Digital In-Memory Compute for Machine Learning Applications With Input and Model Security

Digital in-memory compute (IMC) architectures allow for a balance of the high accuracy and precision necessary for many machine learning applications, with high data reuse and parallelism to reduce energy consumption. However, one often overlooked parameter is security, which is necessary to maintain the privacy and integrity of the accelerator. In this work, we propose an IMC macro design that is protected against two types of eavesdropping attacks, passive physical side-channels and memory bus-probing. This is achieved through secure compute that eliminates the need for random bits, local model decryption with a lightweight cipher, and secret key generation reusing existing IMC circuitry. These contributions provide side-channel security against all practical attackers beyond 1 million samples, while still operating without any effect on neural network accuracy at 8.1 TOPS/W energy efficiency.