{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,10]],"date-time":"2026-01-10T19:38:58Z","timestamp":1768073938709,"version":"3.49.0"},"publisher-location":"Singapore","reference-count":39,"publisher":"Springer Nature Singapore","isbn-type":[{"value":"9789819609536","type":"print"},{"value":"9789819609543","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-981-96-0954-3_4","type":"book-chapter","created":{"date-parts":[[2025,1,31]],"date-time":"2025-01-31T17:50:52Z","timestamp":1738345852000},"page":"63-82","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Model Extraction Attack on\u00a0MPC Hardened Vertical Federated Learning"],"prefix":"10.1007","author":[{"given":"Xinqian","family":"Wang","sequence":"first","affiliation":[]},{"given":"Xiaoning","family":"Liu","sequence":"additional","affiliation":[]},{"given":"Xun","family":"Yi","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,2,1]]},"reference":[{"key":"4_CR1","doi-asserted-by":"crossref","unstructured":"Araki, T., Furukawa, J., Lindell, Y., Nof, A., Ohara, K.: High-throughput semi-honest secure three-party computation with an honest majority. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 805\u2013817 (2016)","DOI":"10.1145\/2976749.2978331"},{"key":"4_CR2","doi-asserted-by":"crossref","unstructured":"Atallah, M., Bykova, M., Li, J., Frikken, K., Topkara, M.: Private collaborative forecasting and benchmarking. In: Proceedings of the of WPES (2004)","DOI":"10.1145\/1029179.1029204"},{"key":"4_CR3","doi-asserted-by":"crossref","unstructured":"Beaver, D.: Efficient multiparty protocols using circuit randomization. In: Advances in Cryptology-CRYPTO 1991: Proceedings 2011, pp. 420\u2013432. Springer (1992)","DOI":"10.1007\/3-540-46766-1_34"},{"key":"4_CR4","doi-asserted-by":"crossref","unstructured":"Bellare, M., Hoang, V.T., Rogaway, P.: Foundations of garbled circuits. In: Proceedings of the 2012 ACM Conference on Computer and communications security, pp. 784\u2013796 (2012)","DOI":"10.1145\/2382196.2382279"},{"key":"4_CR5","doi-asserted-by":"crossref","unstructured":"Bitansky, N., Canetti, R., Chiesa, A., Tromer, E.: Recursive composition and bootstrapping for snarks and proof-carrying data. In: Proceedings of the Forty-Fifth Annual ACM Symposium on Theory of Computing, pp. 111\u2013120 (2013)","DOI":"10.1145\/2488608.2488623"},{"key":"4_CR6","doi-asserted-by":"crossref","unstructured":"Br\u00fcggemann, A., Schick, O., Schneider, T., Suresh, A., Yalame, H.: Don\u2019t eject the impostor: fast three-party computation with a known cheater. In: 2024 IEEE Symposium on Security and Privacy (SP), pp. 164\u2013164. IEEE Computer Society (2024)","DOI":"10.1109\/SP54263.2024.00164"},{"key":"4_CR7","doi-asserted-by":"crossref","unstructured":"Carlini, N., Jagielski, M., Mironov, I.: Cryptanalytic extraction of neural network models. In: Annual International Cryptology Conference, pp. 189\u2013218. Springer (2020)","DOI":"10.1007\/978-3-030-56877-1_7"},{"key":"4_CR8","unstructured":"Carlini, N., et al.: Stealing part of a production language model (2024)"},{"key":"4_CR9","unstructured":"Ceballos, I., et al.: SplitNN-driven vertical partitioning. arXiv preprint arXiv:2008.04137 (2020)"},{"key":"4_CR10","unstructured":"Chandran, N., Gupta, D., Obbattu, S.L.B., Shah, A.: $$\\{$$SIMC$$\\}$$:$$\\{$$ML$$\\}$$ inference secure against malicious clients at $$\\{$$Semi-Honest$$\\}$$ cost. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 1361\u20131378 (2022)"},{"key":"4_CR11","doi-asserted-by":"crossref","unstructured":"Chen, C., et al.: When homomorphic encryption marries secret sharing: secure large-scale sparse logistic regression and applications in risk control. In: Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery & Data Mining, pp. 2652\u20132662 (2021)","DOI":"10.1145\/3447548.3467210"},{"issue":"6","key":"4_CR12","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1109\/MIS.2021.3082561","volume":"36","author":"K Cheng","year":"2021","unstructured":"Cheng, K., et al.: SecureBoost: a lossless federated learning framework. IEEE Intell. Syst. 36(6), 87\u201398 (2021)","journal-title":"IEEE Intell. Syst."