{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,22]],"date-time":"2025-10-22T23:18:01Z","timestamp":1761175081519,"version":"build-2065373602"},"publisher-location":"Cham","reference-count":24,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032017987","type":"print"},{"value":"9783032017994","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,10,23]],"date-time":"2025-10-23T00:00:00Z","timestamp":1761177600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,10,23]],"date-time":"2025-10-23T00:00:00Z","timestamp":1761177600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-01799-4_6","type":"book-chapter","created":{"date-parts":[[2025,10,22]],"date-time":"2025-10-22T07:47:45Z","timestamp":1761119265000},"page":"94-112","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Arithmetic Masking Countermeasure to\u00a0Mitigate Side-Channel-Based Model Extraction Attack on\u00a0DNN Accelerator"],"prefix":"10.1007","author":[{"given":"Hirokatsu","family":"Yamasaki","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1293-6415","authenticated-orcid":false,"given":"Kota","family":"Yoshida","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0004-4180-9217","authenticated-orcid":false,"given":"Yuta","family":"Fukuda","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9441-3137","authenticated-orcid":false,"given":"Takeshi","family":"Fujino","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,10,23]]},"reference":[{"key":"6_CR1","doi-asserted-by":"publisher","unstructured":"Amano, R., Sakiyama, K., Miyahara, D., Li, Y.: Los trick: countermeasure against CPA for DNN models using loss of significance in multiply-accumulate operations. In: Twelfth International Symposium on Computing and Networking, CANDAR 2024 - Workshops, Naha, Japan, 26-29 November 2024, pp. 240\u2013246. IEEE (2024). https:\/\/doi.org\/10.1109\/CANDARW64572.2024.00046","DOI":"10.1109\/CANDARW64572.2024.00046"},{"key":"6_CR2","unstructured":"Batina, L., Bhasin, S., Jap, D., Picek, S.: CSI NN: reverse engineering of neural network architectures through electromagnetic side channel. In: 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, 14-16 August 2019, pp. 515\u2013532. USENIX Association (2019)"},{"key":"6_CR3","doi-asserted-by":"publisher","unstructured":"Bhasin, S., Jap, D., Picek, S.: On (in)security of edge-based machine learning against electromagnetic side-channels. In: 2022 IEEE International Symposium on Electromagnetic Compatibility & Signal\/Power Integrity (EMCSI), pp. 262\u2013267 (2022). https:\/\/doi.org\/10.1109\/EMCSI39492.2022.9889639","DOI":"10.1109\/EMCSI39492.2022.9889639"},{"key":"6_CR4","doi-asserted-by":"publisher","unstructured":"Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Cryptographic Hardware and Embedded Systems - CHES 2004: 6th International Workshop Cambridge, MA, USA, 11-13 August 2004. Proceedings. LNCS, vol.\u00a03156, pp. 16\u201329. Springer (2004). https:\/\/doi.org\/10.1007\/978-3-540-28632-5_2","DOI":"10.1007\/978-3-540-28632-5_2"},{"key":"6_CR5","unstructured":"Fredrikson, M., Lantz, E., Jha, S., Lin, S.M., Page, D., Ristenpart, T.: Privacy in pharmacogenetics: an end-to-end case study of personalized warfarin dosing. In: Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, 20-22 August 2014, pp. 17\u201332. USENIX Association (2014)"},{"key":"6_CR6","doi-asserted-by":"publisher","unstructured":"Gao, Y., Ma, H., Yan, M., He, J., Zhao, Y., Jin, Y.: NNLEAK: an AI-oriented DNN model extraction attack through multi-stage side channel analysis. In: Asian Hardware Oriented Security and Trust Symposium, AsianHOST 2023, Tianjin, China, 13-15 December 2023, pp.\u00a01\u20136. IEEE (2023). https:\/\/doi.org\/10.1109\/ASIANHOST59942.2023.10409396","DOI":"10.1109\/ASIANHOST59942.2023.10409396"},{"key":"6_CR7","unstructured":"Gupta, N., Jati, A., Chattopadhyay, A.: AI attacks AI: recovering neural network architecture from NVDLA using ai-assisted side channel attack. IACR Cryptol. ePrint Arch, p.\u00a0368 (2023)"},{"key":"6_CR8","doi-asserted-by":"publisher","unstructured":"Hua, W., Zhang, Z., Suh, G.E.: Reverse engineering convolutional neural networks through side-channel information leaks. In: Proceedings of the 55th Annual Design Automation Conference, DAC 2018, San Francisco, CA, USA, 24-29 June 2018, pp. 4:1\u20134:6. ACM (2018). https:\/\/doi.org\/10.1145\/3195970.3196105","DOI":"10.1145\/3195970.3196105"},{"key":"6_CR9","doi-asserted-by":"publisher","unstructured":"Jouppi, N.P., et\u00a0al.: In-datacenter performance analysis of a tensor processing unit. In: Proceedings of the 44th Annual International Symposium on Computer Architecture, ISCA 2017, Toronto, ON, Canada, 24-28 June 2017. pp. 1\u201312. ACM (2017). https:\/\/doi.org\/10.1145\/3079856.3080246","DOI":"10.1145\/3079856.3080246"},{"issue":"1","key":"6_CR10","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1109\/MC.1982.1653825","volume":"15","author":"HT Kung","year":"1982","unstructured":"Kung, H.T.: Why systolic architectures? Computer 15(1), 37\u201346 (1982). https:\/\/doi.org\/10.1109\/MC.1982.1653825","journal-title":"Computer"},{"issue":"11","key":"6_CR11","doi-asserted-by":"publisher","first-page":"1054","DOI":"10.1109\/TC.1982.1675922","volume":"31","author":"S Kung","year":"1982","unstructured":"Kung, S., Arun, K.S., Gal-Ezer, R.J., Rao, D.V.B.: Wavefront array processor: language, architecture, and applications. IEEE Trans. Comput. 31(11), 1054\u20131066 (1982). https:\/\/doi.org\/10.1109\/TC.1982.1675922","journal-title":"IEEE Trans. Comput."},{"key":"6_CR12","doi-asserted-by":"publisher","unstructured":"Li, G., Tiwari, M., Orshansky, M.: Power-based attacks on spatial DNN accelerators. ACM J. Emerg. Technol. Comput. Syst. 18(3), 58:1\u201358:18 (2022). https:\/\/doi.org\/10.1145\/3491219","DOI":"10.1145\/3491219"},{"key":"6_CR13","doi-asserted-by":"publisher","unstructured":"Moini, S., Tian, S., Holcomb, D.E., Szefer, J., Tessier, R.: Power side-channel attacks on BNN accelerators in remote fpgas. IEEE J. Emerg. Sel. Topics Circuits Syst. 11(2), 357\u2013370 (2021). https:\/\/doi.org\/10.1109\/JETCAS.2021.3074608","DOI":"10.1109\/JETCAS.2021.3074608"},{"key":"6_CR14","doi-asserted-by":"publisher","unstructured":"Nozaki, H., Kobara, K.: Power analysis of floating-point operations for leakage resistance evaluation of neural network model parameters. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 107(3), 331\u2013343 (2024). https:\/\/doi.org\/10.1587\/TRANSFUN.2023CIP0012","DOI":"10.1587\/TRANSFUN.2023CIP0012"},{"key":"6_CR15","doi-asserted-by":"publisher","unstructured":"Nozaki, Y., Yoshikawa, M.: Shuffling countermeasure against power side-channel attack for MLP with software implementation. In: 2021 IEEE 4th International Conference on Electronics and Communication Engineering (ICECE), pp. 39\u201342 (2021). https:\/\/doi.org\/10.1109\/ICECE54449.2021.9674668","DOI":"10.1109\/ICECE54449.2021.9674668"},{"key":"6_CR16","unstructured":"Szegedy, C., et al.: Intriguing properties of neural networks. In: 2nd International Conference on Learning Representations, ICLR 2014, Banff, AB, Canada, 14-16 April 2014, Conference Track Proceedings (2014)"},{"key":"6_CR17","doi-asserted-by":"publisher","unstructured":"Tian, S., Moini, S., Wolnikowski, A., Holcomb, D.E., Tessier, R., Szefer, J.: Remote power attacks on the versatile tensor accelerator in multi-tenant FPGAS. In: 29th IEEE Annual International Symposium on Field-Programmable Custom Computing Machines, FCCM 2021, Orlando, FL, USA, 9-12 May 2021, pp. 242\u2013246. IEEE (2021). https:\/\/doi.org\/10.1109\/FCCM51124.2021.00037","DOI":"10.1109\/FCCM51124.2021.00037"},{"key":"6_CR18","doi-asserted-by":"publisher","unstructured":"Yan, X., Chang, C., Zhang, T.: Defense against ml-based power side-channel attacks on DNN accelerators with adversarial attacks. CoRR