{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T05:52:28Z","timestamp":1763704348607,"version":"3.45.0"},"reference-count":64,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,10,26]],"date-time":"2025-10-26T00:00:00Z","timestamp":1761436800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,10,26]],"date-time":"2025-10-26T00:00:00Z","timestamp":1761436800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/100009224","name":"Advanced Research Projects Agency","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100009224","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,10,26]]},"DOI":"10.1109\/iccad66269.2025.11240746","type":"proceedings-article","created":{"date-parts":[[2025,11,20]],"date-time":"2025-11-20T18:39:34Z","timestamp":1763663974000},"page":"1-9","source":"Crossref","is-referenced-by-count":0,"title":["Invited Paper: Optimizing Privacy-Preserving Primitives to Support LLM-Scale Applications"],"prefix":"10.1109","author":[{"given":"Yaman","family":"Jandali","sequence":"first","affiliation":[{"name":"University of California,San Diego"}]},{"given":"Ruisi","family":"Zhang","sequence":"additional","affiliation":[{"name":"University of California,San Diego"}]},{"given":"Nojan","family":"Sheybani","sequence":"additional","affiliation":[{"name":"University of California,San Diego"}]},{"given":"Farinaz","family":"Koushanfar","sequence":"additional","affiliation":[{"name":"University of California,San Diego"}]}],"member":"263","reference":[{"article-title":"Gemini 2.5 pro model","year":"2025","author":"DeepMind","key":"ref1"},{"year":"2025","key":"ref2","article-title":"Introducing GPT-5 for developers"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.26562\/irjcs.2025.v1203.03"},{"article-title":"Ai agents under threat: A survey of key security challenges and future pathways","year":"2024","author":"Deng","key":"ref4"},{"article-title":"A comprehensive overview of large language models","year":"2024","author":"Naveed","key":"ref5"},{"article-title":"Privacy-Preserving Machine Learning: Methods, Challenges and Directions","year":"2021","author":"Xu","key":"ref6"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-98795-4_6"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/SFCS.1986.25"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1137\/0218012"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/1536414.1536440"},{"key":"ref11","doi-asserted-by":"crossref","DOI":"10.1145\/3196494.3196522","article-title":"Chameleon: A hybrid secure computation framework for machine learning applications","author":"Riazi","year":"2018"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/3607192"},{"key":"ref13","first-page":"3266","volume-title":"Coinn: Crypto\/ml codesign for oblivious inference via neural networks","author":"Hussain","year":"2021"},{"key":"ref14","first-page":"2019\/275","article-title":"MPCircuits: Optimized circuit generation for secure multi-party computation","volume-title":"Cryptology ePrint Archive","author":"Riazi","year":"2019"},{"article-title":"Robust and secure code watermarking for large language models via ml\/crypto codesign","year":"2025","author":"Zhang","key":"ref15"},{"key":"ref16","doi-asserted-by":"crossref","DOI":"10.1109\/DAC56929.2023.10247798","article-title":"Zkrownn: Zero knowledge right of ownership for neural networks","author":"Sheybani","year":"2023"},{"key":"ref17","first-page":"487","article-title":"Deepattest: An end-to-end attestation framework for deep neural networks","volume-title":"2019 ACM\/IEEE 46th Annual International Symposium on Computer Architecture (ISCA)","author":"Chen"},{"article-title":"Gptq: Accurate post-training quantization for generative pre-trained transformers","year":"2022","author":"Frantar","key":"ref18"},{"article-title":"Bitnet: Scaling 1-bit transformers for large language models","year":"2023","author":"Wang","key":"ref19"},{"article-title":"Attention is all you need","year":"2017","author":"Vaswani","key":"ref20"},{"article-title":"Llm.int8(): 8-bit matrix multiplication for transformers at scale","year":"2022","author":"Dettmers","key":"ref21"},{"key":"ref22","doi-asserted-by":"crossref","DOI":"10.18653\/v1\/2020.acl-main.195","article-title":"Mobilebert: a compact task-agnostic bert for resource-limited devices","author":"Sun","year":"2020"},{"article-title":"Llama: Open and efficient foundation language models","year":"2023","author":"Touvron","key":"ref23"},{"article-title":"Flashattention: Fast and memory-efficient exact attention with io-awareness","year":"2022","author":"Dao","key":"ref24"},{"key":"ref25","first-page":"218","article-title":"How to play any mental game, or a completeness theorem for protocols with honest majority","volume-title":"Proceedings of the 19th ACM Symposium on Theory of Computing (STOC)","author":"Goldreich"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/359168.359176"},{"article-title":"Trust the process: Zero-knowledge machine learning to enhance trust in generative ai interactions","year":"2024","author":"Ganescu","key":"ref27"},{"article-title":"A survey of zero-knowledge proof based verifiable machine learning","year":"2025","author":"Peng","key":"ref28"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-17653-2_4"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-49896-5_11"},{"key":"ref31","first-page":"169","article-title":"On data banks