Slalom at the Carnival: Privacy-preserving Inference with Masks from Public Knowledge
Authors
Ida Bruhns, Sebastian Berndt, Jonas Sander, Thomas Eisenbarth
Ida Bruhns
Universität zu Lübeck, Lübeck, Germany
ida dot bruhns at uni-luebeck dot de
ida dot bruhns at uni-luebeck dot de
Sebastian Berndt
Technical University of Applied Sciences Lübeck, Lübeck, Germany
sebastian dot berndt at th-luebeck dot de
sebastian dot berndt at th-luebeck dot de
Jonas Sander
Universität zu Lübeck, Lübeck, Germany
j dot sander at uni-luebeck dot de
j dot sander at uni-luebeck dot de
Thomas Eisenbarth
Universität zu Lübeck, Lübeck, Germany
thomas dot eisenbarth at uni-luebeck dot de
thomas dot eisenbarth at uni-luebeck dot de
Abstract
Machine learning applications gain more and more access to highly sensitive information while simultaneously requiring more and more computation resources. Hence, the need for outsourcing these computational expensive tasks while still ensuring security and confidentiality of the data is imminent. In their seminal work, Tramer and Boneh presented the Slalom protocol for privacy-preserving inference by splitting the computation into a data-independent preprocessing phase and a very efficient online phase. In this work, we present a new method to significantly speed up the preprocessing phase by introducing the Carnival protocol. Carnival leverages the pseudo-randomness of the Subset sum problem to also enable efficient outsourcing during the preprocessing phase. In addition to a security proof we also include an empirical study analyzing the landscape of the uniformity of the output of the Subset sum function for smaller parameters. Our findings show that Carnival is a great candidate for real-world implementations.
References
[BBG+20]
Gilles Barthe, Sandrine Blazy, Benjamin Grégoire, Rémi Hutin, Vincent Laporte, David Pichardie, and Alix Trieu. Formal verification of a constant-time preserving C compiler. Proc. ACM Program. Lang., 4(POPL):7:1–7:30, 2020. DOI: 10.1145/3371075
[BBSS20]
Xavier Bonnetain, Rémi Bricout, André Schrottenloher, and Yixin Shen. Improved Classical and Quantum Algorithms for Subset-Sum. In Shiho Moriai and Huaxiong Wang, editors, Advances in Cryptology - ASIACRYPT 2020 - 26th International Conference on the Theory and Application of Cryptology and Information Security, Daejeon, South Korea, December 7-11, 2020, Proceedings, Part II, volume 12492 of Lecture Notes in Computer Science, pages 633–666. 2020. Springer. DOI: 10.1007/978-3-030-64834-3_22
[BDOZ11]
Rikke Bendlin, Ivan Damgård, Claudio Orlandi, and Sarah Zakarias. Semi-homomorphic Encryption and Multiparty Computation. In EUROCRYPT, volume 6632 of Lecture Notes in Computer Science, pages 169–188. 2011. Springer.
[BMD+17]
Ferdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. Software Grand Exposure: SGX Cache Attacks Are Practical. In William Enck and Collin Mulliner, editors, 11th USENIX Workshop on Offensive Technologies, WOOT 2017, Vancouver, BC, Canada, August 14-15, 2017. 2017. USENIX Association.
[BMW+18]
Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. In William Enck and Adrienne Porter Felt, editors, 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15-17, 2018, pages 991–1008. 2018. USENIX Association.
[BPS17]
Jo Van Bulck, Frank Piessens, and Raoul Strackx. SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control. In Proceedings of the 2nd Workshop on System Software for Trusted Execution, SysTEX@SOSP 2017, Shanghai, China, October 28, 2017, pages 4:1–4:6. 2017. ACM. DOI: 10.1145/3152701.3152706
[Bri84]
Ernest F Brickell. Solving low density knapsacks. In Advances in cryptology, pages 25–37. 1984. Springer. DOI: 10.1007/978-1-4684-4730-9_2
[CB19]
Joseph I. Choi and Kevin R. B. Butler. Secure Multiparty Computation and Trusted Hardware: Examining Adoption Challenges and Opportunities. Secur. Commun. Networks, 2019:1368905:1–1368905:28, 2019. DOI: 10.1155/2019/1368905
[CBL+18]
Edward Chou, Josh Beal, Daniel Levy, Serena Yeung, Albert Haque, and Li Fei-Fei. Faster CryptoNets: Leveraging Sparsity for Real-World Encrypted Inference. CoRR, abs/1811.09953, 2018.