abs\/2312.04035 (2023). https:\/\/doi.org\/10.48550\/ARXIV.2312.04035","DOI":"10.48550\/ARXIV.2312.04035"},{"key":"6_CR19","doi-asserted-by":"publisher","unstructured":"Yan, X., et al.: MERCURY: an automated remote side-channel attack to nvidia deep learning accelerator. In: International Conference on Field Programmable Technology, ICFPT 2023, Yokohama, Japan, 12-14 December 2023, pp. 188\u2013197. IEEE (2023). https:\/\/doi.org\/10.1109\/ICFPT59805.2023.00026","DOI":"10.1109\/ICFPT59805.2023.00026"},{"key":"6_CR20","doi-asserted-by":"publisher","unstructured":"Yoshida, K., Kubota, T., Okura, S., Shiozaki, M., Fujino, T.: Model reverse-engineering attack using correlation power analysis against systolic array based neural network accelerator. In: IEEE International Symposium on Circuits and Systems, ISCAS 2020, Sevilla, Spain, 10-21 October 2020, pp.\u00a01\u20135. IEEE (2020). https:\/\/doi.org\/10.1109\/ISCAS45731.2020.9180580","DOI":"10.1109\/ISCAS45731.2020.9180580"},{"key":"6_CR21","doi-asserted-by":"publisher","unstructured":"Yoshida, K., Kubota, T., Shiozaki, M., Fujino, T.: Model-extraction attack against FPGA-DNN accelerator utilizing correlation electromagnetic analysis. In: 27th IEEE Annual International Symposium on Field-Programmable Custom Computing Machines, FCCM 2019, San Diego, CA, USA, April 28 - May 1, 2019, p.\u00a0318. IEEE (2019). https:\/\/doi.org\/10.1109\/FCCM.2019.00059","DOI":"10.1109\/FCCM.2019.00059"},{"key":"6_CR22","doi-asserted-by":"publisher","unstructured":"Yoshida, K., Shiozaki, M., Okura, S., Kubota, T., Fujino, T.: Model reverse-engineering attack against systolic-array-based DNN accelerator using correlation power analysis. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 104-A(1), 152\u2013161 (2021). https:\/\/doi.org\/10.1587\/TRANSFUN.2020CIP0024","DOI":"10.1587\/TRANSFUN.2020CIP0024"},{"key":"6_CR23","doi-asserted-by":"publisher","unstructured":"Yu, H., Ma, H., Yang, K., Zhao, Y., Jin, Y.: DeepEM: deep neural networks model recovery through EM side-channel information leakage. In: 2020 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2020, San Jose, CA, USA, 7-11 December 2020, pp. 209\u2013218. IEEE (2020). https:\/\/doi.org\/10.1109\/HOST45689.2020.9300274","DOI":"10.1109\/HOST45689.2020.9300274"},{"key":"6_CR24","doi-asserted-by":"publisher","first-page":"4377","DOI":"10.1109\/TIFS.2021.3106169","volume":"16","author":"Y Zhang","year":"2021","unstructured":"Zhang, Y., Yasaei, R., Chen, H., Li, Z., Faruque, M.A.A.: Stealing neural network structure through remote FPGA side-channel analysis. IEEE Trans. Inf. Forensics Secur. 16, 4377\u20134388 (2021). https:\/\/doi.org\/10.1109\/TIFS.2021.3106169","journal-title":"IEEE Trans. Inf. Forensics Secur."}],"container-title":["Lecture Notes in Computer Science","Applied Cryptography and Network Security Workshops"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-01799-4_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,22]],"date-time":"2025-10-22T07:47:49Z","timestamp":1761119269000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-01799-4_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,23]]},"ISBN":["9783032017987","9783032017994"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-01799-4_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,10,23]]},"assertion":[{"value":"23 October 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ACNS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Applied Cryptography and Network Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Munich","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Germany","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 June 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 June 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"acns2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/acns2025.fordaysec.de\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}