{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,19]],"date-time":"2026-06-19T16:03:53Z","timestamp":1781885033377,"version":"3.54.5"},"reference-count":163,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2024,12,9]],"date-time":"2024-12-09T00:00:00Z","timestamp":1733702400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2025,4,30]]},"abstract":"<jats:p>Traditionally, deep learning practitioners would bring data into a central repository for model training and inference. Recent developments in distributed learning, such as federated learning and deep learning as a service (DLaaS), do not require centralized data and instead push computing to where the distributed datasets reside. These decentralized training schemes, however, introduce additional security and privacy challenges. This survey first structures the field of distributed learning into two main paradigms and then provides an overview of the recently published protective measures for each. This work highlights both secure training methods as well as private inference measures. Our analyses show that recent publications, while being highly dependent on the problem definition, report progress in terms of security, privacy, and efficiency. Nevertheless, we also identify several current issues within the private and secure distributed deep learning (PSDDL) field that require more research. We discuss these issues and provide a general overview of how they might be resolved.<\/jats:p>","DOI":"10.1145\/3703452","type":"journal-article","created":{"date-parts":[[2024,11,16]],"date-time":"2024-11-16T07:31:12Z","timestamp":1731742272000},"page":"1-43","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["Private and Secure Distributed Deep Learning: A Survey"],"prefix":"10.1145","volume":"57","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5262-3723","authenticated-orcid":false,"given":"Corinne","family":"Allaart","sequence":"first","affiliation":[{"name":"Vrije Universiteit Amsterdam, Amsterdam, Netherlands and St. Antonius Ziekenhuis, Nieuwegein, Netherlands"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0909-240X","authenticated-orcid":false,"given":"Saba","family":"Amiri","sequence":"additional","affiliation":[{"name":"Universiteit van Amsterdam, Amsterdam, Netherlands"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9827-4461","authenticated-orcid":false,"given":"Henri","family":"Bal","sequence":"additional","affiliation":[{"name":"Vrije Universiteit Amsterdam, Amsterdam, Netherlands"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6306-6937","authenticated-orcid":false,"given":"Adam","family":"Belloum","sequence":"additional","affiliation":[{"name":"FNWI, Universiteit van Amsterdam, Amsterdam, Netherlands"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3125-2329","authenticated-orcid":false,"given":"Leon","family":"Gommans","sequence":"additional","affiliation":[{"name":"Koninklijke Luchtvaart Maatschappij, Amsterdam, Netherlands"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9631-0657","authenticated-orcid":false,"given":"Aart","family":"van Halteren","sequence":"additional","affiliation":[{"name":"Vrije Universiteit Amsterdam, Amsterdam, Netherlands and Philips Research, Eindhoven, Netherlands"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3830-2680","authenticated-orcid":false,"given":"Sander","family":"Klous","sequence":"additional","affiliation":[{"name":"Universiteit van Amsterdam, Amsterdam, Netherlands"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2024,12,9]]},"reference":[{"key":"e_1_3_3_2_2","first-page":"308","volume-title":"ACM SIGSAC Conference on Computer and Communications Security","author":"Abadi Martin","year":"2016","unstructured":"Martin Abadi, Andy Chu, Ian Goodfellow, H. Brendan McMahan, Ilya Mironov, Kunal Talwar, and Li Zhang. 2016. Deep learning with differential privacy. In ACM SIGSAC Conference on Computer and Communications Security. 308\u2013318."},{"key":"e_1_3_3_3_2","article-title":"QUOTIENT: Two-party secure neural network training and prediction","volume":"1907","author":"Agrawal Nitin","year":"2019","unstructured":"Nitin Agrawal, Ali Shahin Shamsabadi, Matt J. Kusner, and Adri\u00e0 Gasc\u00f3n. 2019. QUOTIENT: Two-party secure neural network training and prediction. CoRR abs\/1907.03372 (2019).","journal-title":"CoRR"},{"key":"e_1_3_3_4_2","doi-asserted-by":"publisher","DOI":"10.1109\/TETC.2020.3014636"},{"key":"e_1_3_3_5_2","article-title":"A subfield lattice attack on overstretched NTRU assumptions: Cryptanalysis of some FHE and graded encoding schemes","author":"Albrecht Martin","year":"2016","unstructured":"Martin Albrecht, Shi Bai, and L\u00e9o Ducas. 2016. A subfield lattice attack on overstretched NTRU assumptions: Cryptanalysis of some FHE and graded encoding schemes. Cryptology ePrint Archive, Paper 2016\/127. Retrieved from https:\/\/eprint.iacr.org\/2016\/127","journal-title":"Cryptology ePrint Archive, Paper 2016\/127"},{"key":"e_1_3_3_6_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2021.102949"},{"key":"e_1_3_3_7_2","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516738"},{"key":"e_1_3_3_8_2","doi-asserted-by":"publisher","unstructured":"Louis J. M. Aslett Pedro M. Esperan\u00e7a and Chris C. Holmes. 2015. Encrypted statistical machine learning: new privacy preserving methods. DOI:10.48550\/ARXIV.1508.06845","DOI":"10.48550\/ARXIV.1508.06845"},{"key":"e_1_3_3_9_2","doi-asserted-by":"crossref","first-page":"638","DOI":"10.1007\/978-3-030-26951-7_22","volume-title":"Advances in Cryptology\u2013CRYPTO 2019: 39th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 18\u201322, 2019, Proceedings, Part II 39","author":"Balle Borja","year":"2019","unstructured":"Borja Balle, James Bell, Adri\u00e0 Gasc\u00f3n, and Kobbi Nissim. 2019. The privacy blanket of the shuffle model. In Advances in Cryptology\u2013CRYPTO 2019: 39th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 18\u201322, 2019, Proceedings, Part II 39. Springer, 638\u2013667."},{"key":"e_1_3_3_10_2","article-title":"Privacy-preserving distributed deep learning for clinical data","author":"Beaulieu-Jones Brett K.","year":"2018","unstructured":"Brett K. Beaulieu-Jones, William Yuan, Samuel G. Finlayson, and Zhiwei Steven Wu. 2018. Privacy-preserving distributed deep learning for clinical data. arXiv preprint arXiv:1812.01484 (2018).","journal-title":"arXiv preprint arXiv:1812.01484"},{"key":"e_1_3_3_11_2","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417885"},{"key":"e_1_3_3_12_2","article-title":"nGraph-HE2: A high-throughput framework for neural network inference on encrypted data","volume":"1908","author":"Boemer Fabian","year":"2019","unstructured":"Fabian Boemer, Anamaria Costache, Rosario Cammarota, and Casimir Wierzynski. 2019. nGraph-HE2: A high-throughput framework for neural network inference on encrypted data. CoRR abs\/1908.04172 (2019).","journal-title":"CoRR"},{"key":"e_1_3_3_13_2","first-page":"3","volume-title":"16th ACM International Conference on Computing Frontiers (CF\u201919)","author":"Boemer Fabian","year":"2019","unstructured":"Fabian Boemer, Yixing Lao, Rosario Cammarota, and Casimir Wierzynski. 