[CD16]
Victor Costan and Srinivas Devadas. Intel SGX Explained. IACR Cryptol. ePrint Arch., 2016:86, 2016.
[CGOS22]
Nishanth Chandran, Divya Gupta, Sai Lakshmi Bhavana Obbattu, and Akash Shah. SIMC: ML Inference Secure Against Malicious Clients at Semi-Honest Cost. In Kevin R. B. Butler and Kurt Thomas, editors, 31st USENIX Security Symposium, USENIX Security 2022, Boston, MA, USA, August 10-12, 2022, pages 1361–1378. 2022. USENIX Association.
[CJM20]
Nicholas Carlini, Matthew Jagielski, and Ilya Mironov. Cryptanalytic Extraction of Neural Network Models. In Daniele Micciancio and Thomas Ristenpart, editors, Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, August 17-21, 2020, Proceedings, Part III, volume 12172 of Lecture Notes in Computer Science, pages 189–218. 2020. Springer. DOI: 10.1007/978-3-030-56877-1_7
[CKKS17]
Jung Hee Cheon, Andrey Kim, Miran Kim, and Yong Soo Song. Homomorphic Encryption for Arithmetic of Approximate Numbers. In Tsuyoshi Takagi and Thomas Peyrin, editors, Advances in Cryptology - ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Hong Kong, China, December 3-7, 2017, Proceedings, Part I, volume 10624 of Lecture Notes in Computer Science, pages 409–437. 2017. Springer. DOI: 10.1007/978-3-319-70694-8_15
[CLD16]
Victor Costan, Ilia A. Lebedev, and Srinivas Devadas. Sanctum: Minimal Hardware Extensions for Strong Software Isolation. In Thorsten Holz and Stefan Savage, editors, 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016, pages 857–874. 2016. USENIX Association.
[CPTH21]
Sylvain Chatel, Apostolos Pyrgelis, Juan Ramón Troncoso-Pastoriza, and Jean-Pierre Hubaux. SoK: Privacy-Preserving Collaborative Tree-based Model Learning. Proc. Priv. Enhancing Technol., 2021(3):182–203, 2021. DOI: 10.2478/POPETS-2021-0043
[CR88]
Benny Chor and Ronald L Rivest. A knapsack-type public key cryptosystem based on arithmetic in finite fields. IEEE Transactions on Information Theory, 34(5):901–909, 1988. DOI: 10.1109/18.21214
[DFH+24]
Abdulrahman Diaa, Lucas Fenaux, Thomas Humphries, Marian Dietz, Faezeh Ebrahimianghazani, Bailey Kacsmar, Xinda Li, Nils Lukas, Rasoul Akhavan Mahdavi, Simon Oya, Ehsan Amjadian, and Florian Kerschbaum. Fast and Private Inference of Deep Neural Networks by Co-designing Activation Functions. In 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024 (in Print). 2024. USENIX Association.
[DPSZ12]
Ivan Damgård, Valerio Pastro, Nigel P. Smart, and Sarah Zakarias. Multiparty Computation from Somewhat Homomorphic Encryption. In CRYPTO, volume 7417 of Lecture Notes in Computer Science, pages 643–662. 2012. Springer. DOI: 10.1007/978-3-642-32009-5_38
[ELD24]
Soumia Zohra El Mestari, Gabriele Lenzini, and Huseyin Demirci. Preserving data privacy in machine learning systems. Computers & Security, 137:103605, 2024. DOI: https://doi.org/10.1016/j.cose.2023.103605
[Fre77]
Rusins Freivalds. Probabilistic Machines Can Use Less Running Time.. In IFIP congress, volume 839, pages 842. 1977.
[GAGN15]
Suyog Gupta, Ankur Agrawal, Kailash Gopalakrishnan, and Pritish Narayanan. Deep learning with limited numerical precision. In Francis R. Bach and David M. Blei, editors, Proceedings of the 32nd International Conference on Machine Learning, ICML 2015, Lille, France, 6-11 July 2015, volume 37 of JMLR Workshop and Conference Proceedings, pages 1737–1746. 2015. JMLR.org.
