{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:27:47Z","timestamp":1766442467870,"version":"3.48.0"},"publisher-location":"New York, NY, USA","reference-count":48,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T00:00:00Z","timestamp":1763769600000},"content-version":"vor","delay-in-days":3,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"CROSSCON","award":["101070537"],"award-info":[{"award-number":["101070537"]}]},{"name":"ACES","award":["101093126"],"award-info":[{"award-number":["101093126"]}]},{"name":"BMBF","award":["IoTGuard"],"award-info":[{"award-number":["IoTGuard"]}]},{"DOI":"10.13039\/501100001659","name":"Deutsche Forschungsgemeinschaft","doi-asserted-by":"publisher","award":["SFB-1119 CROSSING\/236615297"],"award-info":[{"award-number":["SFB-1119 CROSSING\/236615297"]}],"id":[{"id":"10.13039\/501100001659","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000185","name":"Defense Advanced Research Projects Agency","doi-asserted-by":"publisher","award":["HR0011-23-1-0006"],"award-info":[{"award-number":["HR0011-23-1-0006"]}],"id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"publisher"}]},{"name":"U.S. Army\/Department of Defense","award":["W911NF2020267"],"award-info":[{"award-number":["W911NF2020267"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,11,19]]},"DOI":"10.1145\/3719027.3765160","type":"proceedings-article","created":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T23:37:25Z","timestamp":1763854645000},"page":"321-334","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["<i>Z<\/i>\n                    ORRO: Zero-Knowledge Robustness and Privacy for Split Learning"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4329-0197","authenticated-orcid":false,"given":"Nojan","family":"Sheybani","sequence":"first","affiliation":[{"name":"University of California San Diego, La Jolla, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-1904-095X","authenticated-orcid":false,"given":"Alessandro","family":"Pegoraro","sequence":"additional","affiliation":[{"name":"Technical University of Darmstadt, Darmstadt, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-5646-1665","authenticated-orcid":false,"given":"Jonathan","family":"Knauer","sequence":"additional","affiliation":[{"name":"Technical University of Darmstadt, Darmstadt, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6216-7285","authenticated-orcid":false,"given":"Phillip","family":"Rieger","sequence":"additional","affiliation":[{"name":"Technical University of Darmstadt, Darmstadt, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0508-105X","authenticated-orcid":false,"given":"Elissa","family":"Mollakuqe","sequence":"additional","affiliation":[{"name":"Technical University of Darmstadt, Darmstadt, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0798-3794","authenticated-orcid":false,"given":"Farinaz","family":"Koushanfar","sequence":"additional","affiliation":[{"name":"University of California San Diego, La Jolla, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6833-3598","authenticated-orcid":false,"given":"Ahmad-Reza","family":"Sadeghi","sequence":"additional","affiliation":[{"name":"Technical University of Darmstadt, Darmstadt, Germany"}]}],"member":"320","published-online":{"date-parts":[[2025,11,22]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Meta AI. 2025. The Llama 4 Herd: The Beginning of a New Era of Natively Multimodal AI Innovation. https:\/\/ai.meta.com\/blog\/llama-4-multimodal-intelligence\/. https:\/\/ai.meta.com\/blog\/llama-4-multimodal-intelligence\/ Accessed: 2025-04-09."},{"key":"e_1_3_2_1_2_1","first-page":"2743","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Bai Yijie","year":"2023","unstructured":"Yijie Bai, Yanjiao Chen, Hanlei Zhang, Wenyuan Xu, Haiqin Weng, and Dou Goodman. 2023. {VILLAIN}: Backdoor attacks against vertical split learning. In 32nd USENIX Security Symposium (USENIX Security 23). USENIX, Anaheim, CA, 2743-2760."},{"volume-title":"A Little Is Enough: Circumventing Defenses For Distributed Learning","author":"Baruch Moran","key":"e_1_3_2_1_3_1","unstructured":"Moran Baruch, Gilad Baruch, and Yoav Goldberg. 2019. A Little Is Enough: Circumventing Defenses For Distributed Learning. In NIPS. IEEE, Vancouver, Canada, 11 pages."