隐私保护深度学习研究综述  

作　　者：陈品极 何琨[1] 陈晶[1] 杜瑞颖[1] CHEN Pin-Ji;HE Kun;CHEN Jing;DU Rui-Ying(School of Cyber Science and Engineering,Wuhan University,Wuhan 430072,China)

机构地区：[1]武汉大学国家网络安全学院,武汉430072

出　　处：《密码学报（中英文）》2024年第4期771-798,共28页Journal of Cryptologic Research

基　　金：国家重点研发计划(2022YFB3102100);国家自然科学基金(62076187,62172303);湖北省重点研发计划(2022BAA039);山东省重点研发计划(2022CXPT055)。

摘　　要：深度学习即服务模式下,包含个人隐私的数据在多方之间不断流转,难以避免地产生了隐私泄露的风险.一方面,数据拥有者担心输入到云端模型中的隐私数据会直接暴露给云服务提供商;另一方面,云端模型拥有者担心客户端可以在大量的数据交互中窃取到自己耗费海量资源训练的模型.因此,如何将隐私保护和深度学习相结合成为了当今隐私计算领域的热点问题.本文回顾了2016年至今隐私保护深度学习相关工作,并根据深度神经网络中的线性层和非线性层运算对前人工作使用的方案进行了分类.通过发表时间、研究周期以及发表数量,分析了不同实现方案的优胜劣汰和当下的研究焦点,同时通过对每个实现方案的不同优化方向进行追溯,理清了每个方案的发展脉络.最后,从多维度综合对比代表性方案,整理了如今隐私保护深度学习所面临的困难并提出了可行的解决方案和具有前景的发展方向.In deep learning as a service(DLaaS),private data constantly flow among various parties,which inevitably leads to privacy risks.On one hand,data owners worry about the possible exposure of their private data to service providers when they directly upload the data in plaintext.On the other hand,model owners are concerned about that adversaries may steal their costly trained models during extensive data interactions.As a result,combining privacy protection with deep learning has become a hot research topic these days.This paper reviews the research results in privacy-preserving deep learning since 2016,and categorizes the techniques into linear and nonlinear computations,which are the two basic building blocks in deep learning models.Specifically,the pros and cons of diverse tech-niques used in different layers are presented according to time and quantity statistics.In addition,the evolutionary directions of every technique are clarified by tracing their optimization routes.Following a comprehensive overview of each representative research scheme,the hurdles of privacy-preserving deep learning are listed and the resolution as well as promising directions for further research are proposed.

关 键 词：隐私保护深度学习 同态加密 秘密共享 不经意传输 混淆电路 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]