The paper introduces TrEEStealer, a novel side-channel attack that efficiently steals Decision Trees (DTs) protected within Trusted Execution Environments (TEEs), demonstrating that TEEs fail to provi…

This paper provides a comparative analysis and benchmarking of Secure Multi-Party Computation (SMPC) and Fully Homomorphic Encryption (FHE) for machine learning, finding that the optimal choice depend…

The paper proposes $\sf PVODTE$, a novel two-server protocol for private and verifiable outsourcing of decision tree evaluation that eliminates server-to-server communication, making it suitable for W…

This paper corrects the theoretical analysis of DP-SGD by identifying that common implementations, which use batch averaging, result in weaker privacy guarantees than previously reported.

The paper introduces Zero-Run privacy auditing, a post-hoc framework that allows for practical differential privacy evaluation of large, deployed models without requiring retraining or controlled data…

TAPAS introduces an efficient, asymmetric two-server private aggregation scheme that significantly reduces computational and communication costs for large-scale federated learning compared to existing…

The paper proposes a universal graph backdoor defense framework that addresses feature-based graph backdoor attacks, which are more challenging than traditional subgraph-based attacks, by leveraging l…

The paper introduces Appraisal, a novel Screening-then-Linkage framework (PPRS) that significantly improves the scalability and efficiency of Privacy-Preserving Record Linkage by incorporating a light…

This paper empirically evaluates the effectiveness of Differential Privacy (DP) against Membership Inference Attacks (MIAs) in Federated Learning, demonstrating that a stacking attack strategy can det…

The paper proposes a Public/Private Hybrid Head-VFL (PPHH-VFL) architecture that significantly accelerates secure time-series inference by splitting the model head into efficient public and secure pri…

The paper introduces Asymmetric Langevin Unlearning (ALU), a novel framework that uses public data to significantly reduce the utility loss typically associated with certified machine unlearning, enab…

This paper provides a comprehensive, system-level comparison of MPC and FHE for Privacy-Preserving Machine Learning (PPML) across various models and environments, moving beyond single-metric latency a…

This paper demonstrates a novel attack against the shuffling defense used in secure Transformer inference, showing that randomly permuted activations can still be exploited to recover model weights.

TENNOR is a system that enables efficient and private training of wide neural networks in untrusted cloud environments by using doubly oblivious primitives and a novel memory-efficient hashing scheme.

The paper proposes using deep learning to empirically test the indistinguishability of various post-quantum and hybrid cryptographic schemes, finding that no tested combination showed a significant ad…

This paper introduces a novel supply-chain attack that uses model code backdoors to actively steal sensitive secrets from local LLM fine-tuning datasets, bypassing current privacy defenses.

EncFormer is a novel two-party framework that significantly improves the efficiency and scalability of private Transformer inference by optimizing the combination of Fully Homomorphic Encryption (FHE)…

Gyokuro is a novel Source-assisted Private Membership Testing (SPMT) protocol that uses Trusted Execution Environments (TEEs) to efficiently and privately verify data item existence in large databases…

The paper proposes a novel method using fully homomorphic encryption (FHE) to learn causal structures while preserving data privacy, achieving high consistency and practical efficiency.

This paper presents a novel data-free Membership Inference Attack (MIA) that uses gradient inversion on Standard Cell Library Layouts (SCLLs) to reconstruct sensitive hardware images from intercepted…