As deep learning models become increasingly complex, executing inference locally on resource-constrained devices such as IoT sensors, drones, or embedded systems has become increasingly impractical. Offloading computation to nearby edge servers or cloud servers offers an attractive solution, but it also raises critical privacy concerns: The data used for inference often contain sensitive personal or contextual information and transmitting them to an untrusted server may expose users to data leakage.

To address this problem, I introduced a practical framework for secure deep neural networks inference outsourcing [1] that protect input confidentiality while maintaining real-time performance by eliminating the reliance on heavy cryptographic tools such as homomorphic encryption or multi-party computation. The key insight is to separate neural computations into linear and non-linear parts: linear layers (e.g., convolutional and fully connected) dominate the computational cost and can be securely outsourced, while non-linear activations remain local. This design leverages the algebraic linearity of neural networks to achieve both efficiency and privacy.

To realize this idea, I developed an interactive Privacy-Preserving Scalar Product (iPPSP) Evaluation primitive that enables secure linear computation outsourcing using lightweight one-time-pad encryption. The protocol ensures confidentiality under standard cryptographic assumptions, requires minimal computation on the client side, and remains compatible with existing deep-learning frameworks and GPU acceleration. This work is validated through extensive experiments using IoT devices such as Raspberry Pi and drones. More importantly, because the protocol relies only on linearity, it generalizes naturally to diverse neural architectures such as CNNs, RNNs, and transformers, making it great potential to be broadly applicable across edge, IoT, and distributed learning settings.

Federated learning (FL) enables multiple participants to collaboratively train machine-learning models without centralizing their raw data, offering a promising foundation for privacy-preserving analytics across organizations and devices. However, by keeping training local, FL trades data confidentiality for a new vulnerability: integrity violations. Malicious or lazy participants can submit falsified model updates without performing proper training, degrading model quality and undermining trust. This risk is amplified in cross-silo and IoT deployments, where devices operate under heterogeneous conditions and may not be fully trusted. My research addresses this issue by leveraging Trusted Execution Environments (TEEs) to ensure both verifiable training integrity and computational efficiency under a zero-trust assumption. I made the following main contributions:

A. Integrity Verification for Federated Learning [2]: To ensure the integrity of training participants in Federated Learning, I take advantage of TEEs to design a sampling-based retraining verification protocol  The solution randomly selects a subset of the training rounds to be reproduced inside TEE, allowing the server to verify whether participants have executed legitimate training on their committed data. Furthermore, we incorporate the core idea of the secure offloading techniques from my previous work. Specifically, I introduce a partial training offloading scheme that allows the secure enclaves to offload the linear operations to co-located GPUs, protected by lightweight OTP encryptions and pseudorandom permutation. This design significantly improves the scalability by eliminating the need to perform the entire training process within TEEs. In addition, the proposed framework removes the requirement for all participants to possess TEEs, as only the verifier operates within a trusted environment. This flexibility broadens the applicability of the framework to diverse federated learning settings, making it practical for large-scale and heterogeneous deployments.

B. Accumulator-based Integrity Verification for Federated Learning [3]: While previous work smartly addresses the integrity concern by leveraging the sampling-based retraining strategies with secure offloading techniques to unleash TEEs, I further advance integrity assurance by eliminating the need for retraining. I design a lightweight accumulator that records cryptographic commitments of the intermediate gradients throughout the local training process. Instead of retraining, in this design, the verifier validates if these accumulators are equal to the local model updates. This commitment-based mechanism significantly reduces computational overhead while maintaining verifiable correctness. By combining TEE-assisted attestation with cryptographic accumulation, the framework achieves efficient, privacy-preserving verification suitable for resource-constrained and sensitive domains such as healthcare.

In this project, we aim to utilize the efficient ring LWE version to improve the  efficiency of multi-authority ABE that achieves decentralization. We design a RLWE-based MA-ABE protocol and prove its security under selective security model. The analysis shows our protocol improve the efficiency by a factor of N^2 compared to other lattice-based MA-ABE with same functionalities. And preliminary results demonstrate an encryption and decryption time of 28.60 and 15.71 seconds respectively when $N=1024$, thereby showing the feasibility of our construction in real-world applications. 

We are currently working on the implementation of our protocol and plan to release the codes as an open-source library on Github.