{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,12]],"date-time":"2026-05-12T00:04:03Z","timestamp":1778544243517,"version":"3.51.4"},"publisher-location":"Cham","reference-count":35,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031703645","type":"print"},{"value":"9783031703652","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-70365-2_11","type":"book-chapter","created":{"date-parts":[[2024,9,1]],"date-time":"2024-09-01T04:01:55Z","timestamp":1725163315000},"page":"180-198","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Secure Aggregation Is Not Private Against Membership Inference Attacks"],"prefix":"10.1007","author":[{"given":"Khac-Hoang","family":"Ngo","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Johan","family":"\u00d6stman","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Giuseppe","family":"Durisi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alexandre","family":"Graell i Amat","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,8,22]]},"reference":[{"key":"11_CR1","doi-asserted-by":"crossref","unstructured":"Abadi, M., et al.: Deep learning with differential privacy. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 308\u2013318. ACM, New York (2016)","DOI":"10.1145\/2976749.2978318"},{"key":"11_CR2","unstructured":"Agarwal, N., Suresh, A.T., Yu, F., Kumar, S., McMahan, H.B.: CpSGD: communication-efficient and differentially-private distributed SGD. In: Proceedings of the International Conference in Neural Information Processing Systems (NIPS), NIPS 2018, pp. 7575\u20137586 (2018)"},{"key":"11_CR3","series-title":"Studies in Economic Theory","doi-asserted-by":"publisher","first-page":"217","DOI":"10.1007\/3-540-29578-X_11","volume-title":"Rationality and Equilibrium","author":"M Bagnoli","year":"2006","unstructured":"Bagnoli, M., Bergstrom, T.: Log-concave probability and its applications. In: Aliprantis, C.D., Matzkin, R.L., McFadden, D.L., Moore, J.C., Yannelis, N.C. (eds.) Rationality and Equilibrium. Studies in Economic Theory, vol. 26, pp. 217\u2013241. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/3-540-29578-X_11"},{"key":"11_CR4","unstructured":"Balle, B., Wang, Y.X.: Improving the Gaussian mechanism for differential privacy: analytical calibration and optimal denoising. In: Proceedings of the International Conference Machine Learning (ICML), pp. 394\u2013403. PMLR (2018)"},{"key":"11_CR5","unstructured":"Becker, B., Kohavi, R.: Adult. UCI Machine Learning Repository (1996)"},{"key":"11_CR6","doi-asserted-by":"crossref","unstructured":"Bell, J.H., Bonawitz, K.A., Gasc\u00f3n, A., Lepoint, T., Raykova, M.: Secure single-server aggregation with (poly)logarithmic overhead. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS), pp. 1253\u20131269. ACM, New York (2020)","DOI":"10.1145\/3372297.3417885"},{"key":"11_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"215","DOI":"10.1007\/978-3-642-25385-0_12","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2011","author":"R Bhaskar","year":"2011","unstructured":"Bhaskar, R., Bhowmick, A., Goyal, V., Laxman, S., Thakurta, A.: Noiseless database privacy. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 215\u2013232. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-25385-0_12"},{"key":"11_CR8","doi-asserted-by":"crossref","unstructured":"Boenisch, F., Dziedzic, A., et\u00a0al.: Reconstructing individual data points in federated learning hardened with differential privacy and secure aggregation. In: Proceedings of the European Symposium on Security and Privacy (EuroS&P), pp. 241\u2013257 (2023)","DOI":"10.1109\/EuroSP57164.2023.00023"},{"key":"11_CR9","doi-asserted-by":"crossref","unstructured":"Bonawitz, K., et al.: Practical secure aggregation for privacy-preserving machine learning. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 1175\u20131191 (2017)","DOI":"10.1145\/3133956.3133982"},{"issue":"4","key":"11_CR10","doi-asserted-by":"publisher","first-page":"404","DOI":"10.1093\/biomet\/26.4.404","volume":"26","author":"CJ Clopper","year":"1934","unstructured":"Clopper, C.J., Pearson, E.S.: The use of confidence or fiducial limits illustrated in the case of the binomial. Biometrika 26(4), 404\u2013413 (1934)","journal-title":"Biometrika"},{"key":"11_CR11","doi-asserted-by":"crossref","unstructured":"Cohen, G., Afshar, S., Tapson, J., van Schaik, A.: EMNIST: extending MNIST to handwritten letters. In: Proceedings of International Joint Conference on Neural Networks (IJCNN), pp. 2921\u20132926 (2017)","DOI":"10.1109\/IJCNN.2017.7966217"},{"issue":"1","key":"11_CR12","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1111\/rssb.12454","volume":"84","author":"J Dong","year":"2021","unstructured":"Dong, J., Roth, A., Su, W.: Gaussian differential privacy. J. Roy. Stat. Soc. 84(1), 3\u201337 (2021)","journal-title":"J. Roy. Stat. Soc."},{"key":"11_CR13","doi-asserted-by":"crossref","unstructured":"Duchi, J.C., Jordan, M.I., Wainwright, M.J.: Local privacy and statistical minimax rates. In: Proceedings of the Annual IEEE Symposium on Foundations of Computer Science (FOCS), pp. 429\u2013438 (2013)","DOI":"10.1109\/FOCS.2013.53"},{"key":"11_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"265","DOI":"10.1007\/11681878_14","volume-title":"Theory of Cryptography","author":"C Dwork","year":"2006","unstructured":"Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 265\u2013284. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11681878_14"},{"key":"11_CR15","doi-asserted-by":"crossref","unstructured":"Dwork, C., Roth, A., et\u00a0al.: The algorithmic foundations of differential privacy. Found. Trends\u00ae Theoret. Comput. Sci. 9(3\u20134), 211\u2013407 (2014)","DOI":"10.1561\/0400000042"},{"key":"11_CR16","doi-asserted-by":"crossref","unstructured":"Elkordy, A.R., Zhang, J., Ezzeldin, Y.H., Psounis, K., Avestimehr, S.: How much privacy does federated learning with secure aggregation guarantee? In: Proceedings of the Privacy Enhancing Technologies Symposium (PETS), pp. 510\u2013526 (2023)","DOI":"10.56553\/popets-2023-0030"},{"key":"11_CR17","unstructured":"Fowl, L.H., Geiping, J., Czaja, W., Goldblum, M., Goldstein, T.: Robbing the fed: directly obtaining private data in federated learning with modified models. In: Proceedings of the International Conference on Learning Representations (ICLR) (2022)"},{"key":"11_CR18","unstructured":"Geiping, J., Bauermeister, H., Dr\u00f6ge, H., Moeller, M.: Inverting gradients - how easy is it to break privacy in federated learning? In: Proceedings of the International Conference on Neural Information Processing Systems (NeuRIPS), NeuRIPS 2020 (2020)"},{"issue":"7","key":"11_CR19","doi-asserted-by":"publisher","first-page":"2044","DOI":"10.1109\/TMI.2023.3239391","volume":"42","author":"A Hatamizadeh","year":"2023","unstructured":"Hatamizadeh, A., et al.: Do gradient inversion attacks make federated learning unsafe? IEEE Trans. Med. Imaging 42(7), 2044\u20132056 (2023)","journal-title":"IEEE Trans. Med. Imaging"},{"key":"11_CR20","volume-title":"Probability and Statistical Inference","author":"RV Hogg","year":"2015","unstructured":"Hogg, R.V., Tanis, E.A., Zimmerman, D.: Probability and Statistical Inference, 9th edn. Pearson, Upper Saddle River (2015)","edition":"9"},{"key":"11_CR21","unstructured":"Jagielski, M., Ullman, J., Oprea, A.: Auditing differentially private machine learning: how private is private SGD? In: Advances in Neural Information Processing Systems (NeurIPS), vol. 33, pp. 22205\u201322216 (2020)"},{"key":"11_CR22","unstructured":"Kairouz, P., Liu, Z., Steinke, T.: The distributed discrete Gaussian mechanism for federated learning with secure aggregation. In: Proceedings of the International Conference on Machine Learning (ICML), pp. 5201\u20135212. PMLR (2021)"},{"issue":"6","key":"11_CR23","doi-asserted-by":"publisher","first-page":"4037","DOI":"10.1109\/TIT.2017.2685505","volume":"63","author":"P Kairouz","year":"2017","unstructured":"Kairouz, P., Oh, S., Viswanath, P.: The composition theorem for differential privacy. IEEE Trans. Inf. Theory 63(6), 4037\u20134049 (2017)","journal-title":"IEEE Trans. Inf. Theory"},{"issue":"3","key":"11_CR24","doi-asserted-by":"publisher","first-page":"793","DOI":"10.1137\/090756090","volume":"40","author":"SP Kasiviswanathan","year":"2011","unstructured":"Kasiviswanathan, S.P., Lee, H.K., Nissim, K., Raskhodnikova, S., Smith, A.: What can we learn privately? SIAM J. Comput. 40(3), 793\u2013826 (2011)","journal-title":"SIAM J. Comput."