Machine Learning as a Service (MLaaS) is increasingly popular but processing prediction requests will cause users to expose potentially sensitive information. Thanks to breakthrough in secure multi-party computation(MPC), privacy-preserving machine learning has attracted more attention. It allows outsourcing calculations to untrusted servers while maintaining data privacy. Some works proposed frameworks for secure prediction, but with high computation and communication overhead. This is the cost for MPC to deal with non-linear functions, and the activation functions that are widely used in neural networks are usually non-linear.

We present a practical framework to perform privacy-preserving prediction. We first propose a new component as an alternative to the activation function so that in one forward propagation, the neural network can be regarded as a linear model. We call this component Sieve Layer and the corresponding network SieveNet. We then show how to use additive secret sharing and adversarial training to build privacy-preserving prediction framework based on SieveNet, and we report a comprehensive analysis of information leakage according to specific types of attacker. Finally, we evaluate our framework on MNIST, CIFAR-10 and CIFAR-100. The results show that the prediction time of our framework is in the same order of magnitude as the plaintext inference.

机器学习即服务 (MLaaS) 越来越受欢迎，但处理预测请求将导致用户暴露潜在的敏感信息。由于安全多方计算（MPC）的突破，隐私保护机器学习引起了更多的关注。它允许将计算外包给不受信任的服务器，同时保持数据隐私。一些工作提出了用于安全预测的框架，但计算和通信开销很高。这就是 MPC 处理非线性函数的代价，神经网络中广泛使用的激活函数通常是非线性的。

我们提出了一个实用的框架来执行隐私保护预测。我们首先提出了一个新组件作为激活函数的替代方案，以便在一次前向传播中，神经网络可以被视为一个线性模型。我们称这个组件为Sieve Layer和相应的网络SieveNet。然后我们展示了如何使用加性秘密共享和对抗训练来构建基于SieveNet 的隐私保护预测框架，并根据特定类型的攻击者报告了对信息泄漏的综合分析。最后，我们在 MNIST、CIFAR-10 和 CIFAR-100 上评估我们的框架。结果表明，我们框架的预测时间与明文推理处于同一数量级。