[GDL+16]
Ran Gilad-Bachrach, Nathan Dowlin, Kim Laine, Kristin E. Lauter, Michael Naehrig, and John Wernsing. CryptoNets: Applying Neural Networks to Encrypted Data with High Throughput and Accuracy. In Maria-Florina Balcan and Kilian Q. Weinberger, editors, Proceedings of the 33nd International Conference on Machine Learning, ICML 2016, New York City, NY, USA, June 19-24, 2016, volume 48 of JMLR Workshop and Conference Proceedings, pages 201–210. 2016. JMLR.org.
[GL89]
Oded Goldreich and Leonid A. Levin. A Hard-Core Predicate for all One-Way Functions. In David S. Johnson, editor, Proceedings of the 21st Annual ACM Symposium on Theory of Computing, May 14-17, 1989, Seattle, Washington, USA, pages 25–32. 1989. ACM. DOI: 10.1145/73007.73010
[HMSY21]
Aditya Hegde, Helen Möllering, Thomas Schneider, and Hossein Yalame. SoK: Efficient Privacy-preserving Clustering. Proc. Priv. Enhancing Technol., 2021(4):225–248, 2021. DOI: 10.2478/POPETS-2021-0068
[HWA22]
Hanieh Hashemi, Yongqin Wang, and Murali Annavaram. DarKnight: An Accelerated Framework for Privacy and Integrity Preserving Deep Learning Using Trusted Hardware. CoRR, abs/2207.00083, 2022. DOI: 10.48550/ARXIV.2207.00083
[IN96]
Russell Impagliazzo and Moni Naor. Efficient cryptographic schemes provably as secure as subset sum. Journal of cryptology, 9(4):199–216, 1996. DOI: 10.1007/BF00189260
[Int21]
[Int24]
Intel. Intel Trust Domain Extensions (Intel TDX) Module Base Architecture Specification. Revision 348549-004US. March 2024.
[JVC18]
Chiraag Juvekar, Vinod Vaikuntanathan, and Anantha Chandrakasan. GAZELLE: A Low Latency Framework for Secure Neural Network Inference. In William Enck and Adrienne Porter Felt, editors, 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15-17, 2018, pages 1651–1669. 2018. USENIX Association.
[Kap16]
David Kaplan. AMD x86 Memory Encryption Technologies. Talk, USENIX 2016. August 2016.
[KG11]
Aniket Kate and Ian Goldberg. Generalizing cryptosystems based on the subset sum problem. International Journal of Information Security, 10(3):189–199, 2011. DOI: 10.1007/S10207-011-0129-2
[KRC+20]
Nishant Kumar, Mayank Rathee, Nishanth Chandran, Divya Gupta, Aseem Rastogi, and Rahul Sharma. CrypTFlow: Secure TensorFlow Inference. In 2020 IEEE Symposium on Security and Privacy, SP 2020, San Francisco, CA, USA, May 18-21, 2020, pages 336–353. 2020. IEEE. DOI: 10.1109/SP40000.2020.00092
[Lem79]
Abraham Lempel. Cryptology in transition. ACM Computing Surveys (CSUR), 11(4):285–303, 1979. DOI: 10.1145/356789.356792
[LFFJ20]
Qian Lou, Bo Feng, Geoffrey Charles Fox, and Lei Jiang. Glyph: Fast and Accurately Training Deep Neural Networks on Encrypted Data. In Hugo Larochelle, Marc'Aurelio Ranzato, Raia Hadsell, Maria-Florina Balcan, and Hsuan-Tien Lin, editors, Advances in Neural Information Processing Systems 33: Annual Conference on Neural Information Processing Systems 2020, NeurIPS 2020, December 6-12, 2020, virtual. 2020.
[LKS+20]
Dayeol Lee, David Kohlbrenner, Shweta Shinde, Krste Asanovic, and Dawn Song. Keystone: an open framework for architecting trusted execution environments. In Angelos Bilas, Kostas Magoutis, Evangelos P. Markatos, Dejan Kostic, and Margo I. Seltzer, editors, EuroSys '20: Fifteenth EuroSys Conference 2020, Heraklion, Greece, April 27-30, 2020, pages 38:1–38:16. 2020. ACM. DOI: 10.1145/3342195.3387532
[LLD+22]
Xupeng Li, Xuheng Li, Christoffer Dall, Ronghui Gu, Jason Nieh, Yousuf Sait, and Gareth Stockwell. Design and Verification of the Arm Confidential Compute Architecture. In Marcos K. Aguilera and Hakim Weatherspoon, editors, 16th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2022, Carlsbad, CA, USA, July 11-13, 2022, pages 465–484. 2022. USENIX Association.
[LMSP21]
Ryan Lehmkuhl, Pratyush Mishra, Akshayaram Srinivasan, and Raluca Ada Popa. Muse: Secure Inference Resilient to Malicious Clients. In Michael D. Bailey and Rachel Greenstadt, editors, 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021, pages 2201–2218. 2021. USENIX Association.
[LO85]
Jeffrey C Lagarias and Andrew M Odlyzko. Solving low-density subset sum problems. Journal of the ACM (JACM), 32(1):229–246, 1985. DOI: 10.1145/2455.2461
[LXW+21]
Ximeng Liu, Lehui Xie, Yaopeng Wang, Jian Zou, Jinbo Xiong, Zuobin Ying, and Athanasios V. Vasilakos. Privacy and Security Issues in Deep Learning: A Survey. IEEE Access, 9:4566–4593, 2021. DOI: 10.1109/ACCESS.2020.3045078
[MAB+13]
Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. Innovative instructions and software model for isolated execution. In Ruby B. Lee and Weidong Shi, editors, HASP 2013, The Second Workshop on Hardware and Architectural Support for Security and Privacy, Tel-Aviv, Israel, June 23-24, 2013, pages 10. 2013. ACM. DOI: 10.1145/2487726.2488368
[MH78]
Ralph Merkle and Martin Hellman. Hiding information and signatures in trapdoor knapsacks. IEEE transactions on Information Theory, 24(5):525–530, 1978. DOI: 10.1109/TIT.1978.1055927
[Mic07]
Daniele Micciancio. Generalized Compact Knapsacks, Cyclic Lattices, and Efficient One-Way Functions. Comput. Complex., 16(4):365–411, 2007. DOI: 10.1007/s00037-007-0234-9
[MIE17]
Ahmad Moghimi, Gorka Irazoqui, and Thomas Eisenbarth. CacheZoom: How SGX Amplifies the Power of Cache Attacks. In Wieland Fischer and Naofumi Homma, editors, Cryptographic Hardware and Embedded Systems - CHES 2017 - 19th International Conference, Taipei, Taiwan, September 25-28, 2017, Proceedings, volume 10529 of Lecture Notes in Computer Science, pages 69–90. 2017. Springer. DOI: 10.1007/978-3-319-66787-4_4
[MLS+20]
Pratyush Mishra, Ryan Lehmkuhl, Akshayaram Srinivasan, Wenting Zheng, and Raluca Ada Popa. Delphi: A Cryptographic Inference Service for Neural Networks. In Srdjan Capkun and Franziska Roesner, editors, 29th USENIX Security Symposium, USENIX Security 2020, August 12-14, 2020, pages 2505–2522. 2020. USENIX Association.
[MM11]
Daniele Micciancio and Petros Mol. Pseudorandom Knapsacks and the Sample Complexity of LWE Search-to-Decision Reductions. In Phillip Rogaway, editor, Advances in Cryptology - CRYPTO 2011 - 31st Annual Cryptology Conference, Santa Barbara, CA, USA, August 14-18, 2011. Proceedings, volume 6841 of Lecture Notes in Computer Science, pages 465–484. 2011. Springer. DOI: 10.1007/978-3-642-22792-9_26
[MOG+20]
Kit Murdock, David F. Oswald, Flavio D. Garcia, Jo Van Bulck, Frank Piessens, and Daniel Gruss. Plundervolt: How a Little Bit of Undervolting Can Create a Lot of Trouble. IEEE Secur. Priv., 18(5):28–37, 2020. DOI: 10.1109/MSEC.2020.2990495
[MR18]
Payman Mohassel and Peter Rindal. ABY\({}^{\mbox{3}}\): A Mixed Protocol Framework for Machine Learning. In David Lie, Mohammad Mannan, Michael Backes, and XiaoFeng Wang, editors, Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, October 15-19, 2018, pages 35–52. 2018. ACM. DOI: 10.1145/3243734.3243760
[MSK+20]
Fan Mo, Ali Shahin Shamsabadi, Kleomenis Katevas, Soteris Demetriou, Ilias Leontiadis, Andrea Cavallaro, and Hamed Haddadi. DarkneTZ: towards model privacy at the edge using trusted execution environments. In Eyal de Lara, Iqbal Mohomed, Jason Nieh, and Elizabeth M. Belding, editors, MobiSys '20: The 18th Annual International Conference on Mobile Systems, Applications, and Services, Toronto, Ontario, Canada, June 15-19, 2020, pages 161–174. 2020. ACM. DOI: 10.1145/3386901.3388946
[NAA22]
Yue Niu, Ramy E. Ali, and Salman Avestimehr. 3LegRace: Privacy-Preserving DNN Training over TEEs and GPUs. Proc. Priv. Enhancing Technol., 2022(4):183–203, 2022. DOI: 10.56553/POPETS-2022-0105
[NC23]
Lucien K. L. Ng and Sherman S. M. Chow. SoK: Cryptographic Neural-Network Computation. In 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023, pages 497–514. 2023. IEEE. DOI: 10.1109/SP46215.2023.10179483
[NLDD23]
Deepika Natarajan, Andrew D. Loveless, Wei Dai, and Ronald G. Dreslinski. Chex-Mix: Combining Homomorphic Encryption with Trusted Execution Environments for Oblivious Inference in the Cloud. In 8th IEEE European Symposium on Security and Privacy, EuroS&P 2023, Delft, Netherlands, July 3-7, 2023, pages 73–91. 2023. IEEE. DOI: 10.1109/EUROSP57164.2023.00014
[NPH18]
Florian Neugebauer, Ilia Polian, and John P. Hayes. S-box-based random number generation for stochastic computing. Microprocess. Microsystems, 61:316–326, 2018. DOI: 10.1016/J.MICPRO.2018.06.009
[Odl90]
Andrew M Odlyzko. The rise and fall of knapsack cryptosystems. In Symposia of Applied Mathematics, pages 75–88. 1990.
[OT04]
Keiji Omura and Keisuke Tanaka. Density attack to the knapsack cryptosystems with enumerative source encoding. IEICE transactions on fundamentals of electronics, communications and computer sciences, 87(6):1564–1569, 2004.
[Pis05]
David Pisinger. Where are the hard knapsack problems?. Comput. Oper. Res., 32:2271–2284, 2005. DOI: 10.1016/j.cor.2004.03.002
[PMG+17]
Nicolas Papernot, Patrick D. McDaniel, Ian J. Goodfellow, Somesh Jha, Z. Berkay Celik, and Ananthram Swami. Practical Black-Box Attacks against Machine Learning. In Ramesh Karri, Ozgur Sinanoglu, Ahmad-Reza Sadeghi, and Xun Yi, editors, Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, AsiaCCS 2017, Abu Dhabi, United Arab Emirates, April 2-6, 2017, pages 506–519. 2017. ACM. DOI: 10.1145/3052973.3053009
[QHF+23]
Hong Qin, Debiao He, Qi Feng, Muhammad Khurram Khan, Min Luo, and Kim-Kwang Raymond Choo. Cryptographic Primitives in Privacy-Preserving Machine Learning: A Survey. IEEE Transactions on Knowledge and Data Engineering, 2023. DOI: 10.1109/TKDE.2023.3321803
[RRK18]
Bita Darvish Rouhani, M. Sadegh Riazi, and Farinaz Koushanfar. Deepsecure: scalable provably-secure deep learning. In Proceedings of the 55th Annual Design Automation Conference, DAC 2018, San Francisco, CA, USA, June 24-29, 2018, pages 2:1–2:6. 2018. ACM. DOI: 10.1145/3195970.3196023
[SBBE23]
Jonas Sander, Sebastian Berndt, Ida Bruhns, and Thomas Eisenbarth. DASH: Accelerating Distributed Private Machine Learning Inference with Arithmetic Garbled Circuits. CoRR, abs/2302.06361, 2023. DOI: 10.48550/ARXIV.2302.06361
[Sha82]
Adi Shamir. A polynomial time algorithm for breaking the basic Merkle-Hellman cryptosystem. In 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982), pages 145–152. 1982. IEEE. DOI: 10.1109/SFCS.1982.5
[SMF21]
Muhammad Usama Sardar, Saidgani Musaev, and Christof Fetzer. Demystifying Attestation in Intel Trust Domain Extensions via Formal Verification. IEEE Access, 9:83067–83079, 2021. DOI: 10.1109/ACCESS.2021.3087421
[SSW17]
Peter Scholl, Nigel P. Smart, and Tim Wood. When It's All Just Too Much: Outsourcing MPC-Preprocessing. In Máire O'Neill, editor, Cryptography and Coding - 16th IMA International Conference, IMACC 2017, Oxford, UK, December 12-14, 2017, Proceedings, volume 10655 of Lecture Notes in Computer Science, pages 77–99. 2017. Springer. DOI: 10.1007/978-3-319-71045-7_4
[TB19]
Florian Tramèr and Dan Boneh. Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware. In 7th International Conference on Learning Representations, ICLR 2019, New Orleans, LA, USA, May 6-9, 2019. 2019. OpenReview.net.