2019. NGraph-HE: A graph compiler for deep learning on homomorphically encrypted data. In 16th ACM International Conference on Computing Frontiers (CF\u201919). Association for Computing Machinery, New York, NY, USA, 3\u201313. DOI:10.1145\/3310273.3323047"},{"key":"e_1_3_3_14_2","first-page":"1175","volume-title":"ACM SIGSAC Conference on Computer and Communications Security (CCS\u201917)","author":"Bonawitz Keith","year":"2017","unstructured":"Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, and Karn Seth. 2017. Practical secure aggregation for privacy-preserving machine learning. In ACM SIGSAC Conference on Computer and Communications Security (CCS\u201917). Association for Computing Machinery, New York, NY, USA, 1175\u20131191. DOI:10.1145\/3133956.3133982"},{"key":"e_1_3_3_15_2","doi-asserted-by":"crossref","first-page":"325","DOI":"10.1007\/978-3-540-30576-7_18","article-title":"Evaluating 2- DNF formulas on ciphertexts.\u201d","author":"Boneh D.","year":"2005","unstructured":"D. Boneh, E. Goh, and Kobbi Nissim. 2005. Evaluating 2- DNF formulas on ciphertexts.\u201d In 2nd Conference on Theory of Cryptography. 325\u2013342.","journal-title":"2nd Conference on Theory of Cryptography"},{"key":"e_1_3_3_16_2","doi-asserted-by":"crossref","first-page":"483","DOI":"10.1007\/978-3-319-96878-0_17","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"Bourse Florian","year":"2018","unstructured":"Florian Bourse, Michele Minelli, Matthias Minihold, and Pascal Paillier. 2018. Fast homomorphic evaluation of deep discretized neural networks. In Advances in Cryptology \u2013 CRYPTO 2018, Hovav Shacham and Alexandra Boldyreva (Eds.). Springer International Publishing, Cham, 483\u2013512."},{"key":"e_1_3_3_17_2","doi-asserted-by":"crossref","first-page":"337","DOI":"10.1007\/978-3-662-46803-6_12","volume-title":"Advances in Cryptology-EUROCRYPT 2015: 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part II","author":"Boyle Elette","year":"2015","unstructured":"Elette Boyle, Niv Gilboa, and Yuval Ishai. 2015. Function secret sharing. In Advances in Cryptology-EUROCRYPT 2015: 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part II. Springer, 337\u2013367."},{"key":"e_1_3_3_18_2","first-page":"309","volume-title":"3rd Innovations in Theoretical Computer Science Conference","author":"Brakerski Zvika","year":"2012","unstructured":"Zvika Brakerski, Jintai Fan, and Frederik Vercauteren. 2012. Fully homomorphic encryption without bootstrapping. In 3rd Innovations in Theoretical Computer Science Conference. ACM, 309\u2013325."},{"key":"e_1_3_3_19_2","doi-asserted-by":"publisher","DOI":"10.1145\/2633600"},{"key":"e_1_3_3_20_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSPEC.1967.5217220"},{"key":"e_1_3_3_21_2","article-title":"SplitNN-driven vertical partitioning","author":"Ceballos Iker","year":"2020","unstructured":"Iker Ceballos, Vivek Sharma, Eduardo Mugica, Abhishek Singh, Alberto Roman, Praneeth Vepakomma, and Ramesh Raskar. 2020. SplitNN-driven vertical partitioning. arXiv preprint arXiv:2008.04137 (2020).","journal-title":"arXiv preprint arXiv:2008.04137"},{"key":"e_1_3_3_22_2","first-page":"395","volume-title":"ACM SIGSAC Conference on Computer and Communications Security","author":"Chen Hao","year":"2019","unstructured":"Hao Chen, Wei Dai, Miran Kim, and Yongsoo Song. 2019. Efficient multi-key homomorphic encryption with packed ciphertexts with application to oblivious neural network inference. In ACM SIGSAC Conference on Computer and Communications Security. 395\u2013412."},{"key":"e_1_3_3_23_2","article-title":"LEASGD: An efficient and privacy-preserving decentralized algorithm for distributed learning","author":"Cheng Hsin-Pai","year":"2018","unstructured":"Hsin-Pai Cheng, Patrick Yu, Haojing Hu, Feng Yan, Shiyu Li, Hai Li, and Yiran Chen. 2018. LEASGD: An efficient and privacy-preserving decentralized algorithm for distributed learning. arXiv preprint arXiv:1811.11124 (2018).","journal-title":"arXiv preprint arXiv:1811.11124"},{"key":"e_1_3_3_24_2","first-page":"130","volume-title":"International Conference on Cloud Computing","author":"Cheng Hsin-Pai","year":"2019","unstructured":"Hsin-Pai Cheng, Patrick Yu, Haojing Hu, Syed Zawad, Feng Yan, Shiyu Li, Hai Li, and Yiran Chen. 2019. Towards decentralized deep learning with differential privacy. In International Conference on Cloud Computing. Springer, 130\u2013145."},{"key":"e_1_3_3_25_2","first-page":"523","volume-title":"International Conference on the Theory and Application of Cryptology and Information Security","author":"Cheon Jung Hee","year":"2018","unstructured":"Jung Hee Cheon, Minjia Kim, Hyunsoo Kim, and Yongsoo Song. 2018. Homomorphic encryption for arithmetic of approximate numbers. In International Conference on the Theory and Application of Cryptology and Information Security. Springer, 523\u2013552."},{"key":"e_1_3_3_26_2","article-title":"TFHE: Fast fully homomorphic encryption over the torus","author":"Chillotti. N. Gama, M. Georgieva, M. Izabach\u00e8ne, and I.","year":"2016","unstructured":"N. Gama, M. Georgieva, M. Izabach\u00e8ne, and I. Chillotti.2016. TFHE: Fast fully homomorphic encryption over the torus. In IEEE Symposium on Security and Privacy.","journal-title":"IEEE Symposium on Security and Privacy"},{"key":"e_1_3_3_27_2","doi-asserted-by":"publisher","unstructured":"Edward Chou Josh Beal Daniel Levy Serena Yeung Albert Haque and Li Fei-Fei. 2018. Faster CryptoNets: Leveraging sparsity for real-world encrypted inference. DOI:10.48550\/ARXIV.1811.09953","DOI":"10.48550\/ARXIV.1811.09953"},{"issue":"4","key":"e_1_3_3_28_2","doi-asserted-by":"crossref","first-page":"290","DOI":"10.1109\/72.80265","article-title":"The Stone-Weierstrass theorem and its application to neural networks","volume":"1","author":"Cotter Neil E.","year":"1990","unstructured":"Neil E. Cotter. 1990. The Stone-Weierstrass theorem and its application to neural networks. IEEE Trans. Neural Netw. 1, 4 (1990), 290\u2013295.","journal-title":"IEEE Trans. Neural Netw."},{"key":"e_1_3_3_29_2","first-page":"1330","article-title":"Fantastic four: Honest-majority four-party secure computation with malicious security","volume":"2020","author":"Dalskov Anders","year":"2020","unstructured":"Anders Dalskov, Daniel E. Escudero, and Marcel Keller. 2020. Fantastic four: Honest-majority four-party secure computation with malicious security. IACR Cryptol. ePrint Arch. 2020 (2020), 1330.","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"e_1_3_3_30_2","doi-asserted-by":"publisher","unstructured":"D. Demmler T. Schneider and M. Zohner. 2015. ABY\u2014A framework for efficient mixed-protocol secure two-party computation. Internet Society. DOI:10.14722\/ndss.2015.23113","DOI":"10.14722\/ndss.2015.23113"},{"key":"e_1_3_3_31_2","first-page":"248","volume-title":"IEEE Conference on Computer Vision and Pattern Recognition (CVPR\u201909)","author":"Deng Jia","year":"2009","unstructured":"Jia Deng, Wei Dong, Richard Socher, Li-Jia Li, Kai Li, and Li Fei-Fei. 2009. ImageNet: A large-scale hierarchical image database. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR\u201909). IEEE, 248\u2013255."},{"issue":"6","key":"e_1_3_3_32_2","doi-asserted-by":"crossref","first-page":"141","DOI":"10.1109\/MSP.2012.2211477","article-title":"The MNIST database of handwritten digit images for machine learning research [best of the web]","volume":"29","author":"Deng Li","year":"2012","unstructured":"Li Deng. 2012. The MNIST database of handwritten digit images for machine learning research [best of the web]. IEEE Signal Process. Mag. 29, 6 (2012), 141\u2013142.","journal-title":"IEEE Signal Process. Mag."},{"issue":"6","key":"e_1_3_3_33_2","doi-asserted-by":"crossref","first-page":"644","DOI":"10.1109\/TIT.1976.1055638","article-title":"New directions in cryptography","volume":"22","author":"Diffie Whitfield","year":"1976","unstructured":"Whitfield Diffie and Martin Hellman. 1976. New directions in cryptography. IEEE Trans. Inf. Theor. 22, 6 (1976), 644\u2013654.","journal-title":"IEEE Trans. Inf. Theor."},{"key":"e_1_3_3_34_2","doi-asserted-by":"publisher","unstructured":"Josep Domingo-Ferrer Alberto Blanco-Justicia Jes\u00fas Manj\u00f3n and David S\u00e1nchez. 2021. Secure and privacy-preserving federated learning via co-utility. DOI:10.48550\/ARXIV.2108.01913","DOI":"10.48550\/ARXIV.2108.01913"},{"key":"e_1_3_3_35_2","article-title":"Gaussian differential privacy","author":"Dong Jinshuo","year":"2019","unstructured":"Jinshuo Dong, Aaron Roth, and Weijie J. Su. 2019. Gaussian differential privacy. arXiv preprint arXiv:1905.02383 (2019).","journal-title":"arXiv preprint arXiv:1905.02383"},{"key":"e_1_3_3_36_2","volume-title":"CryptoNets: Applying Neural Networks to Encrypted Data with High Throughput and Accuracy","author":"Dowlin Nathan","year":"2016","unstructured":"Nathan Dowlin, Ran Gilad-Bachrach, Kim Laine, Kristin Lauter, Michael Naehrig, John Wernsing, and Microsoft Research. 2016. CryptoNets: Applying Neural Networks to Encrypted Data with High Throughput and Accuracy. Technical Report. Retrieved from http:\/\/sealcrypto.codeplex.com"},{"key":"e_1_3_3_37_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2020.03.074"},{"key":"e_1_3_3_38_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2022.01.061"},{"issue":"521","key":"e_1_3_3_39_2","doi-asserted-by":"crossref","first-page":"182","DOI":"10.1080\/01621459.2017.1389735","article-title":"Minimax optimal procedures for locally private estimation","volume":"113","author":"Duchi John C.","year":"2018","unstructured":"John C. Duchi, Michael I. Jordan, and Martin J. Wainwright. 2018. Minimax optimal procedures for locally private estimation. J. Am. Stat. Assoc. 113, 521 (2018), 182\u2013201.","journal-title":"J. Am. Stat. Assoc."},{"issue":"3","key":"e_1_3_3_40_2","first-page":"211","article-title":"The algorithmic foundations of differential privacy.","volume":"9","author":"Dwork Cynthia","year":"2014","unstructured":"Cynthia Dwork, Aaron Roth, et\u00a0al. 2014. The algorithmic foundations of differential privacy. Found. Trends Theoret. Comput. Sci. 9, 3-4 (2014), 211\u2013407.","journal-title":"Found. Trends Theoret. Comput. Sci."},{"key":"e_1_3_3_41_2","doi-asserted-by":"crossref","first-page":"10","DOI":"10.1007\/3-540-39568-7_2","volume-title":"Advances in Cryptology Conference (CRYPTO\u201984)","author":"Elgamal Taher","year":"1985","unstructured":"Taher Elgamal. 1985. A public key cryptosystem and a signature scheme based on discrete logarithms. In Advances in Cryptology Conference (CRYPTO\u201984). Springer, 10\u201318."},{"key":"e_1_3_3_42_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-70604-3_8"},{"key":"e_1_3_3_43_2","doi-asserted-by":"crossref","first-page":"115","DOI":"10.1145\/3559613.3563201","volume-title":"21st Workshop on Privacy in the Electronic Society","author":"Erdo\u011fan Ege","year":"2022","unstructured":"Ege Erdo\u011fan, Alptekin K\u00fcp\u00e7\u00fc, and A. Erc\u00fcment \u00c7i\u00e7ek. 2022. Unsplit: Data-oblivious model inversion, model stealing, and label inference attacks against split learning. In 21st Workshop on Privacy in the Electronic Society. 115\u2013124."},{"key":"e_1_3_3_44_2","first-page":"17","volume-title":"International Workshop on Public Key Cryptography","author":"Fan Junfeng","year":"2012","unstructured":"Junfeng Fan and Frederik Vercauteren. 2012. Somewhat practical fully homomorphic encryption. In International Workshop on Public Key Cryptography. Springer, 17\u201334."},{"key":"e_1_3_3_45_2","unstructured":"General Data Protection Regulation (GDPR). 2018. General data protection regulation (GDPR)\u2014Final text neatly arranged."},{"key":"e_1_3_3_46_2","first-page":"16937","article-title":"Inverting gradients\u2014How easy is it to break privacy in federated learning?","volume":"33","author":"Geiping Jonas","year":"2020","unstructured":"Jonas Geiping, Hartmut Bauermeister, Hannah Dr\u00f6ge, and Michael Moeller. 2020. Inverting gradients\u2014How easy is it to break privacy in federated learning? Advan. Neural Inf. Process. Syst. 33 (2020), 16937\u201316947.","journal-title":"Advan. Neural Inf. Process. Syst."},{"key":"e_1_3_3_47_2","doi-asserted-by":"crossref","unstructured":"Craig Gentry. 2009. A fully homomorphic encryption scheme.","DOI":"10.1145\/1536414.1536440"},{"key":"e_1_3_3_48_2","first-page":"345","volume-title":"Annual Cryptology Conference","author":"Gentry Craig","year":"2017","unstructured":"Craig Gentry, Shai Halevi, Nigel P. Smart, and Shuhong Wang. 2017. Multi-key homomorphic encryption from learning with errors. In Annual Cryptology Conference. Springer, 345\u2013373."},{"key":"e_1_3_3_49_2","first-page":"75","volume-title":"Annual Cryptology Conference","author":"Gentry Craig","year":"2013","unstructured":"Craig Gentry, Amit Sahai, and Brent Waters. 2013. Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attribute-based. In Annual Cryptology Conference. Springer, 75\u201392."},{"key":"e_1_3_3_50_2","article-title":"Differentially private federated learning: A client level perspective","author":"Geyer Robin C.","year":"2017","unstructured":"Robin C. Geyer, Tassilo Klein, and Moin Nabi. 2017. Differentially private federated learning: A client level perspective. arXiv preprint arXiv:1712.07557 (2017).","journal-title":"arXiv preprint arXiv:1712.07557"},{"key":"e_1_3_3_51_2","article-title":"SafetyNets: Verifiable execution of deep neural networks on an untrusted cloud","volume":"1706","author":"Ghodsi Zahra","year":"2017","unstructured":"Zahra Ghodsi, Tianyu Gu, and Siddharth Garg. 2017. SafetyNets: Verifiable execution of deep neural networks on an untrusted cloud. CoRR abs\/1706.10268 (2017).","journal-title":"CoRR"},{"key":"e_1_3_3_52_2","unstructured":"Parham Gohari Bo Chen Bo Wu Matthew Hale and Ufuk Topcu. 2021. Privacy-preserving teacher-student deep reinforcement learning. arxiv:2102.09599 (2021)."},{"key":"e_1_3_3_53_2","volume-title":"Providing Sound Foundations for Cryptography","author":"Goldreich Oded","year":"2019","unstructured":"Oded Goldreich, Silvio Micali, and Avi Wigderson. 2019. How to play any mental game, or a completeness theorem for protocols with honest majority. In Providing Sound Foundations for Cryptography."},{"key":"e_1_3_3_54_2","article-title":"ML confidential: Machine learning on encrypted data","author":"Graepel Thore","year":"2012","unstructured":"Thore Graepel, Kristin Lauter, and Michael Naehrig. 2012. ML confidential: Machine learning on encrypted data. Cryptology ePrint Archive, Paper 2012\/323. Retrieved from https:\/\/eprint.iacr.org\/2012\/323","journal-title":"Cryptology ePrint Archive, Paper 2012\/323"},{"key":"e_1_3_3_55_2","first-page":"97","volume-title":"International Conference on Advanced Computing and Applications (ACOMP\u201919)","author":"Ha Trung","year":"2019","unstructured":"Trung Ha, Tran Khanh Dang, Tran Tri Dang, Tuan Anh Truong, and Manh Tuan Nguyen. 2019. Differential privacy in deep learning: An overview. In International Conference on Advanced Computing and Applications (ACOMP\u201919). IEEE, 97\u2013102."},{"key":"e_1_3_3_56_2","first-page":"505","volume-title":"Annual Cryptology Conference","author":"Halevi Shai","year":"2013","unstructured":"Shai Halevi and Victor Shoup. 2013. An algorithm for fully homomorphic encryption over the torus. In Annual Cryptology Conference. Springer, 505\u2013524."