},{"key":"4_CR13","doi-asserted-by":"crossref","unstructured":"Cheon, J.H., Kim, A., Kim, M., Song, Y.: Homomorphic encryption for arithmetic of approximate numbers. In: Advances in Cryptology\u2013ASIACRYPT 2017: 23rd Model Extraction Attack on MPC Hardened Vertical Federated Learning 19 International Conference on the Theory and Applications of Cryptology and Information Security, Part I, Hong Kong, China, 3\u20137 December 2017, pp. 409\u2013437. Springer (2017)","DOI":"10.1007\/978-3-319-70694-8_15"},{"key":"4_CR14","doi-asserted-by":"crossref","unstructured":"Cramer, R., Damg\u00e5rd, I., Escudero, D., Scholl, P., Xing, C.: SPDZ2k: efficient MPC mod 2k for dishonest majority. In: Annual International Cryptology Conference, pp. 769\u2013798. Springer (2018)","DOI":"10.1007\/978-3-319-96881-0_26"},{"key":"4_CR15","doi-asserted-by":"crossref","unstructured":"David, B., Dowsley, R., Katti, R., Nascimento, A.C.: Efficient unconditionally secure comparison and privacy preserving machine learning classification protocols. In: International Conference on Provable Security, pp. 354\u2013367. Springer (2015)","DOI":"10.1007\/978-3-319-26059-4_20"},{"key":"4_CR16","unstructured":"Fu, C., et al.: Label inference attacks against vertical federated learning. In: 31st USENIX Security Symposium (USENIX Security 2022), pp. 1397\u20131414 (2022)"},{"key":"4_CR17","doi-asserted-by":"crossref","unstructured":"Fu, F., Xue, H., Cheng, Y., Tao, Y., Cui, B.: BlindFL: vertical federated machine learning without peeking into your data. In: Proceedings of the 2022 International Conference on Management of Data, pp. 1316\u20131330 (2022)","DOI":"10.1145\/3514221.3526127"},{"key":"4_CR18","unstructured":"Gasc\u00f3n, A., et al.: Privacy-preserving distributed linear regression on high-dimensional data. Cryptology ePrint Archive (2016)"},{"key":"4_CR19","doi-asserted-by":"crossref","unstructured":"Gong, M., et al.: A multi-modal vertical federated learning framework based on homomorphic encryption. IEEE Trans. Inf. Forensics Secur. (2023)","DOI":"10.1109\/TIFS.2023.3340994"},{"key":"4_CR20","unstructured":"Hardy, S., et al.: Private federated learning on vertically partitioned data via entity resolution and additively homomorphic encryption. arXiv preprint arXiv:1711.10677 (2017)"},{"key":"4_CR21","unstructured":"Jagielski, M., Carlini, N., Berthelot, D., Kurakin, A., Papernot, N.: High accuracy and high fidelity extraction of neural networks. In: 29th USENIX Security Symposium (USENIX Security 2020), pp. 1345\u20131362 (2020)"},{"issue":"2","key":"4_CR22","first-page":"263","volume":"2022","author":"X Jiang","year":"2022","unstructured":"Jiang, X., Zhou, X., Grossklags, J.: Comprehensive analysis of privacy leakage in vertical federated learning during prediction. Proc. Priv. Enhanc. Technol. 2022(2), 263\u2013281 (2022)","journal-title":"Proc. Priv. Enhanc. Technol."},{"key":"4_CR23","doi-asserted-by":"crossref","unstructured":"Juuti, M., Szyller, S., Marchal, S., Asokan, N.: PRADA: protecting against DNN model stealing attacks. In: 2019 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 512\u2013527. IEEE (2019)","DOI":"10.1109\/EuroSP.2019.00044"},{"key":"4_CR24","doi-asserted-by":"crossref","unstructured":"Keller, M.: MP-SPDZ: a versatile framework for multi-party computation. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pp. 1575\u20131590 (2020)","DOI":"10.1145\/3372297.3417872"},{"key":"4_CR25","unstructured":"Keller, M., Sun, K.: Secure quantized training for deep learning. In: International Conference on Machine Learning, pp. 10912\u201310938. PMLR (2022)"},{"key":"4_CR26","unstructured":"Lehmkuhl, R., Mishra, P., Srinivasan, A., Popa, R.A.: Muse: secure inference resilient to malicious clients. In: 30th USENIX Security Symposium (USENIX Security 2021), pp. 2201\u20132218 (2021)"},{"key":"4_CR27","unstructured":"Li, S., Yao, D., Liu, J.: FedVS: straggler-resilient and privacy-preserving vertical federated learning for split models. In: Proceedings of the 40th International Conference on Machine Learning, ICML 2023. JMLR.org (2023)"},{"key":"4_CR28","doi-asserted-by":"crossref","unstructured":"Liu, Y., et al.: Vertical federated learning: concepts, advances, and challenges. IEEE Trans. Knowl. Data Eng. (2024)","DOI":"10.1109\/TKDE.2024.3352628"},{"key":"4_CR29","doi-asserted-by":"crossref","unstructured":"Luo, X., Wu, Y., Xiao, X., Ooi, B.C.: Feature inference attack on model predictions in vertical federated learning. In: 