{"id":"https://openalex.org/W7124196489","doi":"https://doi.org/10.1109/icpads67057.2025.11322962","title":"Analysis of Bit-Flip Attacks on Encrypted Neural Networks","display_name":"Analysis of Bit-Flip Attacks on Encrypted Neural Networks","publication_year":2025,"publication_date":"2025-12-14","ids":{"openalex":"https://openalex.org/W7124196489","doi":"https://doi.org/10.1109/icpads67057.2025.11322962"},"language":null,"primary_location":{"id":"doi:10.1109/icpads67057.2025.11322962","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icpads67057.2025.11322962","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE 31th International Conference on Parallel and Distributed Systems (ICPADS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Zihao Yang","orcid":null},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zihao Yang","raw_affiliation_strings":["Institute of Information Engineering, CAS,State Key Laboratory of Cyberspace Security Defense,Beijing,China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, CAS,State Key Laboratory of Cyberspace Security Defense,Beijing,China","institution_ids":["https://openalex.org/I4210156404"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007729967","display_name":"Yilan Zhu","orcid":"https://orcid.org/0009-0006-7480-7562"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yilan Zhu","raw_affiliation_strings":["Ant Group,Beijing,China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Ant Group,Beijing,China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5122993729","display_name":"Rui Hou","orcid":null},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Rui Hou","raw_affiliation_strings":["Institute of Information Engineering, CAS,State Key Laboratory of Cyberspace Security Defense,Beijing,China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, CAS,State Key Laboratory of Cyberspace Security Defense,Beijing,China","institution_ids":["https://openalex.org/I4210156404"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5123050690","display_name":"Dan Meng","orcid":null},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Dan Meng","raw_affiliation_strings":["Institute of Information Engineering, CAS,State Key Laboratory of Cyberspace Security Defense,Beijing,China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, CAS,State Key Laboratory of Cyberspace Security Defense,Beijing,China","institution_ids":["https://openalex.org/I4210156404"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Shengyu Fan","orcid":null},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shengyu Fan","raw_affiliation_strings":["Institute of Information Engineering, CAS,State Key Laboratory of Cyberspace Security Defense,Beijing,China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, CAS,State Key Laboratory of Cyberspace Security Defense,Beijing,China","institution_ids":["https://openalex.org/I4210156404"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5123023647","display_name":"Mingzhe Zhang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Mingzhe Zhang","raw_affiliation_strings":["Ant Group,Beijing,China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Ant Group,Beijing,China","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.79516445,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"10"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.28610000014305115,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.28610000014305115,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.24639999866485596,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.07720000296831131,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.7074000239372253},{"id":"https://openalex.org/keywords/ciphertext","display_name":"Ciphertext","score":0.6499000191688538},{"id":"https://openalex.org/keywords/homomorphic-encryption","display_name":"Homomorphic encryption","score":0.5473999977111816},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.5216000080108643},{"id":"https://openalex.org/keywords/byte","display_name":"Byte","score":0.4875999987125397},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.44940000772476196},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.43970000743865967},{"id":"https://openalex.org/keywords/computation","display_name":"Computation","score":0.38530001044273376},{"id":"https://openalex.org/keywords/convolutional-neural-network","display_name":"Convolutional neural network","score":0.3440000116825104}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7588000297546387},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.7074000239372253},{"id":"https://openalex.org/C93974786","wikidata":"https://www.wikidata.org/wiki/Q1589480","display_name":"Ciphertext","level":3,"score":0.6499000191688538},{"id":"https://openalex.org/C158338273","wikidata":"https://www.wikidata.org/wiki/Q2154943","display_name":"Homomorphic encryption","level":3,"score":0.5473999977111816},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.5216000080108643},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5088000297546387},{"id":"https://openalex.org/C43364308","wikidata":"https://www.wikidata.org/wiki/Q8799","display_name":"Byte","level":2,"score":0.4875999987125397},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.44940000772476196},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.43970000743865967},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4366999864578247},{"id":"https://openalex.org/C45374587","wikidata":"https://www.wikidata.org/wiki/Q12525525","display_name":"Computation","level":2,"score":0.38530001044273376},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3506999909877777},{"id":"https://openalex.org/C81363708","wikidata":"https://www.wikidata.org/wiki/Q17084460","display_name":"Convolutional