},{"key":"e_1_3_3_57_2","first-page":"554","volume-title":"Annual International Conference on the Theory and Applications of Cryptographic Techniques","author":"Halevi Shai","year":"2014","unstructured":"Shai Halevi and Victor Shoup. 2014. Algorithms in HElib. In Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 554\u2013571."},{"key":"e_1_3_3_58_2","doi-asserted-by":"publisher","DOI":"10.1007\/s12652-020-02664-x"},{"key":"e_1_3_3_59_2","first-page":"1","volume-title":"IEEE International Conference on Communications (ICC\u201919)","author":"Hao Meng","year":"2019","unstructured":"Meng Hao, Hongwei Li, Guowen Xu, Sen Liu, and Haomiao Yang. 2019. Towards efficient and privacy-preserving federated deep learning. In IEEE International Conference on Communications (ICC\u201919). IEEE, 1\u20136."},{"key":"e_1_3_3_60_2","article-title":"Privacy-preserving distributed learning with secret gradient descent","author":"Hartmann Valentin","year":"2019","unstructured":"Valentin Hartmann and Robert West. 2019. Privacy-preserving distributed learning with secret gradient descent. arXiv preprint arXiv:1906.11993 (2019).","journal-title":"arXiv preprint arXiv:1906.11993"},{"key":"e_1_3_3_61_2","first-page":"148","volume-title":"35th Annual Computer Security Applications Conference","author":"He Zecheng","year":"2019","unstructured":"Zecheng He, Tianwei Zhang, and Ruby B. Lee. 2019. Model inversion attacks against collaborative inference. In 35th Annual Computer Security Applications Conference. 148\u2013162."},{"key":"e_1_3_3_62_2","doi-asserted-by":"publisher","DOI":"10.1515\/popets-2018-0024"},{"key":"e_1_3_3_63_2","article-title":"CryptoDL: Deep neural networks over encrypted data","volume":"1711","author":"Hesamifard Ehsan","year":"2017","unstructured":"Ehsan Hesamifard, Hassan Takabi, and Mehdi Ghasemi. 2017. CryptoDL: Deep neural networks over encrypted data. CoRR abs\/1711.05189 (2017).","journal-title":"CoRR"},{"issue":"11","key":"e_1_3_3_64_2","first-page":"1","article-title":"Membership inference attacks on machine learning: A survey","volume":"54","author":"Hu Hongsheng","year":"2022","unstructured":"Hongsheng Hu, Zoran Salcic, Lichao Sun, Gillian Dobbie, Philip S. Yu, and Xuyun Zhang. 2022. Membership inference attacks on machine learning: A survey. ACM Comput. Surv. 54, 11s (2022), 1\u201337.","journal-title":"ACM Comput. Surv."},{"key":"e_1_3_3_65_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2019.2931068"},{"key":"e_1_3_3_66_2","doi-asserted-by":"crossref","first-page":"389","DOI":"10.1007\/978-3-030-00305-0_27","volume-title":"Data Privacy Management, Cryptocurrencies and Blockchain Technology","author":"Ibarrondo Alberto","year":"2018","unstructured":"Alberto Ibarrondo and Melek \u00d6nen. 2018. FHE-compatible batch normalization for privacy preserving deep learning. In Data Privacy Management, Cryptocurrencies and Blockchain Technology, Joaquin Garcia-Alfaro, Jordi Herrera-Joancomart\u00ed, Giovanni Livraga, and Ruben Rios (Eds.). Springer International Publishing, Cham, 389\u2013404."},{"key":"e_1_3_3_67_2","volume-title":"IACR Cryptol. ePrint Arch.","author":"Juvekar C.","year":"2018","unstructured":"C. Juvekar, V. Vaikuntanathan, and A. Chandrakasan. 2018. Gazelle: A low latency framework for secure neural network inference. In IACR Cryptol. ePrint Arch."},{"key":"e_1_3_3_68_2","article-title":"FastSecAgg: Scalable secure aggregation for privacy-preserving federated learning","volume":"2009","author":"Kadhe Swanand","year":"2020","unstructured":"Swanand Kadhe, Nived Rajaraman, Onur Ozan Koyluoglu, and Kannan Ramchandran. 2020. FastSecAgg: Scalable secure aggregation for privacy-preserving federated learning. CoRR abs\/2009.11248 (2020).","journal-title":"CoRR"},{"key":"e_1_3_3_69_2","volume-title":"Practical and Private (Deep) Learning without Sampling or Shuffling","author":"Kairouz Peter","year":"2021","unstructured":"Peter Kairouz, Brendan McMahan, Shuang Song, Om Thakkar, Abhradeep Thakurta, and Zheng Xu. 2021. Practical and Private (Deep) Learning without Sampling or Shuffling. Technical Report. arxiv:2103.00039v1"},{"issue":"1","key":"e_1_3_3_70_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1561\/2200000083","article-title":"Advances and open problems in federated learning","volume":"14","author":"Kairouz Peter","year":"2021","unstructured":"Peter Kairouz, H. Brendan McMahan, Brendan Avent, Aur\u00e9lien Bellet, Mehdi Bennis, Arjun Nitin Bhagoji, Kallista Bonawitz, Zachary Charles, Graham Cormode, Rachel Cummings, et\u00a0al. 2021. Advances and open problems in federated learning. Found. Trends Mach. Learn. 14, 1\u20132 (2021), 1\u2013210.","journal-title":"Found. Trends Mach. Learn."},{"key":"e_1_3_3_71_2","volume-title":"Federated Learning with Local Differential Privacy: Trade-offs between Privacy, Utility, and Communication","author":"Kim Muah","year":"2021","unstructured":"Muah Kim, Onur G\u00fcnl\u00fc, and Rafael F. Schaefer. 2021. Federated Learning with Local Differential Privacy: Trade-offs between Privacy, Utility, and Communication. Technical Report. arxiv:2102.04737v1"},{"key":"e_1_3_3_72_2","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1007\/978-3-319-56620-7_1","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2017","author":"Kirchner Paul","year":"2017","unstructured":"Paul Kirchner and Pierre-Alain Fouque. 2017. Revisiting lattice attacks on overstretched NTRU parameters. In Advances in Cryptology \u2013 EUROCRYPT 2017, Jean-S\u00e9bastien Coron and Jesper Buus Nielsen (Eds.). Springer International Publishing, Cham, 3\u201326."},{"key":"e_1_3_3_73_2","article-title":"SWIFT: Super-fast and robust privacy-preserving machine learning","volume":"2005","author":"Koti Nishat","year":"2020","unstructured":"Nishat Koti, Mahak Pancholi, Arpita Patra, and Ajith Suresh. 2020. SWIFT: Super-fast and robust privacy-preserving machine learning. CoRR abs\/2005.10296 (2020).","journal-title":"CoRR"},{"key":"e_1_3_3_74_2","article-title":"Tetrad: Actively secure 4PC for secure training and inference","volume":"2106","author":"Koti Nishat","year":"2021","unstructured":"Nishat Koti, Arpita Patra, Rahul Rachuri, and Ajith Suresh. 2021. Tetrad: Actively secure 4PC for secure training and inference. CoRR abs\/2106.02850 (2021).","journal-title":"CoRR"},{"key":"e_1_3_3_75_2","unstructured":"Alex Krizhevsky Geoffrey Hinton et\u00a0al. 2009. Learning multiple layers of features from tiny images. (2009)."},{"key":"e_1_3_3_76_2","doi-asserted-by":"publisher","unstructured":"Owusu Agyemang Kwabena Zhiguang Zhen Qin Zhiguang Zhen Qin and Tianming Zhuang. 2019. MSCryptoNet multi-scheme privacy-preserving deep learning in cloud computing. 29344\u201329354. DOI:10.1109\/ACCESS.2019.2901219","DOI":"10.1109\/ACCESS.2019.2901219"},{"key":"e_1_3_3_77_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3159694"},{"key":"e_1_3_3_78_2","article-title":"Towards interpretable federated learning","author":"Li Anran","year":"2023","unstructured":"Anran Li, Rui Liu, Ming Hu, Luu Anh Tuan, and Han Yu. 2023. Towards interpretable federated learning. arXiv preprint arXiv:2302.13473 (2023).","journal-title":"arXiv preprint arXiv:2302.13473"},{"key":"e_1_3_3_79_2","article-title":"Label leakage and protection in two-party split learning","author":"Li Oscar","year":"2021","unstructured":"Oscar Li, Jiankai Sun, Xin Yang, Weihao Gao, Hongyi Zhang, Junyuan Xie, Virginia Smith, and Chong Wang. 2021. Label leakage and protection in two-party split learning. arXiv preprint arXiv:2102.08504 (2021).","journal-title":"arXiv preprint arXiv:2102.08504"},{"key":"e_1_3_3_80_2","doi-asserted-by":"crossref","first-page":"319","DOI":"10.1007\/978-3-642-19074-2_21","volume-title":"Topics in Cryptology\u2013CT-RSA 2011: The Cryptographers\u2019 Track at the RSA Conference 2011, San Francisco, CA, USA, February 14-18, 2011. Proceedings","author":"Lindner Richard","year":"2011","unstructured":"Richard Lindner and Chris Peikert. 