{"id":"https://openalex.org/W3034821544","doi":"https://doi.org/10.24963/ijcai.2020/488","title":"Learning Model with Error -- Exposing the Hidden Model of BAYHENN","display_name":"Learning Model with Error -- Exposing the Hidden Model of BAYHENN","publication_year":2020,"publication_date":"2020-07-01","ids":{"openalex":"https://openalex.org/W3034821544","doi":"https://doi.org/10.24963/ijcai.2020/488","mag":"3034821544"},"language":"en","primary_location":{"id":"doi:10.24963/ijcai.2020/488","is_oa":true,"landing_page_url":"https://doi.org/10.24963/ijcai.2020/488","pdf_url":"https://www.ijcai.org/proceedings/2020/0488.pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Twenty-Ninth International Joint Conference on Artificial Intelligence","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.ijcai.org/proceedings/2020/0488.pdf","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101799360","display_name":"Harry W. H. Wong","orcid":"https://orcid.org/0009-0001-0443-2041"},"institutions":[{"id":"https://openalex.org/I177725633","display_name":"Chinese University of Hong Kong","ror":"https://ror.org/00t33hh48","country_code":"CN","type":"education","lineage":["https://openalex.org/I177725633"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Harry W. H. Wong","raw_affiliation_strings":["The Chinese University of Hong Kong, Hong Kong","Department of Information Engineering, The Chinese University of Hong Kong, Hong Kong"],"affiliations":[{"raw_affiliation_string":"The Chinese University of Hong Kong, Hong Kong","institution_ids":["https://openalex.org/I177725633"]},{"raw_affiliation_string":"Department of Information Engineering, The Chinese University of Hong Kong, Hong Kong","institution_ids":["https://openalex.org/I177725633"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088950683","display_name":"P. K. Jack","orcid":"https://orcid.org/0009-0007-0660-5384"},"institutions":[{"id":"https://openalex.org/I177725633","display_name":"Chinese University of Hong Kong","ror":"https://ror.org/00t33hh48","country_code":"CN","type":"education","lineage":["https://openalex.org/I177725633"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jack P. K. Ma","raw_affiliation_strings":["The Chinese University of Hong Kong, Hong Kong","Department of Information Engineering, The Chinese University of Hong Kong, Hong Kong"],"affiliations":[{"raw_affiliation_string":"The Chinese University of Hong Kong, Hong Kong","institution_ids":["https://openalex.org/I177725633"]},{"raw_affiliation_string":"Department of Information Engineering, The Chinese University of Hong Kong, Hong Kong","institution_ids":["https://openalex.org/I177725633"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101198540","display_name":"Donald Wong","orcid":null},"institutions":[{"id":"https://openalex.org/I177725633","display_name":"Chinese University of Hong Kong","ror":"https://ror.org/00t33hh48","country_code":"CN","type":"education","lineage":["https://openalex.org/I177725633"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Donald P. H. Wong","raw_affiliation_strings":["The Chinese University of Hong Kong, Hong Kong","Department of Information Engineering, The Chinese University of Hong Kong, Hong Kong"],"affiliations":[{"raw_affiliation_string":"The Chinese University of Hong Kong, Hong Kong","institution_ids":["https://openalex.org/I177725633"]},{"raw_affiliation_string":"Department of Information Engineering, The Chinese University of Hong Kong, Hong Kong","institution_ids":["https://openalex.org/I177725633"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058487917","display_name":"Lucien K. L. Ng","orcid":"https://orcid.org/0000-0003-3662-3237"},"institutions":[{"id":"https://openalex.org/I177725633","display_name":"Chinese University of Hong Kong","ror":"https://ror.org/00t33hh48","country_code":"CN","type":"education","lineage":["https://openalex.org/I177725633"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lucien K. L. Ng","raw_affiliation_strings":["The Chinese University of Hong Kong, Hong Kong","Department of Information Engineering, The Chinese University of Hong Kong, Hong Kong"],"affiliations":[{"raw_affiliation_string":"The Chinese University of Hong Kong, Hong Kong","institution_ids":["https://openalex.org/I177725633"]},{"raw_affiliation_string":"Department of Information Engineering, The Chinese University of Hong Kong, Hong Kong","institution_ids":["https://openalex.org/I177725633"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5067752906","display_name":"Sherman S. M. Chow","orcid":"https://orcid.org/0000-0001-7306-453X"},"institutions":[{"id":"https://openalex.org/I177725633","display_name":"Chinese University of Hong Kong","ror":"https://ror.org/00t33hh48","country_code":"CN","type":"education","lineage":["https://openalex.org/I177725633"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Sherman S. M. Chow","raw_affiliation_strings":["The Chinese University of Hong Kong, Hong Kong","Department of Information Engineering, The Chinese University of Hong Kong, Hong Kong"],"affiliations":[{"raw_affiliation_string":"The Chinese University of Hong Kong, Hong Kong","institution_ids":["https://openalex.org/I177725633"]},{"raw_affiliation_string":"Department of Information Engineering, The Chinese University of Hong Kong, Hong Kong","institution_ids":["https://openalex.org/I177725633"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5067752906"],"corresponding_institution_ids":["https://openalex.org/I177725633"],"apc_list":null,"apc_paid":null,"fwci":0.7954,"has_fulltext":false,"cited_by_count":6,"citation_normalized_percentile":{"value":0.78027826,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"3529","last_page":"3535"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9965999722480774,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8001740574836731},{"id":"https://openalex.org/keywords/oracle","display_name":"Oracle","score":0.748366117477417},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.5160305500030518},{"id":"https://openalex.org/keywords/homomorphic-encryption","display_name":"Homomorphic