[TCBK20]
Harry Chandra Tanuwidjaja, Rakyong Choi, Seunggeun Baek, and Kwangjo Kim. Privacy-Preserving Deep Learning on Machine Learning as a Service - a Comprehensive Survey. IEEE Access, 8:167425–167447, 2020. DOI: 10.1109/ACCESS.2020.3023084
[Tra19]
Florian Tramer. slalom. https://github.com/ftramer/slalom.git. 2019.
[TZJ+16]
Florian Tramèr, Fan Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. Stealing Machine Learning Models via Prediction APIs. In Thorsten Holz and Stefan Savage, editors, 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016, pages 601–618. 2016. USENIX Association.
[VKV98]
Karthik Visweswariah, Sanjeev R. Kulkarni, and Sergio Verdú. Source Codes as Random Number Generators. IEEE Trans. Inf. Theory, 44(2):462–471, 1998. DOI: 10.1109/18.661497
[WMW23]
Qizheng Wang, Wenping Ma, and Weiwei Wang. B-LNN: Inference-time linear model for secure neural network inference. Inf. Sci., 638:118966, 2023. DOI: 10.1016/J.INS.2023.118966
[WRPE24]
Jan Wichelmann, Anja Rabich, Anna Pätschke, and Thomas Eisenbarth. Obelix: Mitigating Side-Channels Through Dynamic Obfuscation. In IEEE Symposium on Security and Privacy, SP 2024, San Francisco, CA, USA, May 19-23, 2024, pages 4182–4199. 2024. IEEE. DOI: 10.1109/SP54263.2024.00261
[WWP22]
Jean-Luc Watson, Sameer Wagh, and Raluca Ada Popa. Piranha: A GPU Platform for Secure Computation. In Kevin R. B. Butler and Kurt Thomas, editors, 31st USENIX Security Symposium, USENIX Security 2022, Boston, MA, USA, August 10-12, 2022, pages 827–844. 2022. USENIX Association.
[WZB+23]
Qifan Wang, Lei Zhou, Jianli Bai, Yun Sing Koh, Shujie Cui, and Giovanni Russello. HT2ML: An efficient hybrid framework for privacy-preserving Machine Learning using HE and TEE. Comput. Secur., 135:103509, 2023. DOI: 10.1016/J.COSE.2023.103509
[XCP15]
Yuanzhong Xu, Weidong Cui, and Marcus Peinado. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015, pages 640–656. 2015. IEEE Computer Society. DOI: 10.1109/SP.2015.45
[ZLT+24]
Guangsheng Zhang, Bo Liu, Huan Tian, Tianqing Zhu, Ming Ding, and Wanlei Zhou. How Does a Deep Learning Model Architecture Impact Its Privacy?. In 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024 (in Print). 2024. USENIX Association.
PDF
History
Submitted: 2024-07-09
Accepted: 2024-09-02
Published: 2024-10-07
Accepted: 2024-09-02
Published: 2024-10-07
How to cite
Ida Bruhns, Sebastian Berndt, Jonas Sander, and Thomas Eisenbarth, Slalom at the Carnival: Privacy-preserving Inference with Masks from Public Knowledge. IACR Communications in Cryptology, vol. 1, no. 3, Oct 07, 2024, doi: 10.62056/akp-49qgxq.
License
Copyright is held by the author(s)
This work is licensed under a Creative Commons Attribution (CC BY) license.