},{"key":"11_CR25","doi-asserted-by":"crossref","unstructured":"Kerkouche, R., \u00c1cs, G., Fritz, M.: Client-specific property inference against secure aggregation in federated learning. In: Proceedings of the Workshop Privacy in the Electronic Society, WPES 2023, pp. 45\u201360. ACM, New York (2023)","DOI":"10.1145\/3603216.3624964"},{"key":"11_CR26","unstructured":"Lam, M., Wei, G.Y., Brooks, D., Reddi, V.J., Mitzenmacher, M.: Gradient disaggregation: breaking privacy in federated learning by reconstructing the user participant matrix. In: Proceedings of the International Conference on Machine Learning (ICML), pp. 5959\u20135968. PMLR (2021)"},{"key":"11_CR27","unstructured":"McMahan, B., Moore, E., Ramage, D., Hampson, S., Arcas, B.A.y.: Communication-efficient learning of deep networks from decentralized data. In: Singh, A., Zhu, J. (eds.) Proceedings of the International Conference on Artificial Intelligence and Statistics (AISTATS). PMLR, vol.\u00a054, pp. 1273\u20131282. PMLR, 20\u201322 April 2017"},{"key":"11_CR28","unstructured":"Merkle, M.: Convolutions of logarithmically concave functions. Publikacije Elektrotehni\u010dkog fakulteta. Serija Matematika, pp. 113\u2013117 (1998)"},{"key":"11_CR29","doi-asserted-by":"crossref","unstructured":"Nasr, M., Shokri, R., Houmansadr, A.: Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning. In: Proceedings of the IEEE Symposium on Security and Privacy (SP), pp. 739\u2013753 (2019)","DOI":"10.1109\/SP.2019.00065"},{"key":"11_CR30","doi-asserted-by":"crossref","unstructured":"So, J., Ali, R.E., G\u00fcler, B., Jiao, J., Avestimehr, A.S.: Securing secure aggregation: mitigating multi-round privacy leakage in federated learning. In: Proceedings of the AAAI Conference on Artificial Intelligence & Conf. Innov. App. Art. Intel. & Symp. Edu. Adv. Art. Intel. AAAI 2023\/IAAI 2023\/EAAI 2023. AAAI Press (2023)","DOI":"10.1609\/aaai.v37i8.26177"},{"key":"11_CR31","unstructured":"Ullah, E., Choquette-Choo, C.A., Kairouz, P., Oh, S.: Private federated learning with autotuned compression. In: Proceedings of the International Conference on Machine Learning (ICML), ICML 2023. JMLR.org (2023)"},{"key":"11_CR32","unstructured":"Van\u00a0der Vaart, A.W.: Asymptotic Statistics, vol.\u00a03. Cambridge University Press, Cambridge (2000)"},{"key":"11_CR33","doi-asserted-by":"crossref","unstructured":"Ye, J., Maddi, A., Murakonda, S.K., Bindschaedler, V., Shokri, R.: Enhanced membership inference attacks against machine learning models. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, CCS 2022, pp. 3093\u20133106 (2022)","DOI":"10.1145\/3548606.3560675"},{"key":"11_CR34","unstructured":"Youn, Y., Hu, Z., Ziani, J., Abernethy, J.: Randomized quantization is all you need for differential privacy in federated learning. In: ICML Workshop (2023)"},{"key":"11_CR35","unstructured":"Zhu, Y., Dong, J., Wang, Y.X.: Optimal accounting of differential privacy via characteristic function. In: Proceedings of the International Conference on Artificial Intelligence and Statistics (AISTATS). PMLR, vol.\u00a0151, pp. 4782\u20134817. PMLR, 28\u201330 March 2022"}],"container-title":["Lecture Notes in Computer Science","Machine Learning and Knowledge Discovery in Databases. Research Track"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-70365-2_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,1]],"date-time":"2024-09-01T04:04:34Z","timestamp":1725163474000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-70365-2_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031703645","9783031703652"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-70365-2_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"22 August 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ECML PKDD","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Joint European Conference on Machine Learning and Knowledge Discovery in Databases","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Vilnius","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Lithuania","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 September 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12 September 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ecml2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/2024.ecmlpkdd.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}