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10623-023-01292-8"},{"key":"e_1_3_2_1_5_1","unstructured":"Eli Ben-Sasson Iddo Bentov Yinon Horesh and Michael Riabzev. 2018. Scalable transparent and post-quantum secure computational integrity."},{"key":"e_1_3_2_1_6_1","first-page":"781","article-title":"Succinct Non-Interactive zero knowledge for a von neumann architecture","author":"Ben-Sasson Eli","year":"2014","unstructured":"Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, and Madars Virza. 2014. Succinct Non-Interactive zero knowledge for a von neumann architecture. In USENIX Security. 781-796.","journal-title":"USENIX Security."},{"key":"e_1_3_2_1_7_1","first-page":"896","article-title":"Compressing vector OLE. In CCS. ACM, Toronto","author":"Boyle Elette","year":"2018","unstructured":"Elette Boyle, Geoffroy Couteau, Niv Gilboa, and Yuval Ishai. 2018. Compressing vector OLE. In CCS. ACM, Toronto, Canada, 896-912.","journal-title":"Canada"},{"key":"e_1_3_2_1_8_1","unstructured":"California State Legislature. 2018. California Consumer Privacy Act. https:\/\/leginfo.legislature.ca.gov\/faces\/billTextClient.xhtml?bill_id=201720180SB1121."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3627703.3650088"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-09526-8_5"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"crossref","unstructured":"Sanjam Garg Aarushi Goel Somesh Jha Saeed Mahloujifar Mohammad Mahmoody Guru-Vamsi Policharla and Mingyuan Wang. 2023. Experimenting with zero-knowledge proofs of training. In CCS.","DOI":"10.1145\/3576915.3623202"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"crossref","unstructured":"Zahra Ghodsi Mojan Javaheripi Nojan Sheybani Xinqiao Zhang Ke Huang and Farinaz Koushanfar. 2023. zprobe: Zero peek robustness checks for federated learning. In Computer Vision and Pattern Recognition (CVPR).","DOI":"10.1109\/ICCV51070.2023.00448"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2018.05.003"},{"key":"e_1_3_2_1_14_1","unstructured":"Kaiming He Xiangyu Zhang Shaoqing Ren and Jian Sun. 2016. Deep residual learning for image recognition. In Computer Vision and Pattern Recognition (CVPR)."},{"key":"e_1_3_2_1_15_1","volume-title":"Backdoor Attack Against Split Neural Network-Based Vertical Federated Learning","author":"He Ying","year":"2023","unstructured":"Ying He, Zhili Shen, Jingyu Hua, Qixuan Dong, Jiacheng Niu, Wei Tong, Xu Huang, Chen Li, and Sheng Zhong. 2023. Backdoor Attack Against Split Neural Network-Based Vertical Federated Learning. IEEE Transactions on Information Forensics and Security (2023)."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"crossref","unstructured":"Zecheng He Tianwei Zhang and Ruby B Lee. 2019. Model inversion attacks against collaborative inference. In ACSAC.","DOI":"10.1145\/3359789.3359824"},{"key":"e_1_3_2_1_17_1","volume-title":"MESAS: Poisoning Defense for Federated Learning Resilient against Adaptive Attackers. In CCS.","author":"Krau\u00df Torsten","year":"2023","unstructured":"Torsten Krau\u00df, and Alexandra Dmitrienko. 2023. MESAS: Poisoning Defense for Federated Learning Resilient against Adaptive Attackers. In CCS."},{"key":"e_1_3_2_1_18_1","unstructured":"Tianyi Liu Xiang Xie and Yupeng Zhang. 2021. zkCNN: Zero knowledge proofs for convolutional neural network predictions and accuracy. In CCS. ACM SIGSAC Virtual Event Republic of Korea."},{"key":"e_1_3_2_1_19_1","volume-title":"Rofl: Robustness of secure federated learning","author":"Lycklama Hidde","year":"2023","unstructured":"Hidde Lycklama, Lukas Burkhalter, Alexander Viand, Nicolas K\u00fcchler, and Anwar Hithnawi. 2023. Rofl: Robustness of secure federated learning. In IEEE S&P. IEEE, SAN FRANCISCO, CA."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/GCWkshps58843.2023.10465123"},{"key":"e_1_3_2_1_21_1","first-page":"1273","article-title":"Communication-efficient learning of deep networks from decentralized data. In Artificial intelligence and statistics. PMLR, Fort Lauderdale","author":"McMahan Brendan","year":"2017","unstructured":"Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, and Blaise Aguera y Arcas. 2017. Communication-efficient learning of deep networks from decentralized data. In Artificial intelligence and statistics. PMLR, Fort Lauderdale, Florida, 1273-1282.","journal-title":"Florida"},{"volume-title":"Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning","author":"Nasr Milad","key":"e_1_3_2_1_22_1","unstructured":"Milad Nasr, Reza Shokri, and Amir Houmansadr. 