2021 IEEE 37th International Conference on Data Engineering (ICDE), pp. 181\u2013192. IEEE (2021)","DOI":"10.1109\/ICDE51399.2021.00023"},{"key":"4_CR30","unstructured":"McMahan, B., Moore, E., Ramage, D., Hampson, S., y Arcas, B.A.: Communication-efficient learning of deep networks from decentralized data. In: Artificial Intelligence and Statistics, pp. 1273\u20131282. PMLR (2017)"},{"key":"4_CR31","doi-asserted-by":"crossref","unstructured":"Mishra, P., Lehmkuhl, R., Srinivasan, A., Zheng, W., Popa, R.A.: Delphi: a cryptographic inference service for neural networks. In: 29th USENIX Security Symposium (USENIX Security 2020), pp. 2505\u20132522. USENIX Association (2020). https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/mishra","DOI":"10.1145\/3411501.3419418"},{"key":"4_CR32","doi-asserted-by":"crossref","unstructured":"Ruan, W., Xu, M., Fang, W., Wang, L., Wang, L., Han, W.: Private, efficient, and accurate: protecting models trained by multi-party learning with differential privacy. In: 2023 IEEE Symposium on Security and Privacy (SP), pp. 1926\u20131943. IEEE (2023)","DOI":"10.1109\/SP46215.2023.10179422"},{"key":"4_CR33","first-page":"10533","volume":"35","author":"J Shao","year":"2022","unstructured":"Shao, J., Sun, Y., Li, S., Zhang, J.: DRES-FL: Dropout-resilient secure federated learning for non-IID clients via secret data sharing. Adv. Neural. Inf. Process. Syst. 35, 10533\u201310545 (2022)","journal-title":"Adv. Neural. Inf. Process. Syst."},{"key":"4_CR34","unstructured":"Tram\u00e8r, F., Zhang, F., Juels, A., Reiter, M.K., Ristenpart, T.: Stealing machine learning models via prediction $$\\{$$APIs$$\\}$$. In: 25th USENIX Security Symposium (USENIX Security 2016), pp. 601\u2013618 (2016)"},{"key":"4_CR35","doi-asserted-by":"crossref","unstructured":"Wagh, S., Gupta, D., Chandran, N.: SecureNN: 3-party secure computation for neural network training. In: Proceedings on Privacy Enhancing Technologies (2019)","DOI":"10.2478\/popets-2019-0035"},{"issue":"10","key":"4_CR36","doi-asserted-by":"publisher","first-page":"2471","DOI":"10.14778\/3603581.3603588","volume":"16","author":"Y Wu","year":"2023","unstructured":"Wu, Y., et al.: Falcon: a privacy-preserving and interpretable vertical federated learning system. Proc. VLDB Endow. 16(10), 2471\u20132484 (2023)","journal-title":"Proc. VLDB Endow."},{"key":"4_CR37","doi-asserted-by":"crossref","unstructured":"Xu, R., Baracaldo, N., Zhou, Y., Anwar, A., Joshi, J., Ludwig, H.: FedV: privacy-preserving federated learning over vertically partitioned data. In: Proceedings of the 14th ACM Workshop on Artificial Intelligence and Security, pp. 181\u2013192 (2021)","DOI":"10.1145\/3474369.3486872"},{"key":"4_CR38","doi-asserted-by":"crossref","unstructured":"Zhao, J., et al.: VFLR: An efficient and privacy-preserving vertical federated framework for logistic regression. IEEE Trans. Cloud Comput. (2023)","DOI":"10.1109\/TCC.2023.3247870"},{"key":"4_CR39","unstructured":"Zhu, R., Huang, Y., Katz, J., Shelat, A.: The $$\\{$$Cut-and-Choose$$\\}$$ game and its application to cryptographic protocols. In: 25th USENIX Security Symposium (USENIX Security 2016), pp. 1085\u20131100 (2016)"}],"container-title":["Lecture Notes in Computer Science","Provable and Practical Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-96-0954-3_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,31]],"date-time":"2025-01-31T17:51:12Z","timestamp":1738345872000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-96-0954-3_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9789819609536","9789819609543"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/978-981-96-0954-3_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"1 February 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ProvSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Provable Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Gold Coast, QLD","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Australia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 September 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 September 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"provsec2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/provsec2024.github.io\/ProvSec2024\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}