2k, hemi, ring, rep-field, spdz2k, cowgear, ps-rep-ring, ps-rep-field. See the MP-SPDZ readme for descriptions of the protocols.
  • trunc is either prob (probabilistic) or exact corresponding to the respective lines in Tables 1/3.
  • n_threads is the number of threads per party.

For example,

$ ./run-local.sh v1_0.25_128 images/collie.jpg ring prob 4

computes inference on images/collie.jpg with the cheapest model and semi-honest honest-majority computation modulo 2^72, special truncation, and four threads. It should output guess: 232, which corresponds to the ImageNet category “Border collie”.

Running remotely

You need to set up hosts that run SSH and have all higher TCP ports open between each other. We have used c5.9xlarge instances in the same AWS zone and hence 36 threads. The hosts have to run Linux with a glib not older than Ubuntu 18.04 (2.27), which is the case for Amazon Linux 2. Honest-majority protocols require three hosts while dishonest-majority protocols require two.

With Docker, you can run the following script to set up host names, user name and SSH RSA key. We do NOT recommend running it outside Docker because it might overwrite an existing RSA key file.

$ ./setup-remote.sh

Without Docker, familiarise yourself with SSH configuration options and SSH keys. You can use ssh_config and the above script to find out the requirements. HOSTS has to contain the hostnames separated by whitespace.

After setting up, you can the following using the same options as above:

$ ./run-remote.sh <model> <image> <protocol> <trunc> <n_threads>

About

Input scripts for securely evaluating quantized ImageNet models with mp-spdz

Topics

tensorflow secure mpc imagenet quantized-neural-networks mp-spdz

Resources

Readme
Activity

Stars

20 stars

Watchers

4 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages