{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,29]],"date-time":"2025-10-29T06:23:22Z","timestamp":1761719002290,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":66,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,12,7]],"date-time":"2020-12-07T00:00:00Z","timestamp":1607299200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Sichuan Science and Technology Program","award":["2020JDTD0007 and 2020YFG0298"],"award-info":[{"award-number":["2020JDTD0007 and 2020YFG0298"]}]},{"name":"Peng Cheng Laboratory Project of Guangdong Province","award":["PCL2018KP004"],"award-info":[{"award-number":["PCL2018KP004"]}]},{"name":"National Key R&D Program of China","award":["2017YFB0802300?2017YFB0802000"],"award-info":[{"award-number":["2017YFB0802300?2017YFB0802000"]}]},{"name":"National Natural Science Foundation of China","award":["62020106013, 61972454, 61802051, 61772121, and 61728102"],"award-info":[{"award-number":["62020106013, 61972454, 61802051, 61772121, and 61728102"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,12,7]]},"DOI":"10.1145\/3427228.3427232","type":"proceedings-article","created":{"date-parts":[[2020,12,9]],"date-time":"2020-12-09T22:20:18Z","timestamp":1607552418000},"page":"784-797","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":24,"title":["Secure and Verifiable Inference in Deep Neural Networks"],"prefix":"10.1145","author":[{"given":"Guowen","family":"Xu","sequence":"first","affiliation":[{"name":"University of Electronic Science and Technology of China, China"}]},{"given":"Hongwei","family":"Li","sequence":"additional","affiliation":[{"name":"University of Electronic Science and Technology of China"}]},{"given":"Hao","family":"Ren","sequence":"additional","affiliation":[{"name":"University of Electronic Science and Technology of China"}]},{"given":"Jianfei","family":"Sun","sequence":"additional","affiliation":[{"name":"University of Electronic Science and Technology of China"}]},{"given":"Shengmin","family":"Xu","sequence":"additional","affiliation":[{"name":"Singapore University of Technology and Design"}]},{"given":"Jianting","family":"Ning","sequence":"additional","affiliation":[{"name":"Fujian Normal University &amp; Singapore Management University"}]},{"given":"Haomiao","family":"Yang","sequence":"additional","affiliation":[{"name":"University of Electronic Science and Technology of China"}]},{"given":"Kan","family":"Yang","sequence":"additional","affiliation":[{"name":"The University of Memphis, United States of America"}]},{"given":"Robert H.","family":"Deng","sequence":"additional","affiliation":[{"name":"Singapore Management University, Singapore"}]}],"member":"320","published-online":{"date-parts":[[2020,12,8]]},"reference":[{"volume-title":"Sanjiv Kumar, and Brendan McMahan.","year":"2018","author":"Agarwal Naman","key":"e_1_3_2_1_1_1"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2017.2787987"},{"volume-title":"Garbled Neural Networks are Practical.IACR Cryptology ePrint Archive 2019","year":"2019","author":"Ball Marshall","key":"e_1_3_2_1_3_1"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133982"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-96878-0_17"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2633600"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1007568.1007636"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jat.2007.05.005"},{"key":"e_1_3_2_1_9_1","unstructured":"Chaochao Chen Liang Li Wenjing Fang Jun Zhou Li Wang Lei Wang Shuang Yang Alex Liu and Hao Wang. 2020. Secret Sharing based Secure Regressions with Applications. arXiv preprint arXiv:2004.04898(2020).  Chaochao Chen Liang Li Wenjing Fang Jun Zhou Li Wang Lei Wang Shuang Yang Alex Liu and Hao Wang. 2020. Secret Sharing based Secure Regressions with Applications. arXiv preprint arXiv:2004.04898(2020)."},{"volume-title":"Asian Conference on Machine Learning. 646\u2013661","year":"2018","author":"Chen Xuhui","key":"e_1_3_2_1_10_1"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cagd.2012.03.001"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"crossref","unstructured":"AD Gadjiev and C Orhan. 2002. Some approximation theorems via statistical convergence. The Rocky Mountain Journal of Mathematics(2002) 129\u2013138.  AD Gadjiev and C Orhan. 2002. Some approximation theorems via statistical convergence. The Rocky Mountain Journal of Mathematics(2002) 129\u2013138.","DOI":"10.1216\/rmjm\/1030539612"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-32928-9_2"},{"volume-title":"Proceedings of the ICML. 201\u2013210","year":"2016","author":"Gilad-Bachrach Ran","key":"e_1_3_2_1_14_1"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/11832072_16"},{"key":"e_1_3_2_1_16_1","first-page":"212","article-title":"Multi-processor reconfigurable in single instruction multiple data (SIMD) and multiple instruction multiple data (MIMD) modes and method of operation","volume":"5","author":"Gove J","year":"1993","journal-title":"US Patent"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-44371-2_31"},{"volume-title":"Mlcapsule: Guarded offline deployment of machine learning as a service. arXiv preprint arXiv:1808.00590(2018).","year":"2018","author":"Hanzlik Lucjan","key":"e_1_3_2_1_18_1"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2019.00486"},{"key":"e_1_3_2_1_20_1","unstructured":"Zecheng He Tianwei Zhang and Ruby\u00a0B Lee. 2018. VerIDeep: Verifying Integrity of Deep Neural Networks through Sensitive-Sample Fingerprinting. arXiv preprint arXiv:1808.03277(2018).  Zecheng He Tianwei Zhang and Ruby\u00a0B Lee. 2018. VerIDeep: Verifying Integrity of Deep Neural Networks through Sensitive-Sample Fingerprinting. arXiv preprint arXiv:1808.03277(2018)."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1515\/popets-2018-0024"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134012"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134012"},{"volume-title":"Chiron: Privacy-preserving machine learning as a service. arXiv preprint arXiv:1803.05961(2018).","year":"2018","author":"Hunt Tyler","key":"e_1_3_2_1_24_1"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"crossref","unstructured":"M. Jagielski A. Oprea B. Biggio C. Liu C. Nita-Rotaru and B. Li. 2018. Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning. In proceedings of the IEEE Security and Privacy. 19\u201335.  M. Jagielski A. Oprea B. Biggio C. Liu C. Nita-Rotaru and B. Li. 2018. Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning. In proceedings of the IEEE Security and Privacy. 19\u201335.","DOI":"10.1109\/SP.2018.00057"},{"volume-title":"Proceedings of the {USENIX} Security. 1651\u20131669","year":"2018","author":"Juvekar Chiraag","key":"e_1_3_2_1_26_1"},{"volume-title":"Efficient Proof Composition for Verifiable Computation. In European Symposium on Research in Computer Security. Springer, 152\u2013171","year":"2018","author":"Keuffer Julien","key":"e_1_3_2_1_27_1"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/JSSC.2002.1015692"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134056"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASPDAC.2018.8297407"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23291"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCD.2017.16"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/89.279274"},{"volume-title":"Proceedings of the ACM CCS. 35\u201352","year":"2018","author":"Mohassel Payman","key":"e_1_3_2_1_34_1"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.12"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.41"},{"key":"e_1_3_2_1_37_1","unstructured":"NhatHai Phan Yue Wang Xintao Wu and Dejing Dou. 2016. Differential Privacy Preservation for Deep Auto-Encoders: an Application of Human Behavior Prediction.. In AAAI Vol.\u00a016. 1309\u20131316.  NhatHai Phan Yue Wang Xintao Wu and Dejing Dou. 2016. Differential Privacy Preservation for Deep Auto-Encoders: an Application of Human Behavior Prediction.. In AAAI Vol.\u00a016. 1309\u20131316."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDM.2017.48"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2019.2911169"},{"volume-title":"Proceedings of the {USENIX} Security. 1501\u20131518","year":"2019","author":"Riazi M\u00a0Sadegh","key":"e_1_3_2_1_40_1"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3196494.3196522"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3195970.3196023"},{"key":"e_1_3_2_1_43_1","unstructured":"Ali Shafahi W\u00a0Ronny Huang Mahyar Najibi Octavian Suciu Christoph Studer Tudor Dumitras and Tom Goldstein. 2018. Poison frogs! targeted clean-label poisoning attacks on neural networks. In Advances in Neural Information Processing Systems. 6103\u20136113.  Ali Shafahi W\u00a0Ronny Huang Mahyar Najibi Octavian Suciu Christoph Studer Tudor Dumitras and Tom Goldstein. 2018. Poison frogs! targeted clean-label poisoning attacks on neural networks. In Advances in Neural Information Processing Systems. 6103\u20136113."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1137\/0915089"},{"volume-title":"Proceedings of the ACM CCS. 1310\u20131321","year":"2015","author":"Shokri Reza","key":"e_1_3_2_1_45_1"},{"volume-title":"Pang Wei\u00a0W Koh, and Percy\u00a0S Liang","year":"2017","author":"Steinhardt Jacob","key":"e_1_3_2_1_46_1"},{"volume-title":"Proceedings of the IEEE ICCV. 1274\u20131283","year":"2017","author":"Tewari Ayush","key":"e_1_3_2_1_47_1"},{"volume-title":"Privado: Practical and secure DNN inference. arXiv preprint arXiv:1810.00602(2018).","year":"2018","author":"Tople Shruti","key":"e_1_3_2_1_48_1"},{"volume-title":"Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware. arXiv preprint arXiv:1806.03287(2018).","year":"2018","author":"Tramer Florian","key":"e_1_3_2_1_49_1"},{"key":"e_1_3_2_1_50_1","unstructured":"Di Wang Minwei Ye and Jinhui Xu. 2017. Differentially private empirical risk minimization revisited: Faster and more general. In Advances in Neural Information Processing Systems. 2722\u20132731.  Di Wang Minwei Ye and Jinhui Xu. 2017. Differentially private empirical risk minimization revisited: Faster and more general. In Advances in Neural Information Processing Systems. 2722\u20132731."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/2499913.2499916"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3035918.3064047"},{"volume-title":"Crypto-nets: Neural networks over encrypted data. arXiv preprint arXiv:1412.6181(2014).","year":"2014","author":"Xie Pengtao","key":"e_1_3_2_1_53_1"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2018.2868162"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/TVT.2019.2895834"},{"volume-title":"VerifyNet: Secure and Verifiable Federated Learning","year":"2019","author":"Xu Guowen","key":"e_1_3_2_1_56_1"},{"volume-title":"Proceedings of ACM CCS. 2312\u20132314","year":"2018","author":"Xu Guowen","key":"e_1_3_2_1_57_1"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCC.2020.2968893"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.001.1900091"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"crossref","unstructured":"G. Xu H. Li Y. Zhang S. Xu J. Ning and R. Deng. 2020. Privacy-Preserving Federated Deep Learning with Irregular Users. IEEE Transactions on Dependable and Secure Computing (2020). https:\/\/doi.org\/10.1109\/TDSC.2020.3005909  G. Xu H. Li Y. Zhang S. Xu J. Ning and R. Deng. 2020. Privacy-Preserving Federated Deep Learning with Irregular Users. IEEE Transactions on Dependable and Secure Computing (2020). https:\/\/doi.org\/10.1109\/TDSC.2020.3005909","DOI":"10.1109\/TDSC.2020.3005909"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/CCNC46108.2020.9045277"},{"volume-title":"Differentially Private Model Publishing for Deep Learning. In proceedings of the IEEE Security and Privacy. 309\u2013326","year":"2019","author":"Yu L","key":"e_1_3_2_1_62_1"},{"volume-title":"Safetynets: Verifiable execution of deep neural networks on an untrusted cloud. In Advances in Neural Information Processing Systems. 4672\u20134681.","year":"2017","author":"Zahra Ghodsi","key":"e_1_3_2_1_63_1"},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243742"},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1109\/ITA.2014.6804228"},{"volume-title":"Proceedings of the ICML. 928\u2013936","year":"2003","author":"Zinkevich Martin","key":"e_1_3_2_1_66_1"}],"event":{"name":"ACSAC '20: Annual Computer Security Applications Conference","acronym":"ACSAC '20","location":"Austin USA"},"container-title":["Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3427228.3427232","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3427228.3427232","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:02:24Z","timestamp":1750197744000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3427228.3427232"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,12,7]]},"references-count":66,"alternative-id":["10.1145\/3427228.3427232","10.1145\/3427228"],"URL":"https:\/\/doi.org\/10.1145\/3427228.3427232","relation":{},"subject":[],"published":{"date-parts":[[2020,12,7]]},"assertion":[{"value":"2020-12-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}