2019. Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning. In IEEE S&P. IEEE, San Francisco, CA, 739-753."},{"key":"e_1_3_2_1_23_1","unstructured":"OpenCV Team. 2018. OpenCV 4.x Documentation: Core Functionality: Array Operations: DCT function. Online Documentation."},{"key":"e_1_3_2_1_24_1","volume-title":"Pytorch: An imperative style, high-performance deep learning library. Advances in neural information processing systems","author":"Paszke Adam","year":"2019","unstructured":"Adam Paszke, Sam Gross, Francisco Massa, Adam Lerer, James Bradbury, Gregory Chanan, Trevor Killeen, Zeming Lin, Natalia Gimelshein, Luca Antiga, et al., 2019. Pytorch: An imperative style, high-performance deep learning library. Advances in neural information processing systems, Vol. 32 (2019), 8026-8037."},{"key":"e_1_3_2_1_25_1","volume-title":"Dullahan: Stealthy Backdoor Attack against Without-Label-Sharing Split Learning. arXiv preprint arXiv:2405.12751","author":"Pu Yuwen","year":"2024","unstructured":"Yuwen Pu, Zhuoyuan Ding, Jiahao Chen, Chunyi Zhou, Qingming Li, Chunqiang Hu, and Shouling Ji. 2024. Dullahan: Stealthy Backdoor Attack against Without-Label-Sharing Split Learning. arXiv preprint arXiv:2405.12751 (2024)."},{"key":"e_1_3_2_1_26_1","volume-title":"On the Spectral Bias of Neural Networks. In International Conference on Machine Learning.","author":"Rahaman Nasim","year":"2019","unstructured":"Nasim Rahaman, Aristide Baratin, Devansh Arpit, Felix Draxler, Min Lin, Fred A. Hamprecht, Yoshua Bengio, and Aaron Courville. 2019. On the Spectral Bias of Neural Networks. In International Conference on Machine Learning."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"crossref","unstructured":"Phillip Rieger Alessandro Pegoraro Kavita Kumari Tigist Abera Jonathan Knauer and Ahmad-Reza Sadeghi. 2025. SafeSplit: A Novel Defense Against Client-Side Backdoor Attacks in Split Learning. In NDSS.","DOI":"10.14722\/ndss.2025.241698"},{"key":"e_1_3_2_1_28_1","volume-title":"Eiffel: Ensuring integrity for federated learning. In CCS.","author":"Chowdhury Amrita Roy","year":"2022","unstructured":"Amrita Roy Chowdhury, Chuan Guo, Somesh Jha, and Laurens van der Maaten. 2022. Eiffel: Ensuring integrity for federated learning. In CCS."},{"key":"e_1_3_2_1_29_1","volume-title":"Zero-Knowledge Proof Frameworks: A Survey. arXiv preprint arXiv:2502.07063","author":"Sheybani Nojan","year":"2025","unstructured":"Nojan Sheybani, Anees Ahmed, Michel Kinsy, and Farinaz Koushanfar. 2025a. Zero-Knowledge Proof Frameworks: A Survey. arXiv preprint arXiv:2502.07063 (2025)."},{"key":"e_1_3_2_1_30_1","volume-title":"ZORRO: Zero-Knowledge Robustness and Privacy for Split Learning (Full Version). arXiv preprint","author":"Sheybani Nojan","year":"2025","unstructured":"Nojan Sheybani, Alessandro Pegoraro, Jonathan Knauer, Phillip Rieger, Elissa Mollakuqe, Farinaz Koushanfar, and Ahmad Reza-Sadeghi. 2025b. ZORRO: Zero-Knowledge Robustness and Privacy for Split Learning (Full Version). arXiv preprint (2025)."},{"volume-title":"Very deep convolutional networks for large-scale image recognition","author":"Simonyan K","key":"e_1_3_2_1_31_1","unstructured":"K Simonyan and A Zisserman. 2015. Very deep convolutional networks for large-scale image recognition. In ICLR. Computational and Biological Learning Society."},{"key":"e_1_3_2_1_32_1","unstructured":"Haochen Sun Jason Li and Hongyang Zhang. 2024. zkllm: Zero knowledge proofs for large language models. In CCS."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"crossref","unstructured":"Christian Szegedy Wei Liu Yangqing Jia Pierre Sermanet Scott Reed Dragomir Anguelov Dumitru Erhan Vincent Vanhoucke and Andrew Rabinovich. 2015. Going deeper with convolutions. In Computer Vision and Pattern Recognition (CVPR).","DOI":"10.1109\/CVPR.2015.7298594"},{"key":"e_1_3_2_1_34_1","volume-title":"On Feasibility of Server-side Backdoor Attacks on Split Learning. In IEEE Security and Privacy Workshops (SPW). IEEE.","author":"Tajalli Behrad","year":"2023","unstructured":"Behrad Tajalli, O\u011fuzhan Ersoy, and Stjepan Picek. 2023. On Feasibility of Server-side Backdoor Attacks on Split Learning. In IEEE Security and Privacy Workshops (SPW). IEEE."},{"key":"e_1_3_2_1_35_1","unstructured":"European Union. 