摘要: 随着深度学习在移动终端与物联网场景中的广泛应用，资源受限设备对高效、安全模型推理的需求日益增强。二值神经网络(BNN)通过权重与激活二值化显著降低计算与存储开销，但在“机器学习即服务”模式下，推理外包至云端执行，如何兼顾输入隐私、模型机密性与结果可验证性成为关键问题。针对现有方案在效率、通信与可验证性之间难以平衡的不足，本文提出一种支持外包可验证的BNN隐私推理框架。该方案基于椭圆曲线ElGamal同态加密构建密文线性计算结构，引入“Ciphertext as Commitment”范式实现与Pedersen承诺的统一表达，并结合广义内积论证协议，实现线性层对数级通信验证。针对非线性层推理，设计同态置换与乘法掩码结合的交互式协议，实现符号激活函数的安全验证。安全性分析与实验结果表明，该方案在保障推理正确性的同时有效降低验证与通信开销，适用于资源受限环境下的安全外包推理。

Abstract: With the widespread application of deep learning in mobile terminals and IoT scenarios, the demand for efficient and secure model inference on resource-constrained devices is increasing day by day. Binary neural networks (BNN) significantly reduce computational and storage costs by binarizing weights and activations. However, in the “machine learning as a service” model, inference is outsourced to the cloud for execution. How to balance input privacy, model confidentiality, and result verifiability becomes a key issue. In response to the shortcomings of existing solutions in balancing efficiency, communication, and verifiability, this paper proposes a BNN privacy inference framework that supports outsourced verification. This scheme is built based on the elliptic curve ElGamal homomorphic encryption to construct a ciphertext linear computing structure. The “iphertext-as-Commitment” paradigm is introduced to achieve a unified expression with Pedersen commitment, and combined with the generalized inner product argument protocol, it realizes logarithmic-level communication verification for the linear layer. For non-linear layer inference, an interactive protocol combining homomorphic permutation and multiplication mask is designed to achieve secure verification of symbolic activation functions. Security analysis and experimental results show that this scheme effectively reduces verification and communication costs while ensuring the correctness of inference, and is suitable for secure outsourced inference in resource-constrained environments.