2011. Better key sizes (and attacks) for LWE-based encryption. In Topics in Cryptology\u2013CT-RSA 2011: The Cryptographers\u2019 Track at the RSA Conference 2011, San Francisco, CA, USA, February 14-18, 2011. Proceedings. Springer, 319\u2013339."},{"issue":"2","key":"e_1_3_3_81_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3436755","article-title":"When machine learning meets privacy: A survey and outlook","volume":"54","author":"Liu Bo","year":"2021","unstructured":"Bo Liu, Ming Ding, Sina Shaham, Wenny Rahayu, Farhad Farokhi, and Zihuai Lin. 2021. When machine learning meets privacy: A survey and outlook. ACM Comput. Surv. 54, 2 (2021), 1\u201336.","journal-title":"ACM Comput. Surv."},{"key":"e_1_3_3_82_2","first-page":"619","volume-title":"ACM SIGSAC Conference on Computer and Communications Security (CCS\u201917)","author":"Liu Jian","year":"2017","unstructured":"Jian Liu, Mika Juuti, Yao Lu, and N. Asokan. 2017. Oblivious neural network predictions via MiniONN transformations. In ACM SIGSAC Conference on Computer and Communications Security (CCS\u201917). Association for Computing Machinery, New York, NY, USA, 619\u2013631. DOI:10.1145\/3133956.3134056"},{"issue":"6","key":"e_1_3_3_83_2","doi-asserted-by":"crossref","first-page":"2356","DOI":"10.1007\/s12083-019-00869-2","article-title":"Adaptive privacy-preserving federated learning","volume":"13","author":"Liu Xiaoyuan","year":"2020","unstructured":"Xiaoyuan Liu, Hongwei Li, Guowen Xu, Rongxing Lu, and Miao He. 2020. Adaptive privacy-preserving federated learning. Peer-to-peer Netw. Applic. 13, 6 (2020), 2356\u20132366.","journal-title":"Peer-to-peer Netw. Applic."},{"key":"e_1_3_3_84_2","doi-asserted-by":"publisher","DOI":"10.1007\/s12083-019-00869-2"},{"issue":"1","key":"e_1_3_3_85_2","first-page":"10320","article-title":"Fate: An industrial grade platform for collaborative learning with data protection","volume":"22","author":"Liu Yang","year":"2021","unstructured":"Yang Liu, Tao Fan, Tianjian Chen, Qian Xu, and Qiang Yang. 2021. Fate: An industrial grade platform for collaborative learning with data protection. J. Mach. Learn. Res. 22, 1 (2021), 10320\u201310325.","journal-title":"J. Mach. Learn. Res."},{"key":"e_1_3_3_86_2","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2021.3076123"},{"key":"e_1_3_3_87_2","unstructured":"Yunhui Long Suxin Lin Zhuolin Yang Carl A. Gunter Han Liu and Bo Li. 2019. Scalable differentially private data generation via private aggregation of teacher ensembles. (2019)."},{"key":"e_1_3_3_88_2","article-title":"Privacy and robustness in federated learning: Attacks and defenses","author":"Lyu Lingjuan","year":"2022","unstructured":"Lingjuan Lyu, Han Yu, Xingjun Ma, Chen Chen, Lichao Sun, Jun Zhao, Qiang Yang, and Philip S. Yu. 2022. Privacy and robustness in federated learning: Attacks and defenses. IEEE Trans. Neural Netw. Learn. Syst. (2022).","journal-title":"IEEE Trans. Neural Netw. Learn. Syst."},{"key":"e_1_3_3_89_2","doi-asserted-by":"publisher","DOI":"10.1002\/int.22818"},{"key":"e_1_3_3_90_2","first-page":"21","volume-title":"Dopamine: Differentially Private Federated Learning on Medical Data","author":"Malekzadeh Mohammad","year":"2021","unstructured":"Mohammad Malekzadeh, Burak Hasircioglu, Nitish Mital, Kunal Katarya, Emre Ozfatura, and Deniz G\u00fcnd\u00fcz. 2021. Dopamine: Differentially Private Federated Learning on Medical Data. Technical Report. 21 pages. Retrieved from https:\/\/www.kaggle.com\/c\/aptos2019-blindness-detection\/notebooks"},{"issue":"9","key":"e_1_3_3_91_2","doi-asserted-by":"crossref","first-page":"1988","DOI":"10.3390\/s19091988","article-title":"UP-fall detection dataset: A multimodal approach","volume":"19","author":"Mart\u00ednez-Villase\u00f1or Lourdes","year":"2019","unstructured":"Lourdes Mart\u00ednez-Villase\u00f1or, Hiram Ponce, Jorge Brieva, Ernesto Moya-Albor, Jos\u00e9 N\u00fa\u00f1ez-Mart\u00ednez, and Carlos Pe\u00f1afort-Asturiano. 2019. UP-fall detection dataset: A multimodal approach. Sensors 19, 9 (2019), 1988.","journal-title":"Sensors"},{"key":"e_1_3_3_92_2","first-page":"1273","volume-title":"Artificial Intelligence and Statistics","author":"McMahan Brendan","year":"2017","unstructured":"Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, and Blaise Aguera y Arcas. 2017. Communication-efficient learning of deep networks from decentralized data. In Artificial Intelligence and Statistics. PMLR, 1273\u20131282."},{"key":"e_1_3_3_93_2","article-title":"Delphi: A cryptographic inference service for neural networks","author":"Mishra Pratyush","year":"2020","unstructured":"Pratyush Mishra, Ryan Lehmkuhl, Akshayaram Srinivasan, Wenting Zheng, and Raluca Ada Popa. 2020. Delphi: A cryptographic inference service for neural networks. Cryptology ePrint Archive, Paper 2020\/050. Retrieved from https:\/\/eprint.iacr.org\/2020\/050","journal-title":"Cryptology ePrint Archive, Paper 2020\/050"},{"key":"e_1_3_3_94_2","article-title":"ABY3: A mixed protocol framework for machine learning","author":"Mohassel Payman","year":"2018","unstructured":"Payman Mohassel and Peter Rindal. 2018. ABY3: A mixed protocol framework for machine learning. Cryptology ePrint Archive, Paper 2018\/403. Retrieved from https:\/\/eprint.iacr.org\/2018\/403","journal-title":"Cryptology ePrint Archive, Paper 2018\/403"},{"key":"e_1_3_3_95_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.12"},{"key":"e_1_3_3_96_2","first-page":"332","volume-title":"38th Annual Computer Security Applications Conference","author":"Na Seung Ho","year":"2022","unstructured":"Seung Ho Na, Hyeong Gwon Hong, Junmo Kim, and Seungwon Shin. 2022. Closing the loophole: Rethinking reconstruction attacks in federated learning from a privacy standpoint. In 38th Annual Computer Security Applications Conference. 332\u2013345."},{"key":"e_1_3_3_97_2","first-page":"40","volume-title":"IEEE\/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW\u201919)","author":"Nandakumar Karthik","year":"2019","unstructured":"Karthik Nandakumar, Nalini Ratha, Sharath Pankanti, and Shai Halevi. 2019. Towards deep neural network training on encrypted data. In IEEE\/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW\u201919). 40\u201348. DOI:10.1109\/CVPRW.2019.00011"},{"key":"e_1_3_3_98_2","unstructured":"Yuval Netzer Tao Wang Adam Coates Alessandro Bissacco Bo Wu and Andrew Y. Ng. 2011. Reading digits in natural images with unsupervised feature learning. (2011)."},{"key":"e_1_3_3_99_2","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-48910-X_16"},{"key":"e_1_3_3_100_2","article-title":"Semi-supervised knowledge transfer for deep learning from private training data","author":"Papernot Nicolas","year":"2016","unstructured":"Nicolas Papernot, Mart\u00edn Abadi, Ulfar Erlingsson, Ian Goodfellow, and Kunal Talwar. 2016. Semi-supervised knowledge transfer for deep learning from private training data. arXiv preprint arXiv:1610.05755 (2016).","journal-title":"arXiv preprint arXiv:1610.05755"},{"key":"e_1_3_3_101_2","article-title":"Scalable private learning with PATE","author":"Papernot Nicolas","year":"2018","unstructured":"Nicolas Papernot, Shuang Song, Ilya Mironov, Ananth Raghunathan, Kunal Talwar, and \u00dalfar Erlingsson. 