TY - GEN
T1 - WeightLock
T2 - 5th IEEE International Conference on Artificial Intelligence Circuits and Systems, AICAS 2023
AU - Wang, Jianfeng
AU - Chen, Zhonghao
AU - Chen, Yiming
AU - Xu, Yixin
AU - Wang, Tianyi
AU - Yu, Yao
AU - Narayanan, Vijaykrishnan
AU - George, Sumitha
AU - Yang, Huazhong
AU - Li, Xueqing
N1 - Funding Information:
This work is supported in part by National Key R&D Program of China (#2019YFA0706100), NSFC (#U21B2030, #92264204, #61934005), Tsinghua University-Daimler Greater China Ltd. JISM, and NSF (#2008365).
Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - With the wide use of NVM-based DNN accelerators for higher computing efficiency, the long data retention time essentially causes a high risk of unauthorized weight stealing by attackers. Weight encryption is an effective method, but existing ciphertext computing accelerators cannot achieve high encryption complexity and flexibility. This paper proposes WeightLock, a mixed-grained hardware-software co-design approach based on local decrypting units (LDUs). This work proposes a key-controlled cell-level hardware design for higher granularity and two weight selection schemes for higher flexibility. The simulation results show that the accuracy of VGG-8 and ResNet-18 in the Cifar-10 classification drops from 80% to only 10% even if 80% of keys are leaked. This shows >20% higher key leakage tolerance and >17x longer retraining latency protection, compared with the prior state-of-the-art hardware and software approaches, respectively. The area cost of the encryption function is negligible, with ~600x, 2.2x, and 2.4x reduction from the state-of-the-art cell-wise, column-wise, and 1T4R structures, respectively.
AB - With the wide use of NVM-based DNN accelerators for higher computing efficiency, the long data retention time essentially causes a high risk of unauthorized weight stealing by attackers. Weight encryption is an effective method, but existing ciphertext computing accelerators cannot achieve high encryption complexity and flexibility. This paper proposes WeightLock, a mixed-grained hardware-software co-design approach based on local decrypting units (LDUs). This work proposes a key-controlled cell-level hardware design for higher granularity and two weight selection schemes for higher flexibility. The simulation results show that the accuracy of VGG-8 and ResNet-18 in the Cifar-10 classification drops from 80% to only 10% even if 80% of keys are leaked. This shows >20% higher key leakage tolerance and >17x longer retraining latency protection, compared with the prior state-of-the-art hardware and software approaches, respectively. The area cost of the encryption function is negligible, with ~600x, 2.2x, and 2.4x reduction from the state-of-the-art cell-wise, column-wise, and 1T4R structures, respectively.
UR - http://www.scopus.com/inward/record.url?scp=85166375186&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85166375186&partnerID=8YFLogxK
U2 - 10.1109/AICAS57966.2023.10168612
DO - 10.1109/AICAS57966.2023.10168612
M3 - Conference contribution
AN - SCOPUS:85166375186
T3 - AICAS 2023 - IEEE International Conference on Artificial Intelligence Circuits and Systems, Proceeding
BT - AICAS 2023 - IEEE International Conference on Artificial Intelligence Circuits and Systems, Proceeding
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 11 June 2023 through 13 June 2023
ER -