Vp³CNN: A Verifiable Privacy-Preserving Three-Party Scheme for Convolutional Neural Network Inference

Machine Learning as a Service (MLaaS) has emerged as a prominent computing model. In MLaaS, ensuring the correctness of results poses a significant challenge. Zero-knowledge proofs (ZKP) present a potential solution, but they often come with substantial memory overhead. Additionally, there is insufficient attention given to the privacy risks associated with untrustworthy servers. In this paper, we introduce Vp³CNN, a three-party verifiable privacy-preserving Convolutional Neural Network (CNN) inference scheme. In Vp³CNN, users verify the correctness of CNN inference through a lightweight ZKP protocol grounded in Vector Oblivious Linear Evaluation (VOLE). This protocol is designed to ensure that servers incur minimal memory overhead while maintaining the integrity of the verification. Based on the optimization of the convolutional relation, the scheme reduces the computational cost associated with the verification process of the convolution operations. Vp³CNN employs two non-colluded servers to protect user data privacy via secret sharing schemes. We implement our scheme in C++ and evaluate its performance using the MNIST and CIFAR-10 datasets. Compared to existing methods, Vp³CNN achieves a speedup of 4-5 \times for convolution verification and does not compromise the accuracy, achieving a rate of 97.8\% on the MNIST.