2018. Scalable private learning with PATE. arXiv preprint arXiv:1802.08908 (2018).","journal-title":"arXiv preprint arXiv:1802.08908"},{"key":"e_1_3_3_102_2","first-page":"2113","volume-title":"ACM SIGSAC Conference on Computer and Communications Security","author":"Pasquini Dario","year":"2021","unstructured":"Dario Pasquini, Giuseppe Ateniese, and Massimo Bernaschi. 2021. Unleashing the tiger: Inference attacks on split learning. In ACM SIGSAC Conference on Computer and Communications Security. 2113\u20132129."},{"key":"e_1_3_3_103_2","article-title":"BLAZE: Blazing fast privacy-preserving machine learning","volume":"2005","author":"Patra Arpita","year":"2020","unstructured":"Arpita Patra and Ajith Suresh. 2020. BLAZE: Blazing fast privacy-preserving machine learning. CoRR abs\/2005.09042 (2020).","journal-title":"CoRR"},{"key":"e_1_3_3_104_2","doi-asserted-by":"publisher","DOI":"10.1109\/TNSE.2021.3050781"},{"key":"e_1_3_3_105_2","article-title":"Split HE: Fast secure inference combining split learning and homomorphic encryption","author":"Pereteanu George-Liviu","year":"2022","unstructured":"George-Liviu Pereteanu, Amir Alansary, and Jonathan Passerat-Palmbach. 2022. Split HE: Fast secure inference combining split learning and homomorphic encryption. arXiv preprint arXiv:2202.13351 (2022).","journal-title":"arXiv preprint arXiv:2202.13351"},{"key":"e_1_3_3_106_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2017.2787987"},{"issue":"11","key":"e_1_3_3_107_2","doi-asserted-by":"crossref","first-page":"3003","DOI":"10.1109\/TIFS.2019.2911169","article-title":"Privacy-preserving deep learning via weight transmission","volume":"14","author":"Phuong Tran Thi","year":"2019","unstructured":"Tran Thi Phuong et\u00a0al. 2019. Privacy-preserving deep learning via weight transmission. IEEE Trans. Inf. Forens. Secur. 14, 11 (2019), 3003\u20133015.","journal-title":"IEEE Trans. Inf. Forens. Secur."},{"key":"e_1_3_3_108_2","first-page":"15","volume-title":"Personalized Privacy Protection in Big Data","author":"Qu Youyang","year":"2021","unstructured":"Youyang Qu, Mohammad Reza Nosouhi, Lei Cui, and Shui Yu. 2021. Leading attacks in privacy protection domain. In Personalized Privacy Protection in Big Data. Springer, 15\u201321."},{"key":"e_1_3_3_109_2","first-page":"187","article-title":"How to exchange secrets with oblivious transfer.","volume":"2005","author":"Rabin Michael","year":"2005","unstructured":"Michael Rabin. 2005. How to exchange secrets with oblivious transfer. IACR Cryptology ePrint Archive 2005 (012005), 187.","journal-title":"IACR Cryptology ePrint Archive"},{"key":"e_1_3_3_110_2","article-title":"Trident: Efficient 4PC framework for privacy preserving machine learning","volume":"1912","author":"Rachuri Rahul","year":"2019","unstructured":"Rahul Rachuri and Ajith Suresh. 2019. Trident: Efficient 4PC framework for privacy preserving machine learning. CoRR abs\/1912.02631 (2019).","journal-title":"CoRR"},{"key":"e_1_3_3_111_2","doi-asserted-by":"publisher","unstructured":"Brandon Reagen Wooseok Choi Yeongil Ko Vincent Lee Gu-Yeon Wei Hsien-Hsin S. Lee and David Brooks. 2020. Cheetah: Optimizing and accelerating homomorphic encryption for private inference. DOI:10.48550\/ARXIV.2006.00505","DOI":"10.48550\/ARXIV.2006.00505"},{"issue":"8","key":"e_1_3_3_112_2","doi-asserted-by":"crossref","first-page":"395","DOI":"10.3390\/info13080395","article-title":"Federated learning of explainable AI models in 6G systems: Towards secure and automated vehicle networking","volume":"13","author":"Renda Alessandro","year":"2022","unstructured":"Alessandro Renda, Pietro Ducange, Francesco Marcelloni, Dario Sabella, Miltiadis C. Filippou, Giovanni Nardini, Giovanni Stea, Antonio Virdis, Davide Micheli, Damiano Rapone, et\u00a0al. 2022. Federated learning of explainable AI models in 6G systems: Towards secure and automated vehicle networking. Information 13, 8 (2022), 395.","journal-title":"Information"},{"key":"e_1_3_3_113_2","volume-title":"IACR Cryptol. ePrint Arch.","author":"Riazi M.","year":"2019","unstructured":"M. Riazi, Mohammad Samragh, Hao Chen, K. Laine, K. Lauter, and F. Koushanfar. 2019. XONN: XNOR-based oblivious deep neural network inference. In IACR Cryptol. ePrint Arch."},{"key":"e_1_3_3_114_2","doi-asserted-by":"crossref","unstructured":"Sadegh Riazi Christian Weinert Oleksandr Tkachenko Ebrahim M. Songhori Thomas Schneider and Farinaz Koushanfar. 2018. Chameleon: A hybrid secure computation framework for machine learning applications. (012018).","DOI":"10.1145\/3196494.3196522"},{"issue":"4","key":"e_1_3_3_115_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3624010","article-title":"A survey of privacy attacks in machine learning","volume":"56","author":"Rigaki Maria","year":"2023","unstructured":"Maria Rigaki and Sebastian Garcia. 2023. A survey of privacy attacks in machine learning. Comput. Surv. 56, 4 (2023), 1\u201334.","journal-title":"Comput. Surv."},{"issue":"2","key":"e_1_3_3_116_2","doi-asserted-by":"crossref","first-page":"120","DOI":"10.1145\/359340.359342","article-title":"A method for obtaining digital signatures and public-key cryptosystems","volume":"21","author":"Rivest Ronald L.","year":"1978","unstructured":"Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman. 1978. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 2 (1978), 120\u2013126.","journal-title":"Commun. ACM"},{"key":"e_1_3_3_117_2","first-page":"1","volume-title":"Design Automation Conference (DAC\u201918)","volume":"1377","author":"Rouhani Bita Darvish","year":"2018","unstructured":"Bita Darvish Rouhani, M. Sadegh Riazi, and Farinaz Koushanfar. 2018. DeepSecure: Scalable provably-secure deep learning. In Design Automation Conference (DAC\u201918), Vol. Part F1377. 1\u20136. arxiv:1705.08963"},{"key":"e_1_3_3_118_2","first-page":"291","article-title":"AriaNN: Low-interaction privacy-preserving deep learning via function secret sharing","volume":"2022","author":"Ryffel Theo","year":"2022","unstructured":"Theo Ryffel, Pierre Tholoniat, David Pointcheval, and Francis R. Bach. 2022. AriaNN: Low-interaction privacy-preserving deep learning via function secret sharing. Proc. Privac Enhanc. Technol. 2022 (2022), 291\u2013316.","journal-title":"Proc. Privac Enhanc. Technol."},{"key":"e_1_3_3_119_2","doi-asserted-by":"crossref","first-page":"255","DOI":"10.1016\/j.asoc.2018.10.022","article-title":"A comparative analysis of speech signal processing algorithms for Parkinson\u2019s disease classification and the use of the tunable Q-factor wavelet transform","volume":"74","author":"Sakar C. Okan","year":"2019","unstructured":"C. Okan Sakar, Gorkem Serbes, Aysegul Gunduz, Hunkar C. Tunc, Hatice Nizam, Betul Erdogdu Sakar, Melih Tutuncu, Tarkan Aydin, M. Erdem Isenkul, and Hulya Apaydin. 2019. A comparative analysis of speech signal processing algorithms for Parkinson\u2019s disease classification and the use of the tunable Q-factor wavelet transform. Appl. Soft Comput. 74 (2019), 255\u2013263.","journal-title":"Appl. Soft Comput."},{"key":"e_1_3_3_120_2","article-title":"TAPAS: Tricks to accelerate (encrypted) prediction as a service","volume":"1806","author":"Sanyal Amartya","year":"2018","unstructured":"Amartya Sanyal, Matt J. Kusner, Adri\u00e0 Gasc\u00f3n, and Varun Kanade. 