and privacy homomorphisms","volume-title":"Foundations of Secure Computation","author":"Rivest","year":"1978"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3623136"},{"issue":"1","key":"ref33","first-page":"1","article-title":"Acceleration of he-transformer with bit reduced seal and hexl","volume":"E106.D","author":"Li","year":"2022","journal-title":"IEICE Transactions on Information and Systems"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00092"},{"key":"ref35","first-page":"201","article-title":"Cryptonets: Applying neural networks to encrypted data with high throughput and accuracy","volume-title":"Proceedings of The 33rd International Conference on Machine Learning","volume":"48","author":"Gilad-Bachrach"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134056"},{"article-title":"Efficient transformers: A survey","year":"2020","author":"Tay","key":"ref37"},{"key":"ref38","first-page":"1651","article-title":"GAZELLE: A low latency framework for secure neural network inference","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Juvekar"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.12"},{"article-title":"Fitnets: Hints for thin deep nets","year":"2015","author":"Romero","key":"ref40"},{"article-title":"Deepseek-v3 technical report","year":"2025","author":"DeepSeek-AI","key":"ref41"},{"article-title":"Qwen technical report","year":"2023","author":"Bai","key":"ref42"},{"article-title":"The llama 3 herd of models","year":"2024","author":"Grattafiori","key":"ref43"},{"article-title":"Gemini 1.5: Unlocking multimodal understanding across millions of tokens of context","year":"2024","author":"T","key":"ref44"},{"article-title":"Deepsigns: A generic watermarking framework for ip protection of deep learning models","year":"2018","author":"Rouhani","key":"ref45"},{"article-title":"Deepmarks: A digital fingerprinting framework for deep neural networks","year":"2018","author":"Chen","key":"ref46"},{"key":"ref47","doi-asserted-by":"crossref","DOI":"10.1145\/3649329.3655674","article-title":"Emmark: Robust watermarks for ip protection of embedded quantized large language models","author":"Zhang","year":"2024"},{"key":"ref48","doi-asserted-by":"crossref","DOI":"10.18653\/v1\/2021.emnlp-main.685","article-title":"Codet5: Identifier-aware unified pre-trained encoder-decoder models for code understanding and generation","author":"Wang","year":"2021"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-38348-9_37"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.56553\/popets-2024-0119"},{"article-title":"Confidential computing on nvidia h100 gpus for secure and trustworthy ai","volume-title":"NVIDIA Technical Blog","year":"2023","key":"ref51"},{"key":"ref52","doi-asserted-by":"crossref","DOI":"10.1109\/FCCM60383.2024.00033","article-title":"if-zkp: Intel fpga-based acceleration of zero knowledge proofs","author":"Butt","year":"2024"},{"key":"ref53","first-page":"1101","volume-title":"Unizk: Accelerating zero-knowledge proof with unified hardware and flexible kernel mapping","author":"Wang","year":"2025"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/3656019.3676898"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1007\/s43681-023-00289-2"},{"article-title":"Botsim: Llm-powered malicious social botnet simulation","year":"2024","author":"Qiao","key":"ref56"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.2147\/jmdh.s502351"},{"key":"ref58","doi-asserted-by":"crossref","DOI":"10.36922\/aih.2558","article-title":"Llms-healthcare : Current applications and challenges of large language models in various medical specialties","author":"Mumtaz","year":"2024"},{"article-title":"Towards expert-level medical question answering with large language models","year":"2023","author":"Singhal","key":"ref59"},{"year":"2025","key":"ref60","article-title":"Summary of the hipaa privacy rule"},{"volume-title":"EU Regulation 2016\/679, effective 25 May 2018, 2016, official EU legal framework for personal data protection","key":"ref61","article-title":"General data protection regulation (gdpr)"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom53373.2021.00079"},{"key":"ref63","first-page":"50","article-title":"Privacy enabled financial text classification using differential privacy and federated learning","volume-title":"Proceedings of the Third Workshop on Economics and Natural Language Processing (EconNLP 2021)","author":"Basu"},{"volume-title":"Illinois General Assembly, 2008, defines biometric identifiers, consent requirements, and private right of action","key":"ref64","article-title":"Biometric information privacy act (public act 095-0994)"}],"event":{"name":"2025 IEEE\/ACM International Conference On Computer Aided Design (ICCAD)","start":{"date-parts":[[2025,10,26]]},"location":"Munich, Germany","end":{"date-parts":[[2025,10,30]]}},"container-title":["2025 IEEE\/ACM International Conference On Computer Aided Design (ICCAD)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11240608\/11240621\/11240746.pdf?arnumber=11240746","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T05:43:51Z","timestamp":1763703831000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11240746\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,26]]},"references-count":64,"URL":"https:\/\/doi.org\/10.1109\/iccad66269.2025.11240746","relation":{},"subject":[],"published":{"date-parts":[[2025,10,26]]}}}