Abstract
Existing secure deep neural network inference works primarily focus on improving inference efficiency, while largely overlooking the integrity verification of model parameters and tamper detection mechanisms in dynamic scenarios. In this paper, we propose SecDV: a lightweight <underline>sec</underline>ure deep neural network inference service with <underline>d</underline>ynamic <underline>v</underline>erification. Specifically, SecDV leverages the CKKS homomorphic encryption scheme to encrypt both input data and model parameters, ensuring their confidentiality. Second, SecDV designs a dynamic verification tree <inline-formula><tex-math notation="LaTeX">$\mathcal {DVT}$</tex-math></inline-formula> based on the Chameleon hash function and digital signature mechanism, which achieves three key objectives: (1) accurately identifying tampered model parameters in the presence of a malicious server; (2) supporting legitimate dynamic updates of model parameters; and (3) enabling efficient verification for multiple clients. Security analysis shows that SecDV ensures both data and model confidentiality while providing robust integrity verification and tamper detection. Performance evaluation further demonstrates that SecDV achieves superior efficiency in terms of verification time and storage overhead compared to the existing works.