2018. TAPAS: Tricks to accelerate (encrypted) prediction as a service. CoRR abs\/1806.03461 (2018).","journal-title":"CoRR"},{"key":"e_1_3_3_121_2","article-title":"POSEIDON: Privacy-preserving federated neural network learning","volume":"2009","author":"Sav Sinem","year":"2020","unstructured":"Sinem Sav, Apostolos Pyrgelis, Juan Ram\u00f3n Troncoso-Pastoriza, David Froelicher, Jean-Philippe Bossuat, Joao Sa Sousa, and Jean-Pierre Hubaux. 2020. POSEIDON: Privacy-preserving federated neural network learning. CoRR abs\/2009.00349 (2020).","journal-title":"CoRR"},{"key":"e_1_3_3_122_2","unstructured":"SEAL 2018. Microsoft SEAL (release 3.0). Microsoft Research Redmond WA.Retrieved from http:\/\/sealcrypto.org."},{"key":"e_1_3_3_123_2","article-title":"Wireless federated learning with local differential privacy","author":"Seif Mohamed","year":"2020","unstructured":"Mohamed Seif, Ravi Tandon, and Ming Li. 2020. Wireless federated learning with local differential privacy. arXiv preprint arXiv:2002.05151 (2020).","journal-title":"arXiv preprint arXiv:2002.05151"},{"key":"e_1_3_3_124_2","doi-asserted-by":"publisher","DOI":"10.1145\/359168.359176"},{"key":"e_1_3_3_125_2","first-page":"1310","volume-title":"22nd ACM SIGSAC Conference on Computer and Communications Security","author":"Shokri Reza","year":"2015","unstructured":"Reza Shokri and Vitaly Shmatikov. 2015. Privacy-preserving deep learning. In 22nd ACM SIGSAC Conference on Computer and Communications Security. 1310\u20131321."},{"key":"e_1_3_3_126_2","doi-asserted-by":"publisher","DOI":"10.1109\/JSAIT.2021.3054610"},{"key":"e_1_3_3_127_2","article-title":"Impact of HbA1c measurement on hospital readmission rates: Analysis of 70,000 clinical database patient records","volume":"2014","author":"Strack Beata","year":"2014","unstructured":"Beata Strack, Jonathan P. DeShazo, Chris Gennings, Juan L. Olmo, Sebastian Ventura, Krzysztof J. Cios, and John N. Clore. 2014. Impact of HbA1c measurement on hospital readmission rates: Analysis of 70,000 clinical database patient records. BioMed Res. Int. 2014 (2014).","journal-title":"BioMed Res. Int."},{"key":"e_1_3_3_128_2","volume-title":"LDP-FL: Practical Private Aggregation in Federated Learning with Local Differential Privacy","author":"Sun Lichao","year":"2020","unstructured":"Lichao Sun, Jianwei Qian, Xun Chen, and Philip S. Yu. 2020. LDP-FL: Practical Private Aggregation in Federated Learning with Local Differential Privacy. Technical Report. arxiv:2007.15789v1"},{"key":"e_1_3_3_129_2","doi-asserted-by":"publisher","DOI":"10.3390\/electronics8040411"},{"key":"e_1_3_3_130_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3023084"},{"key":"e_1_3_3_131_2","unstructured":"Tensorflow. 2019. Text Generation with an RNN. Retrieved from https:\/\/www.tensorflow.org\/tutorials\/text\/text_generation"},{"key":"e_1_3_3_132_2","first-page":"8485","volume-title":"AAAI Conference on Artificial Intelligence","volume":"36","author":"Thapa Chandra","year":"2022","unstructured":"Chandra Thapa, Pathum Chamikara Mahawaga Arachchige, Seyit Camtepe, and Lichao Sun. 2022. SplitFed: When federated learning meets split learning. In AAAI Conference on Artificial Intelligence, Vol. 36. 8485\u20138493."},{"key":"e_1_3_3_133_2","first-page":"1","volume-title":"12th ACM Workshop on Artificial Intelligence and Security","author":"Truex Stacey","year":"2019","unstructured":"Stacey Truex, Nathalie Baracaldo, Ali Anwar, Thomas Steinke, Heiko Ludwig, Rui Zhang, and Yi Zhou. 2019. A hybrid approach to privacy-preserving federated learning. In 12th ACM Workshop on Artificial Intelligence and Security. 1\u201311."},{"key":"e_1_3_3_134_2","first-page":"250","volume-title":"IEEE 14th International Conference on Cloud Computing (CLOUD\u201921)","author":"Turina Valeria","year":"2021","unstructured":"Valeria Turina, Zongshun Zhang, Flavio Esposito, and Ibrahim Matta. 2021. Federated or split? A performance and privacy analysis of hybrid split and federated learning architectures. In IEEE 14th International Conference on Cloud Computing (CLOUD\u201921). IEEE, 250\u2013260."},{"key":"e_1_3_3_135_2","article-title":"Split learning for health: Distributed deep learning without sharing raw patient data","author":"Vepakomma Praneeth","year":"2018","unstructured":"Praneeth Vepakomma, Otkrist Gupta, Tristan Swedish, and Ramesh Raskar. 2018. Split learning for health: Distributed deep learning without sharing raw patient data. arXiv preprint arXiv:1812.00564 (2018).","journal-title":"arXiv preprint arXiv:1812.00564"},{"key":"e_1_3_3_136_2","first-page":"442","article-title":"SecureNN: Efficient and private neural network training","volume":"2018","author":"Wagh Sameer","year":"2018","unstructured":"Sameer Wagh, Divya Gupta, and Nishanth Chandran. 2018. SecureNN: Efficient and private neural network training. IACR Cryptol. ePrint Arch. 2018 (2018), 442.","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"e_1_3_3_137_2","volume-title":"Privacy Enhancing Technologies Symposium","author":"Wagh Sameer","year":"2019","unstructured":"Sameer Wagh, Divya Gupta, and Nishanth Chandran. 2019. SecureNN: Efficient and private neural network training. In Privacy Enhancing Technologies Symposium(PETS\u201919). Retrieved from https:\/\/www.microsoft.com\/en-us\/research\/publication\/securenn-efficient-and-private-neural-network-training\/"},{"key":"e_1_3_3_138_2","article-title":"FALCON: Honest-majority maliciously secure framework for private deep learning","volume":"2004","author":"Wagh Sameer","year":"2020","unstructured":"Sameer Wagh, Shruti Tople, Fabrice Benhamouda, Eyal Kushilevitz, Prateek Mittal, and Tal Rabin. 2020. FALCON: Honest-majority maliciously secure framework for private deep learning. CoRR abs\/2004.02229 (2020).","journal-title":"CoRR"},{"key":"e_1_3_3_139_2","article-title":"Analytical composition of differential privacy via the Edgeworth Accountant","author":"Wang Hua","year":"2022","unstructured":"Hua Wang, Sheng Gao, Huanyu Zhang, Milan Shen, and Weijie J. Su. 2022. Analytical composition of differential privacy via the Edgeworth Accountant. arXiv preprint arXiv:2206.04236 (2022).","journal-title":"arXiv preprint arXiv:2206.04236"},{"key":"e_1_3_3_140_2","volume-title":"Federated Latent Dirichlet Allocation: A Local Differential Privacy Based Framework","author":"Wang Yansheng","year":"2020","unstructured":"Yansheng Wang, Yongxin Tong, and Dingyuan Shi. 2020. Federated Latent Dirichlet Allocation: A Local Differential Privacy Based Framework. Technical Report. Retrieved from www.aaai.org"},{"key":"e_1_3_3_141_2","volume-title":"EDBT\/ICDT Workshops","author":"Wang Yue","year":"2016","unstructured":"Yue Wang, Xintao Wu, and Donghui Hu. 2016. Using randomized response for differential privacy preserving data collection. In EDBT\/ICDT Workshops, Vol. 1558."},{"issue":"309","key":"e_1_3_3_142_2","doi-asserted-by":"crossref","first-page":"63","DOI":"10.1080\/01621459.1965.10480775","article-title":"Randomized response: A survey technique for eliminating evasive answer bias","volume":"60","author":"Warner Stanley L.","year":"1965","unstructured":"Stanley L. Warner. 1965. Randomized response: A survey technique for eliminating evasive answer bias. J. Am. Stat. Assoc. 60, 309 (1965), 63\u201369.","journal-title":"J. Am. Stat. Assoc."},{"key":"e_1_3_3_143_2","first-page":"797","volume-title":"IEEE 41st International Conference on Distributed Computing Systems (ICDCS\u201921)","author":"Wei Wenqi","year":"2021","unstructured":"Wenqi Wei, Ling Liu, Yanzhao Wut, Gong Su, and Arun Iyengar. 2021. Gradient-leakage resilient federated learning. In IEEE 41st International Conference on Distributed Computing Systems (ICDCS\u201921). IEEE, 797\u2013807."