{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T02:09:39Z","timestamp":1769911779262,"version":"3.49.0"},"publisher-location":"Cham","reference-count":51,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031965890","type":"print"},{"value":"9783031965906","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-96590-6_6","type":"book-chapter","created":{"date-parts":[[2025,6,23]],"date-time":"2025-06-23T08:57:44Z","timestamp":1750669064000},"page":"96-115","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Encrypt What Matters: Selective Model Encryption for\u00a0More Efficient Secure Federated Learning"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6316-6409","authenticated-orcid":false,"given":"Federico","family":"Mazzone","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7759-7368","authenticated-orcid":false,"given":"Ahmad","family":"Al Badawi","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5566-3763","authenticated-orcid":false,"given":"Yuriy","family":"Polyakov","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5302-8985","authenticated-orcid":false,"given":"Maarten","family":"Everts","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4049-5354","authenticated-orcid":false,"given":"Florian","family":"Hahn","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2929-5001","authenticated-orcid":false,"given":"Andreas","family":"Peter","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,6,24]]},"reference":[{"key":"6_CR1","doi-asserted-by":"crossref","unstructured":"Abadi, M., et al.: Deep learning with differential privacy. In: Proceedings of the SIGSAC Conference on Computer and Communications Security (2016)","DOI":"10.1145\/2976749.2978318"},{"key":"6_CR2","unstructured":"Agarap, A.F.: Training deep neural networks for image classification in a homogenous distributed system (2019)"},{"key":"6_CR3","unstructured":"Albrecht, M., et al.: Homomorphic encryption security standard. Technical report, HomomorphicEncryption.org, Toronto, Canada (2018)"},{"issue":"3","key":"6_CR4","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1515\/jmc-2015-0016","volume":"9","author":"MR Albrecht","year":"2015","unstructured":"Albrecht, M.R., Player, R., Scott, S.: On the concrete hardness of learning with errors. J. Math. Cryptol. 9(3), 169\u2013203 (2015)","journal-title":"J. Math. Cryptol."},{"key":"6_CR5","doi-asserted-by":"crossref","unstructured":"Bell, J.H., Bonawitz, K.A., Gasc\u00f3n, A., Lepoint, T., Raykova, M.: Secure single-server aggregation with (poly) logarithmic overhead. In: Proceedings of the SIGSAC Conference on Computer and Communications Security (2020)","DOI":"10.1145\/3372297.3417885"},{"key":"6_CR6","doi-asserted-by":"crossref","unstructured":"Bonawitz, K., et al.: Practical secure aggregation for privacy-preserving machine learning. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1175\u20131191 (2017)","DOI":"10.1145\/3133956.3133982"},{"key":"6_CR7","unstructured":"Burkhart, M., Strasser, M., Many, D., Dimitropoulos, X.: SEPIA: privacy-preserving aggregation of multi-domain network events and statistics. In: USENIX Security Symposium (2010)"},{"key":"6_CR8","doi-asserted-by":"crossref","unstructured":"Byali, M., Chaudhari, H., Patra, A., Suresh, A.: Flash: fast and robust framework for privacy-preserving machine learning. Cryptology ePrint Archive (2019)","DOI":"10.2478\/popets-2020-0036"},{"key":"6_CR9","doi-asserted-by":"crossref","unstructured":"Carlini, N., Chien, S., Nasr, M., Song, S., Terzis, A., Tramer, F.: Membership inference attacks from first principles. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 1897\u20131914. IEEE (2022)","DOI":"10.1109\/SP46214.2022.9833649"},{"key":"6_CR10","unstructured":"Chan, T.H.H., Shi, E., Song, D.: Privacy-preserving stream aggregation with fault tolerance. In: Financial Cryptography and Data Security: 16th International Conference, FC 2012, Kralendijk, Bonaire, 27 February-2 March 2012, Revised Selected Papers 16, pp. 200\u2013214. Springer (2012)"},{"key":"6_CR11","doi-asserted-by":"crossref","unstructured":"Chaudhari, H., Rachuri, R., Suresh, A.: Trident: efficient 4PC framework for privacy preserving machine learning. arXiv preprint arXiv:1912.02631 (2019)","DOI":"10.14722\/ndss.2020.23005"},{"key":"6_CR12","doi-asserted-by":"crossref","unstructured":"Cheon, J.H., Kim, A., Kim, M., Song, Y.: Homomorphic encryption for arithmetic of approximate numbers. In: Advances in Cryptology\u2013ASIACRYPT: International Conference on the Theory and Applications of Cryptology and Information Security. Springer (2017)","DOI":"10.1007\/978-3-319-70694-8_15"},{"key":"6_CR13","unstructured":"Choquette-Choo, C.A., Tramer, F., Carlini, N., Papernot, N.: Label-only membership inference attacks. In: International Conference on Machine Learning, pp. 1964\u20131974. PMLR (2021)"},{"key":"6_CR14","unstructured":"Dosovitskiy, A., et al.: An image is worth 16x16 words: transformers for image recognition at scale. arXiv preprint arXiv:2010.11929 (2020)"},{"key":"6_CR15","unstructured":"Duchi, J., Hazan, E., Singer, Y.: Adaptive subgradient methods for online learning and stochastic optimization. J. Mach. Learn. Res. 12(7) (2011)"},{"key":"6_CR16","doi-asserted-by":"crossref","unstructured":"Froelicher, D., et al.: Scalable privacy-preserving distributed learning. Proc. Priv. Enhancing Technol. (2021)","DOI":"10.2478\/popets-2021-0030"},{"key":"6_CR17","unstructured":"Gilad-Bachrach, R., Dowlin, N., Laine, K., Lauter, K., Naehrig, M., Wernsing, J.: Cryptonets: applying neural networks to encrypted data with high throughput and accuracy. In: International Conference on Machine Learning, pp. 201\u2013210. PMLR (2016)"},{"key":"6_CR18","unstructured":"Gupta, U., Stripelis, D., Lam, P.K., Thompson, P., Ambite, J.L., Ver\u00a0Steeg, G.: Membership inference attacks on deep regression models for neuroimaging. In: Medical Imaging with Deep Learning, pp. 228\u2013251. PMLR (2021)"},{"key":"6_CR19","doi-asserted-by":"publisher","first-page":"2529","DOI":"10.1007\/s11280-020-00780-4","volume":"23","author":"X Huang","year":"2020","unstructured":"Huang, X., Ding, Y., Jiang, Z.L., Qi, S., Wang, X., Liao, Q.: DP-FL: a novel differentially private federated learning framework for the unbalanced data. World Wide Web 23, 2529\u20132545 (2020)","journal-title":"World Wide Web"},{"key":"6_CR20","doi-asserted-by":"crossref","unstructured":"Jia, J., Salem, A., Backes, M., Zhang, Y., Gong, N.Z.: Memguard: defending against black-box membership inference attacks via adversarial examples. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 259\u2013274 (2019)","DOI":"10.1145\/3319535.3363201"},{"key":"6_CR21","doi-asserted-by":"crossref","unstructured":"Juuti, M., Szyller, S., Marchal, S., Asokan, N.: Prada: protecting against DNN model stealing attacks. In: 2019 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 512\u2013527. IEEE (2019)","DOI":"10.1109\/EuroSP.2019.00044"},{"key":"6_CR22","unstructured":"Juvekar, C., Vaikuntanathan, V., Chandrakasan, A.: $$\\{$$GAZELLE$$\\}$$: a low latency framework for secure neural network inference. In: USENIX Security Symposium (2018)"},{"key":"6_CR23","unstructured":"Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014)"},{"key":"6_CR24","unstructured":"Krizhevsky, A., Sutskever, I., Hinton, G.E.: Imagenet classification with deep convolutional neural networks. In: Advances in Neural Information Processing Systems, vol. 25 (2012)"},{"key":"6_CR25","doi-asserted-by":"crossref","unstructured":"Kumar, N., Rathee, M., Chandran, N., Gupta, D., Rastogi, A., Sharma, R.: Cryptflow: secure tensorflow inference. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 336\u2013353. IEEE (2020)","DOI":"10.1109\/SP40000.2020.00092"},{"key":"6_CR26","unstructured":"Li, J., Li, N., Ribeiro, B.: Effective passive membership inference attacks in federated learning against overparameterized models. In: The Eleventh International Conference on Learning Representations (2023)"},{"key":"6_CR27","doi-asserted-by":"crossref","unstructured":"Li, Z., Zhang, Y.: Membership leakage in label-only exposures. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 880\u2013895 (2021)","DOI":"10.1145\/3460120.3484575"},{"key":"6_CR28","doi-asserted-by":"crossref","unstructured":"Liu, J., Juuti, M., Lu, Y., Asokan, N.: Oblivious neural network predictions via minionn transformations. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 619\u2013631 (2017)","DOI":"10.1145\/3133956.3134056"},{"issue":"10","key":"6_CR29","doi-asserted-by":"publisher","first-page":"2400","DOI":"10.1109\/JSAC.2020.3000373","volume":"38","author":"H Lu","year":"2020","unstructured":"Lu, H., Li, M.J., He, T., Wang, S., Narayanan, V., Chan, K.S.: Robust coreset construction for distributed machine learning. IEEE J. Sel. Areas Commun. 38(10), 2400\u20132417 (2020)","journal-title":"IEEE J. Sel. Areas Commun."},{"key":"6_CR30","unstructured":"McMahan, B., Moore, E., Ramage, D., Hampson, S., Arcas, B.A.: Communication-efficient learning of deep networks from decentralized data. In: Artificial Intelligence and Statistics, pp. 1273\u20131282. PMLR (2017)"},{"key":"6_CR31","unstructured":"McMahan, H.B., Ramage, D., Talwar, K., Zhang, L.: Learning differentially private recurrent language models. arXiv preprint arXiv:1710.06963 (2017)"},{"key":"6_CR32","doi-asserted-by":"crossref","unstructured":"Melis, L., Song, C., De\u00a0Cristofaro, E., Shmatikov, V.: Exploiting unintended feature leakage in collaborative learning. In: Symposium on Security and Privacy (SP). IEEE (2019)","DOI":"10.1109\/SP.2019.00029"},{"key":"6_CR33","unstructured":"Mohassel, P., Rindal, P.: ABY3: a mixed protocol framework for machine learning. In: Proceedings of the SIGSAC Conference on Computer and Communications Security (2018)"},{"key":"6_CR34","doi-asserted-by":"crossref","unstructured":"Mohassel, P., Zhang, Y.: Secureml: a system for scalable privacy-preserving machine learning. In: Symposium on Security and Privacy (SP). IEEE (2017)","DOI":"10.1109\/SP.2017.12"},{"key":"6_CR35","doi-asserted-by":"crossref","unstructured":"Mouchet, C., Troncoso-Pastoriza, J., Bossuat, J.P., Hubaux, J.P.: Multiparty homomorphic encryption from ring-learning-with-errors. Proc. Priv. Enhancing Technol. (CONF) (2021)","DOI":"10.2478\/popets-2021-0071"},{"key":"6_CR36","doi-asserted-by":"crossref","unstructured":"Nasr, M., Shokri, R., Houmansadr, A.: Machine learning with membership privacy using adversarial regularization. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 634\u2013646 (2018)","DOI":"10.1145\/3243734.3243855"},{"key":"6_CR37","doi-asserted-by":"publisher","unstructured":"Nasr, M., Shokri, R., Houmansadr, A.: Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning. In: Symposium on Security and Privacy (S &P). IEEE (2019). https:\/\/doi.org\/10.1109\/SP.2019.00065","DOI":"10.1109\/SP.2019.00065"},{"key":"6_CR38","unstructured":"Papernot, N., Abadi, M., Erlingsson, U., Goodfellow, I., Talwar, K.: Semi-supervised knowledge transfer for deep learning from private training data. In: Proceedings of the International Conference on Learning Representations (ICLR), Toulon, France (2017)"},{"key":"6_CR39","first-page":"1","volume":"3","author":"L Ren","year":"2024","unstructured":"Ren, L., Liu, Z., Li, F., Liang, K., Li, Z., Luo, B.: Privdnn: a secure multi-party computation framework for deep learning using partial DNN encryption. Proc. Priv. Enhancing Technol. 3, 1\u201318 (2024)","journal-title":"Proc. Priv. Enhancing Technol."},{"key":"6_CR40","doi-asserted-by":"crossref","unstructured":"Riazi, M.S., Weinert, C., Tkachenko, O., Songhori, E.M., Schneider, T., Koushanfar, F.: Chameleon: a hybrid secure computation framework for machine learning applications. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 707\u2013721 (2018)","DOI":"10.1145\/3196494.3196522"},{"key":"6_CR41","doi-asserted-by":"crossref","unstructured":"Ruan, W., Xu, M., Fang, W., Wang, L., Wang, L., Han, W.: Private, efficient, and accurate: protecting models trained by multi-party learning with differential privacy. In: 2023 IEEE Symposium on Security and Privacy (SP), pp. 1926\u20131943. IEEE (2023)","DOI":"10.1109\/SP46215.2023.10179422"},{"key":"6_CR42","doi-asserted-by":"crossref","unstructured":"Sav, S., et al.: Poseidon: privacy-preserving federated neural network learning. In: Network and Distributed System Security Symposium (NDSS). The Internet Society (2021)","DOI":"10.14722\/ndss.2021.24119"},{"key":"6_CR43","doi-asserted-by":"crossref","unstructured":"Shejwalkar, V., Houmansadr, A.: Membership privacy for machine learning models through knowledge transfer. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol.\u00a035, pp. 9549\u20139557 (2021)","DOI":"10.1609\/aaai.v35i11.17150"},{"key":"6_CR44","unstructured":"Shi, E., Chan, H., Rieffel, E., Chow, R., Song, D.: Privacy-preserving aggregation of time-series data. In: Annual Network & Distributed System Security Symposium (NDSS). Internet Society (2011)"},{"key":"6_CR45","doi-asserted-by":"crossref","unstructured":"Shokri, R., Shmatikov, V.: Privacy-preserving deep learning. In: Proceedings of the SIGSAC Conference on Computer and Communications Security (2015)","DOI":"10.1109\/ALLERTON.2015.7447103"},{"key":"6_CR46","doi-asserted-by":"crossref","unstructured":"Shokri, R., Stronati, M., Song, C., Shmatikov, V.: Membership inference attacks against machine learning models. In: Symposium on Security and Privacy (SP). IEEE (2017)","DOI":"10.1109\/SP.2017.41"},{"key":"6_CR47","doi-asserted-by":"crossref","unstructured":"Song, S., Chaudhuri, K., Sarwate, A.D.: Stochastic gradient descent with differentially private updates. In: 2013 IEEE Global Conference on Signal and Information Processing, pp. 245\u2013248. IEEE (2013)","DOI":"10.1109\/GlobalSIP.2013.6736861"},{"key":"6_CR48","unstructured":"Tieleman, T., Hinton, G., et\u00a0al.: Lecture 6.5-rmsprop: divide the gradient by a running average of its recent magnitude. COURSERA: Neural Netw. Mach. Learn. 4(2), 26\u201331 (2012)"},{"key":"6_CR49","unstructured":"Tramer, F., Boneh, D.: Slalom: fast, verifiable and private execution of neural networks in trusted hardware. arXiv preprint arXiv:1806.03287 (2018)"},{"key":"6_CR50","doi-asserted-by":"crossref","unstructured":"Wagh, S., Gupta, D., Chandran, N.: Securenn: 3-party secure computation for neural network training. Proc. Priv. Enhancing Technol. (2019)","DOI":"10.2478\/popets-2019-0035"},{"key":"6_CR51","doi-asserted-by":"crossref","unstructured":"Wagh, S., Tople, S., Benhamouda, F., Kushilevitz, E., Mittal, P., Rabin, T.: Falcon: honest-majority maliciously secure framework for private deep learning. arXiv preprint arXiv:2004.02229 (2020)","DOI":"10.2478\/popets-2021-0011"}],"container-title":["Lecture Notes in Computer Science","Data and Applications Security and Privacy XXXIX"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-96590-6_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,23]],"date-time":"2025-06-23T09:02:48Z","timestamp":1750669368000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-96590-6_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031965890","9783031965906"],"references-count":51,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-96590-6_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"24 June 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"The authors have no competing interests to declare that\u00a0are relevant to the content of this article.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Disclosure of Interests"}},{"value":"DBSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP Annual Conference on Data and Applications Security and Privacy","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Gj\u00f8vik","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Norway","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 June 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 June 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"39","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dbsec2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.ntnu.edu\/web\/dbsec2025\/dbsec2025","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}