encryption","score":0.5092092752456665},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.5063382387161255},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.48314327001571655},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.4729478061199188},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.45068424940109253},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.4293452501296997},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.39705589413642883},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.37896016240119934},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3047458231449127}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8001740574836731},{"id":"https://openalex.org/C55166926","wikidata":"https://www.wikidata.org/wiki/Q2892946","display_name":"Oracle","level":2,"score":0.748366117477417},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.5160305500030518},{"id":"https://openalex.org/C158338273","wikidata":"https://www.wikidata.org/wiki/Q2154943","display_name":"Homomorphic encryption","level":3,"score":0.5092092752456665},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.5063382387161255},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.48314327001571655},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.4729478061199188},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.45068424940109253},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.4293452501296997},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.39705589413642883},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.37896016240119934},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3047458231449127},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.24963/ijcai.2020/488","is_oa":true,"landing_page_url":"https://doi.org/10.24963/ijcai.2020/488","pdf_url":"https://www.ijcai.org/proceedings/2020/0488.pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Twenty-Ninth International Joint Conference on Artificial Intelligence","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.24963/ijcai.2020/488","is_oa":true,"landing_page_url":"https://doi.org/10.24963/ijcai.2020/488","pdf_url":"https://www.ijcai.org/proceedings/2020/0488.pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Twenty-Ninth International Joint Conference on Artificial Intelligence","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.5199999809265137}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3034821544.pdf","grobid_xml":"https://content.openalex.org/works/W3034821544.grobid-xml"},"referenced_works_count":13,"referenced_works":["https://openalex.org/W2031738616","https://openalex.org/W2051267297","https://openalex.org/W2164411961","https://openalex.org/W2435473771","https://openalex.org/W2744061387","https://openalex.org/W2805074088","https://openalex.org/W2808706611","https://openalex.org/W2950460048","https://openalex.org/W2960656885","https://openalex.org/W2963752132","https://openalex.org/W2965929808","https://openalex.org/W2968989294","https://openalex.org/W4297952240"],"related_works":["https://openalex.org/W2539930818","https://openalex.org/W4393118461","https://openalex.org/W4390664647","https://openalex.org/W3012147850","https://openalex.org/W4388150944","https://openalex.org/W4313300189","https://openalex.org/W2949835517","https://openalex.org/W2601739120","https://openalex.org/W2625655658","https://openalex.org/W2887779253"],"abstract_inverted_index":{"Privacy-preserving":[0],"deep":[1],"neural":[2,50],"network":[3,51],"(DNN)":[4],"inference":[5],"remains":[6],"an":[7,171],"intriguing":[8],"problem":[9],"even":[10],"after":[11],"the":[12,48,67,83,91,100,105,139,148,156,160,165,179,192,205],"rapid":[13],"developments":[14],"of":[15,108,141,159,174],"different":[16,123],"communities.":[17],"One":[18],"challenge":[19],"is":[20,152,197],"that":[21,66,151],"cryptographic":[22],"techniques":[23],"such":[24],"as":[25,99],"homomorphic":[26],"encryption":[27],"(HE)":[28],"do":[29],"not":[30],"natively":[31],"support":[32],"non-linear":[33,75],"computations":[34],"(e.g.,":[35],"sigmoid).":[36],"A":[37],"recent":[38],"work,":[39],"BAYHENN":[40,109],"(Xie":[41],"et":[42],"al.,":[43],"IJCAI'19),":[44],"considers":[45],"HE":[46],"over":[47,58],"Bayesian":[49],"(BNN).":[52],"The":[53,63],"novelty":[54],"lies":[55],"in":[56],"\"meta-prediction\"":[57],"a":[59,119,134],"few":[60],"noisy":[61],"DNNs.":[62],"claim":[64,107],"was":[65,88],"clients":[68],"can":[69,190],"get":[70],"intermediate":[71],"outputs":[72],"(to":[73],"apply":[74],"function)":[76],"but":[77],"are":[78],"still":[79],"prevented":[80],"from":[81],"learning":[82],"exact":[84],"model":[85,150,168],"parameters,":[86],"which":[87,144],"justified":[89],"via":[90,110],"widely-used":[92],"learning-with-error":[93],"(LWE)":[94],"assumption":[95],"(with":[96],"Gaussian":[97],"noises":[98],"error).":[101],"This":[102,177],"paper":[103],"refutes":[104],"security":[106,120,183],"both":[111],"theoretical":[112],"and":[113,202,209],"empirical":[114],"analyses.":[115],"We":[116],"formally":[117],"define":[118],"game":[121],"with":[122,170],"oracle":[124,175],"queries":[125],"capturing":[126],"two":[127],"realistic":[128],"threat":[129],"models.":[130],"Our":[131],"attack":[132],"assuming":[133],"semi-honest":[135],"adversary":[136,167],"reveals":[137],"all":[138],"parameters":[140],"single-layer":[142],"BAYHENN,":[143],"generalizes":[145],"to":[146,212],"recovering":[147],"whole":[149],"\"as":[153],"good":[154],"as\"":[155],"BNN":[157,189],"approximation":[158],"original":[161],"DNN,":[162],"either":[163],"under":[164],"malicious":[166],"or":[169],"increased":[172],"number":[173],"queries.":[176],"shows":[178],"need":[180],"for":[181,204],"rigorous":[182],"analysis":[184],"(\"the":[185],"noise":[186],"introduced":[187],"by":[188],"obfuscate":[191],"model\"":[193],"fails":[194],"--":[195],"it":[196],"beyond":[198],"what":[199],"LWE":[200],"guarantees)":[201],"calls":[203],"collaboration":[206],"between":[207],"cryptographers":[208],"machine-learning":[210],"experts":[211],"devise":[213],"practical":[214],"yet":[215],"provably-secure":[216],"solutions.":[217]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":3}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}