},{"key":"e_1_3_3_144_2","first-page":"911","article-title":"VerifyNet: Secure and verifiable federated learning","volume":"15","author":"Xu Guowen","year":"2019","unstructured":"Guowen Xu, Hongwei Li, Sen Liu, Kan Yang, and Xiaodong Lin. 2019. VerifyNet: Secure and verifiable federated learning. IEEE Trans. Inf. Forens. Secur. 15 (2019), 911\u2013926.","journal-title":"IEEE Trans. Inf. Forens. Secur."},{"key":"e_1_3_3_145_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2019.2929409"},{"key":"e_1_3_3_146_2","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2020.3005909"},{"key":"e_1_3_3_147_2","article-title":"HybridAlpha: An efficient approach for privacy-preserving federated learning","volume":"1912","author":"Xu Runhua","year":"2019","unstructured":"Runhua Xu, Nathalie Baracaldo, Yi Zhou, Ali Anwar, and Heiko Ludwig. 2019. HybridAlpha: An efficient approach for privacy-preserving federated learning. CoRR abs\/1912.05897 (2019).","journal-title":"CoRR"},{"key":"e_1_3_3_148_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.aam.2004.03.002"},{"key":"e_1_3_3_149_2","doi-asserted-by":"crossref","first-page":"92921","DOI":"10.1109\/ACCESS.2019.2927163","article-title":"Privacy-preserving compressive model for enhanced deep-learning-based service provision system in edge computing","volume":"7","author":"Yan Yushuang","year":"2019","unstructured":"Yushuang Yan, Qingqi Pei, and Hongning Li. 2019. Privacy-preserving compressive model for enhanced deep-learning-based service provision system in edge computing. IEEE Access 7 (2019), 92921\u201392937.","journal-title":"IEEE Access"},{"key":"e_1_3_3_150_2","doi-asserted-by":"publisher","DOI":"10.1109\/SFCS.1986.25"},{"key":"e_1_3_3_151_2","doi-asserted-by":"publisher","DOI":"10.1145\/3460427"},{"key":"e_1_3_3_152_2","article-title":"Privacy-preserving federated deep learning for cooperative hierarchical caching in fog computing","author":"Yu Zhengxin","year":"2021","unstructured":"Zhengxin Yu, Jia Hu, Geyong Min, Zi Wang, Wang Miao, and Shancang Li. 2021. Privacy-preserving federated deep learning for cooperative hierarchical caching in fog computing. IEEE Internet Things J. (2021).","journal-title":"IEEE Internet Things J."},{"key":"e_1_3_3_153_2","article-title":"Practical, label private deep learning training based on secure multiparty computation and differential privacy","author":"Yuan Sen","year":"2021","unstructured":"Sen Yuan, Milan Shen, Ilya Mironov, and Anderson C. A. Nascimento. 2021. Practical, label private deep learning training based on secure multiparty computation and differential privacy. Cryptology ePrint Archive (2021).","journal-title":"Cryptology ePrint Archive"},{"key":"e_1_3_3_154_2","volume-title":"USENIX Annual Technical Conference (USENIX ATC\u201920)","author":"Zhang Chengliang","year":"2020","unstructured":"Chengliang Zhang, Suyi Li, Junzhe Xia, Wei Wang, Feng Yan, and Yang Liu. 2020. BatchCrypt: Efficient homomorphic encryption for cross-silo federated learning. In USENIX Annual Technical Conference (USENIX ATC\u201920)."},{"key":"e_1_3_3_155_2","first-page":"538","volume-title":"International Conference on Machine Learning and Intelligent Communications","author":"Zhang Jiale","year":"2019","unstructured":"Jiale Zhang, Junyu Wang, Yanchao Zhao, and Bing Chen. 2019. An efficient federated learning scheme with differential privacy in mobile edge computing. In International Conference on Machine Learning and Intelligent Communications. Springer, 538\u2013550."},{"key":"e_1_3_3_156_2","article-title":"Functional mechanism: Regression analysis under differential privacy","author":"Zhang Jun","year":"2012","unstructured":"Jun Zhang, Zhenjie Zhang, Xiaokui Xiao, Yin Yang, and Marianne Winslett. 2012. Functional mechanism: Regression analysis under differential privacy. arXiv preprint arXiv:1208.0219 (2012).","journal-title":"arXiv preprint arXiv:1208.0219"},{"key":"e_1_3_3_157_2","doi-asserted-by":"publisher","unstructured":"Qiao Zhang Cong Wang Hongyi Wu Chunsheng Xin and T. V. X. Phuong. 2018. GELU-Net: A globally encrypted locally unencrypted deep neural network for privacy-preserved learning. 3933\u20133939. DOI:10.24963\/ijcai.2018\/547","DOI":"10.24963\/ijcai.2018\/547"},{"key":"e_1_3_3_158_2","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2021.3058638"},{"key":"e_1_3_3_159_2","doi-asserted-by":"crossref","first-page":"1486","DOI":"10.1109\/TIFS.2019.2939713","article-title":"Privacy-preserving collaborative deep learning with unreliable participants","volume":"15","author":"Zhao Lingchen","year":"2019","unstructured":"Lingchen Zhao, Qian Wang, Qin Zou, Yan Zhang, and Yanjiao Chen. 2019. Privacy-preserving collaborative deep learning with unreliable participants. IEEE Trans. Inf. Forens. Secur. 15 (2019), 1486\u20131500.","journal-title":"IEEE Trans. Inf. Forens. Secur."},{"key":"e_1_3_3_160_2","volume-title":"Federated f-Differential Privacy","author":"Zheng Qinqing","year":"2021","unstructured":"Qinqing Zheng, Shuxiao Chen, Qi Long, and Weijie J. Su. 2021. Federated f-Differential Privacy. Technical Report. arxiv:2102.11158v1"},{"issue":"7","key":"e_1_3_3_161_2","doi-asserted-by":"crossref","first-page":"1332","DOI":"10.1109\/JSTSP.2015.2427113","article-title":"PPDM: A privacy-preserving protocol for cloud-assisted e-healthcare systems","volume":"9","author":"Zhou Jun","year":"2015","unstructured":"Jun Zhou, Zhenfu Cao, Xiaolei Dong, and Xiaodong Lin. 2015. PPDM: A privacy-preserving protocol for cloud-assisted e-healthcare systems. IEEE J. Select. Topics Signal Process. 9, 7 (2015), 1332\u20131344.","journal-title":"IEEE J. Select. Topics Signal Process."},{"key":"e_1_3_3_162_2","article-title":"Property inference attacks against GANs","author":"Zhou Junhao","year":"2021","unstructured":"Junhao Zhou, Yufei Chen, Chao Shen, and Yang Zhang. 2021. Property inference attacks against GANs. arXiv preprint arXiv:2111.07608 (2021).","journal-title":"arXiv preprint arXiv:2111.07608"},{"key":"e_1_3_3_163_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2021.08.062"},{"key":"e_1_3_3_164_2","first-page":"314","volume-title":"Cyberspace Safety and Security: 14th International Symposium, CSS 2022, Xi\u2019an, China, October 16\u201318, 2022, Proceedings","author":"Zuo Ruozhou","year":"2022","unstructured":"Ruozhou Zuo, Haibo Tian, Zhiyuan An, and Fangguo Zhang. 2022. Post-quantum privacy-preserving aggregation in federated learning based on lattice. In Cyberspace Safety and Security: 14th International Symposium, CSS 2022, Xi\u2019an, China, October 16\u201318, 2022, Proceedings. Springer, 314\u2013326."}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3703452","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3703452","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:18:08Z","timestamp":1750295888000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3703452"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,9]]},"references-count":163,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2025,4,30]]}},"alternative-id":["10.1145\/3703452"],"URL":"https:\/\/doi.org\/10.1145\/3703452","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"value":"0360-0300","type":"print"},{"value":"1557-7341","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,12,9]]},"assertion":[{"value":"2023-04-07","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-10-19","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-12-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}