neural network","level":2,"score":0.3440000116825104},{"id":"https://openalex.org/C123201435","wikidata":"https://www.wikidata.org/wiki/Q456632","display_name":"Information privacy","level":2,"score":0.3375000059604645},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.3337000012397766},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.3310999870300293},{"id":"https://openalex.org/C7646194","wikidata":"https://www.wikidata.org/wiki/Q4818713","display_name":"Attribute-based encryption","level":4,"score":0.3073999881744385},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.30079999566078186},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.29589998722076416},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.2955999970436096},{"id":"https://openalex.org/C203062551","wikidata":"https://www.wikidata.org/wiki/Q201339","display_name":"Public-key cryptography","level":3,"score":0.27900001406669617},{"id":"https://openalex.org/C204241405","wikidata":"https://www.wikidata.org/wiki/Q461499","display_name":"Transformation (genetics)","level":3,"score":0.2662999927997589},{"id":"https://openalex.org/C139502532","wikidata":"https://www.wikidata.org/wiki/Q1122090","display_name":"Computational intelligence","level":2,"score":0.2648000121116638},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.26080000400543213},{"id":"https://openalex.org/C182776695","wikidata":"https://www.wikidata.org/wiki/Q840661","display_name":"Ciphertext indistinguishability","level":5,"score":0.25870001316070557},{"id":"https://openalex.org/C115961682","wikidata":"https://www.wikidata.org/wiki/Q860623","display_name":"Image (mathematics)","level":2,"score":0.257999986410141},{"id":"https://openalex.org/C75684735","wikidata":"https://www.wikidata.org/wiki/Q858810","display_name":"Big data","level":2,"score":0.25200000405311584},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.2515999972820282}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icpads67057.2025.11322962","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icpads67057.2025.11322962","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE 31th International Conference on Parallel and Distributed Systems (ICPADS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.8129523396492004,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":16,"referenced_works":["https://openalex.org/W236632755","https://openalex.org/W1494049356","https://openalex.org/W2022322548","https://openalex.org/W2031533839","https://openalex.org/W2194775991","https://openalex.org/W2401959250","https://openalex.org/W2768174108","https://openalex.org/W2981860227","https://openalex.org/W3034579202","https://openalex.org/W3112288498","https://openalex.org/W3156333129","https://openalex.org/W4307823778","https://openalex.org/W4319596548","https://openalex.org/W4390872667","https://openalex.org/W4391917884","https://openalex.org/W4391920156"],"related_works":[],"abstract_inverted_index":{"With":[0],"the":[1,29,35,54,66,103,109,144],"swift":[2],"progression":[3],"of":[4,31,38,56,59,71,111],"artificial":[5],"intelligence":[6],"and":[7,25,34,82,122],"deep":[8],"learning,":[9],"neural":[10,90,100],"networks":[11,101],"have":[12,41],"achieved":[13],"remarkable":[14],"success":[15],"in":[16,88],"domains":[17],"such":[18],"as":[19],"image":[20],"recognition,":[21],"natural":[22],"language":[23],"processing,":[24],"autonomous":[26],"driving.":[27],"However,":[28],"proliferation":[30],"data":[32,80],"scales":[33],"extensive":[36],"deployment":[37],"computational":[39,76],"resources":[40],"engendered":[42],"significant":[43],"privacy":[44,57],"concerns":[45],"for":[46,178],"users.":[47],"In":[48],"scenarios":[49],"involving":[50],"personal":[51],"sensitive":[52],"data,":[53,119],"safeguarding":[55],"is":[58,69],"utmost":[60],"importance.":[61],"Homomorphic":[62],"encryption":[63],"technology,":[64],"particularly":[65],"CKKS":[67],"scheme,":[68],"capable":[70],"performing":[72],"computations":[73],"with":[74],"minimal":[75],"error":[77],"while":[78],"preserving":[79],"privacy,":[81],"it":[83],"has":[84],"been":[85],"extensively":[86],"utilized":[87],"encrypted":[89,99],"networks.":[91],"This":[92],"paper":[93],"studies":[94],"Bit-Flip":[95],"Attacks":[96],"(BFAs)":[97],"on":[98],"under":[102],"RNS-CKKS":[104],"scheme.":[105],"We":[106],"empirically":[107],"analyze":[108],"effects":[110],"bit":[112],"flips":[113],"at":[114],"different":[115],"memory":[116],"locations\u2014covering":[117],"ciphertext":[118],"model":[120,142,152],"weights,":[121],"evaluation":[123],"keys\u2014and":[124],"report":[125],"their":[126],"observable":[127],"outcomes":[128],"(silent":[129],"misclassification,":[130],"irregular":[131],"yet":[132],"decodable":[133],"outputs,":[134],"or":[135],"computation":[136],"aborts).":[137],"Under":[138],"a":[139],"realistic":[140],"threat":[141],"where":[143],"adversary":[145],"cannot":[146],"precisely":[147],"target":[148],"bytes":[149],"nor":[150],"observe":[151],"predictions,":[153],"BFAs":[154],"can":[155],"corrupt":[156],"results":[157],"but":[158],"do":[159],"not":[160],"leak":[161],"additional":[162],"information.":[163],"Our":[164],"findings":[165],"indicate":[166],"that":[167,174],"key":[168],"corruption":[169],"often":[170],"produces":[171],"conspicuous":[172],"anomalies":[173],"offer":[175],"detection":[176],"potential":[177],"defenders.":[179]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-01-15T00:00:00"}