40 research outputs found
SIMC 2.0: Improved Secure ML Inference Against Malicious Clients
In this paper, we study the problem of secure ML inference against a
malicious client and a semi-trusted server such that the client only learns the
inference output while the server learns nothing. This problem is first
formulated by Lehmkuhl \textit{et al.} with a solution (MUSE, Usenix
Security'21), whose performance is then substantially improved by Chandran et
al.'s work (SIMC, USENIX Security'22). However, there still exists a nontrivial
gap in these efforts towards practicality, giving the challenges of overhead
reduction and secure inference acceleration in an all-round way.
We propose SIMC 2.0, which complies with the underlying structure of SIMC,
but significantly optimizes both the linear and non-linear layers of the model.
Specifically, (1) we design a new coding method for homomorphic parallel
computation between matrices and vectors. It is custom-built through the
insight into the complementarity between cryptographic primitives in SIMC. As a
result, it can minimize the number of rotation operations incurred in the
calculation process, which is very computationally expensive compared to other
homomorphic operations e.g., addition, multiplication). (2) We reduce the size
of the garbled circuit (GC) (used to calculate nonlinear activation functions,
e.g., ReLU) in SIMC by about two thirds. Then, we design an alternative
lightweight protocol to perform tasks that are originally allocated to the
expensive GCs. Compared with SIMC, our experiments show that SIMC 2.0 achieves
a significant speedup by up to for linear layer computation, and
at least reduction of both the computation and communication
overheads in the implementation of non-linear layers under different data
dimensions. Meanwhile, SIMC 2.0 demonstrates an encouraging runtime boost by
over SIMC on different state-of-the-art ML models
Boosting Decision-Based Black-Box Adversarial Attack with Gradient Priors
Decision-based methods have shown to be effective in black-box adversarial
attacks, as they can obtain satisfactory performance and only require to access
the final model prediction. Gradient estimation is a critical step in black-box
adversarial attacks, as it will directly affect the query efficiency. Recent
works have attempted to utilize gradient priors to facilitate score-based
methods to obtain better results. However, these gradient priors still suffer
from the edge gradient discrepancy issue and the successive iteration gradient
direction issue, thus are difficult to simply extend to decision-based methods.
In this paper, we propose a novel Decision-based Black-box Attack framework
with Gradient Priors (DBA-GP), which seamlessly integrates the data-dependent
gradient prior and time-dependent prior into the gradient estimation procedure.
First, by leveraging the joint bilateral filter to deal with each random
perturbation, DBA-GP can guarantee that the generated perturbations in edge
locations are hardly smoothed, i.e., alleviating the edge gradient discrepancy,
thus remaining the characteristics of the original image as much as possible.
Second, by utilizing a new gradient updating strategy to automatically adjust
the successive iteration gradient direction, DBA-GP can accelerate the
convergence speed, thus improving the query efficiency. Extensive experiments
have demonstrated that the proposed method outperforms other strong baselines
significantly.Comment: Accepted by IJCAI 202
Effectiveness and safety of auricular acupuncture on adjuvant analgesia in patients with total knee arthroplasty: a randomized sham-controlled trial
ObjectiveThis study aimed to evaluate the effectiveness and safety of auricular acupuncture (AA) on postoperative analgesia, the degree of postoperative nausea, and the effect of inflammation after total knee arthroplasty (TKA).MethodsThis was a single-center, placebo-controlled, randomized clinical trial. In total, 96 patients were randomly divided into an AA group with an indwelling intradermal needle (n = 48) and a sham auricular acupuncture (SAA) group with a non-penetrating placebo needle (n = 48). Intra-spinal anesthesia was adopted in both groups during surgery, and an epidural analgesic pump was implanted after surgery for 48 h. The primary outcome was the post-surgery visual analog score (VAS) of resting and movement states (at 6, 12 h and 1, 2, 3, 5, and 7 days). The secondary outcomes included additional doses of analgesic injection during the treatment, C-reactive protein (CRP) levels, erythrocyte sedimentation rate (ESR), and white blood cell (WBC) count on the 1st, 3rd, and 7th day after the operation, nausea on the 1st, 2nd, and 3rd day after the operation, the Hospital for Special Surgery Knee Score (HSS) on the 2nd and 12th week after the operation, and adverse events.ResultsThe VAS in the AA group at 6 h, 12 h, 2, 3, and 5 days after surgery were lower than those of the SAA group (p < 0.05). Among the secondary outcomes, the total dose of additional analgesic injection after surgery in the AA group was lower than that in the SAA group (p < 0.05). The serum CRP on the 1st day after operation in the AA group was lower than that in the SAA group (p < 0.05). The degree of nausea on 2nd day after surgery in the AA group was lower than that in the SAA group (p < 0.05). There was no significant difference in other outcomes (p > 0.05).ConclusionIn this study, AA was shown to be an effective and safe complementary and alternative therapy for pain relief after TKA, which was able to reduce the total postoperative dose of additional painkillers, decrease serum CRP 1 day after surgery, and improve the degree of postoperative nausea.Clinical trial registrationwww.chictr.org.cn, ChiCTR2100054403
Perturbation optimization of maximum power point tracking of photovoltaic power systems based on practical solar irradiance data
There is a dilemma for fixed step perturb-and-observe (P&O) maximum power point tracking (MPPT) method which is the tracking accuracy and speed. The idea of this paper is to propose an optimized solution which can be regard as a trade-off between performance and cost. The optimal selection of the perturb step size will be designed off-line for a specific location based on their local meteorological data. The step size also can be updated monthly for better system performance without increasing the control complexity. Simulation and experiments have been carried out to verify the effectiveness and superiority of the proposed method. The experimental results show an example with 5.8% of energy generation increase by selecting optimal step size based on the local irradiance data