2018. General Data Protection Regulation. https:\/\/eur-lex.europa.eu\/eli\/reg\/2016\/679\/oj."},{"key":"e_1_3_2_1_36_1","volume-title":"States Congress.","author":"United","year":"1996","unstructured":"United States Congress. 1996. Health Insurance Portability and Accountability Act. https:\/\/www.govinfo.gov\/content\/pkg\/PLAW-104publ191\/pdf\/PLAW-104publ191.pdf."},{"key":"e_1_3_2_1_37_1","volume-title":"Split learning for health: Distributed deep learning without sharing raw patient data. arXiv preprint arXiv:1812.00564","author":"Vepakomma Praneeth","year":"2018","unstructured":"Praneeth Vepakomma, Otkrist Gupta, Tristan Swedish, and Ramesh Raskar. 2018. Split learning for health: Distributed deep learning without sharing raw patient data. arXiv preprint arXiv:1812.00564 (2018), 7 pages."},{"key":"e_1_3_2_1_38_1","volume-title":"NIPS","volume":"33","author":"Wang Hongyi","year":"2020","unstructured":"Hongyi Wang, Kartik Sreenivasan, Shashank Rajput, Harit Vishwakarma, Saurabh Agarwal, Jy-yong Sohn, Kangwook Lee, and Dimitris Papailiopoulos. 2020. Attack of the tails: Yes, you really can backdoor federated learning. In NIPS, Vol. 33. IEEE, Vancouver, Canada, 15 pages."},{"key":"e_1_3_2_1_39_1","unstructured":"Xiao Wang. 2025a. EMP-Toolkit. https:\/\/github.com\/emp-toolkit"},{"key":"e_1_3_2_1_40_1","unstructured":"Xiao Wang. 2025b. EMP-zk. wizkit team. https:\/\/github.com\/emp-toolkit\/emp-zk"},{"key":"e_1_3_2_1_41_1","first-page":"1074","article-title":"Wolverine: fast, scalable, and communication-efficient zero-knowledge proofs for boolean and arithmetic circuits","author":"Weng Chenkai","year":"2021","unstructured":"Chenkai Weng, Kang Yang, Jonathan Katz, and Xiao Wang. 2021a. Wolverine: fast, scalable, and communication-efficient zero-knowledge proofs for boolean and arithmetic circuits. In IEEE S&P. IEEE, 1074-1091.","journal-title":"IEEE S&P. IEEE"},{"key":"e_1_3_2_1_42_1","first-page":"501","article-title":"Mystique: Efficient conversions for Zero-Knowledge proofs with applications to machine learning. In USENIX Security","author":"Weng Chenkai","year":"2021","unstructured":"Chenkai Weng, Kang Yang, Xiang Xie, Jonathan Katz, and Xiao Wang. 2021b. Mystique: Efficient conversions for Zero-Knowledge proofs with applications to machine learning. In USENIX Security. USENIX, 501-518.","journal-title":"USENIX"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2873948"},{"key":"e_1_3_2_1_44_1","volume-title":"International Conference on Neural Information Processing. Springer, 264\u2013-274","author":"John Xu Zhi-Qin","year":"2019","unstructured":"Zhi-Qin John Xu, Yaoyu Zhang, and Yanyang Xiao. 2019. Training behavior of deep neural network in frequency domain. In International Conference on Neural Information Processing. Springer, 264\u2013-274."},{"key":"e_1_3_2_1_45_1","volume-title":"Robust split federated learning for u-shaped medical image networks. arXiv preprint arXiv:2212.06378","author":"Yang Ziyuan","year":"2022","unstructured":"Ziyuan Yang, Yingyu Chen, Huijie Huangfu, Maosong Ran, Hui Wang, Xiaoxiao Li, and Yi Zhang. 2022. Robust split federated learning for u-shaped medical image networks. arXiv preprint arXiv:2212.06378 (2022)."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.neunet.2023.09.037"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v38i15.29591"},{"key":"e_1_3_2_1_48_1","volume-title":"Wide residual networks. arXiv preprint arXiv:1605.07146","author":"Zagoruyko Sergey","year":"2016","unstructured":"Sergey Zagoruyko. 2016. Wide residual networks. arXiv preprint arXiv:1605.07146 (2016)."}],"event":{"name":"CCS '25: ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Taipei Taiwan","acronym":"CCS '25"},"container-title":["Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3765160","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3765160","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:26:19Z","timestamp":1766442379000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3719027.3765160"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,19]]},"references-count":48,"alternative-id":["10.1145\/3719027.3765160","10.1145\/3719027"],"URL":"https:\/\/doi.org\/10.1145\/3719027.3765160","relation":{},"subject":[],"published":{"date-parts":[[2025,11,19]]},"assertion":[{"value":"2025-11-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}