{"id":"https://openalex.org/W7159005582","doi":"https://doi.org/10.48550/arxiv.2604.26505","title":"Quantamination: Dynamic Quantization Leaks Your Data Across the Batch","display_name":"Quantamination: Dynamic Quantization Leaks Your Data Across the Batch","publication_year":2026,"publication_date":"2026-04-29","ids":{"openalex":"https://openalex.org/W7159005582","doi":"https://doi.org/10.48550/arxiv.2604.26505"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.26505","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.26505","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.26505","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5099173797","display_name":"Hanna Foerster","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Foerster, Hanna","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134876682","display_name":"Ilia Shumailov","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Shumailov, Ilia","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134878023","display_name":"Cheng Zhang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Cheng","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134884455","display_name":"Yiren Zhao","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhao, Yiren","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134911857","display_name":"Jamie Hayes","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Hayes, Jamie","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5128724690","display_name":"Robert Mullins","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Mullins, Robert","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5099173797"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.5095000267028809,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.5095000267028809,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.3815000057220459,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.04149999842047691,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/quantization","display_name":"Quantization (signal processing)","score":0.82669997215271},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.7914999723434448},{"id":"https://openalex.org/keywords/buffer-overflow","display_name":"Buffer overflow","score":0.613099992275238},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.47589999437332153},{"id":"https://openalex.org/keywords/vector-quantization","display_name":"Vector quantization","score":0.4684999883174896},{"id":"https://openalex.org/keywords/security-token","display_name":"Security token","score":0.41290000081062317},{"id":"https://openalex.org/keywords/dynamic-data","display_name":"Dynamic data","score":0.3919000029563904}],"concepts":[{"id":"https://openalex.org/C28855332","wikidata":"https://www.wikidata.org/wiki/Q198099","display_name":"Quantization (signal processing)","level":2,"score":0.82669997215271},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.7914999723434448},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7515000104904175},{"id":"https://openalex.org/C40842320","wikidata":"https://www.wikidata.org/wiki/Q19423","display_name":"Buffer overflow","level":2,"score":0.613099992275238},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.47589999437332153},{"id":"https://openalex.org/C199833920","wikidata":"https://www.wikidata.org/wiki/Q612536","display_name":"Vector quantization","level":2,"score":0.4684999883174896},{"id":"https://openalex.org/C48145219","wikidata":"https://www.wikidata.org/wiki/Q1335365","display_name":"Security token","level":2,"score":0.41290000081062317},{"id":"https://openalex.org/C197298091","wikidata":"https://www.wikidata.org/wiki/Q5318963","display_name":"Dynamic data","level":2,"score":0.3919000029563904},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.3896999955177307},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.3264000117778778},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.31290000677108765},{"id":"https://openalex.org/C28034677","wikidata":"https://www.wikidata.org/wiki/Q17092530","display_name":"Interleaving","level":2,"score":0.2994999885559082},{"id":"https://openalex.org/C113775141","wikidata":"https://www.wikidata.org/wiki/Q428691","display_name":"Computer engineering","level":1,"score":0.2881999909877777},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.2856000065803528},{"id":"https://openalex.org/C2777851325","wikidata":"https://www.wikidata.org/wiki/Q7094102","display_name":"Online model","level":2,"score":0.27559998631477356},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.2745000123977661},{"id":"https://openalex.org/C169590947","wikidata":"https://www.wikidata.org/wiki/Q47506","display_name":"Compiler","level":2,"score":0.27239999175071716},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.27090001106262207},{"id":"https://openalex.org/C93372532","wikidata":"https://www.wikidata.org/wiki/Q6552455","display_name":"Linde\u2013Buzo\u2013Gray algorithm","level":3,"score":0.26919999718666077},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.25609999895095825},{"id":"https://openalex.org/C2779201187","wikidata":"https://www.wikidata.org/wiki/Q2775060","display_name":"Information leakage","level":2,"score":0.25540000200271606}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.26505","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.26505","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.26505","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.26505","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Dynamic":[0],"quantization":[1,24,27,55,68,109],"emerged":[2],"as":[3,56,121],"a":[4,98,208],"practical":[5],"approach":[6],"to":[7,36,78,111,177,196],"increase":[8],"the":[9,14,37,118,122,147,167,186],"utilization":[10],"and":[11,49,74,82],"efficiency":[12,86],"of":[13,166],"machine":[15,43],"learning":[16,44],"serving":[17,85,215],"flow.":[18],"Unlike":[19],"static":[20],"quantization,":[21,130],"which":[22],"applies":[23],"offline,":[25],"dynamic":[26,54,67,102,129],"operates":[28],"on":[29],"tensors":[30],"at":[31,163],"run-time,":[32],"adapting":[33],"its":[34],"parameters":[35],"actual":[38],"input":[39,205],"data.":[40],"Today's":[41],"mainstream":[42],"frameworks,":[45],"including":[46],"ML":[47,170,214],"compilers":[48],"inference":[50],"engines,":[51],"frequently":[52],"recommend":[53],"an":[57,104],"initial":[58],"step":[59],"for":[60,212],"optimizing":[61],"model":[62,84,91],"serving.":[63],"This":[64,189],"is":[65],"because":[66],"can":[69,106,136,179],"significantly":[70],"reduce":[71],"memory":[72],"usage":[73],"computational":[75],"load,":[76],"leading":[77],"faster":[79],"token":[80],"generation":[81],"improved":[83],"without":[87],"substantial":[88],"loss":[89],"in":[90,101,117,172,192],"accuracy.":[92],"In":[93],"this":[94,152],"paper,":[95],"we":[96,160],"reveal":[97],"critical":[99],"vulnerability":[100],"quantization:":[103],"adversary":[105],"exploit":[107],"such":[108],"strategy":[110],"steal":[112],"sensitive":[113],"user":[114],"data":[115,184,190],"placed":[116],"same":[119,148],"batch":[120,187],"adversary's":[123],"input.":[124],"Our":[125],"analysis":[126],"demonstrates":[127],"that":[128,140,162,182],"when":[131],"improperly":[132],"implemented":[133],"or":[134,178,198],"configured,":[135],"create":[137],"side":[138],"channels":[139],"expose":[141],"information":[142],"about":[143],"other":[144,202],"inputs":[145],"within":[146],"batch.":[149],"We":[150],"call":[151],"phenomenon":[153],"Quantamination,":[154],"describing":[155],"contamination":[156],"from":[157],"quantization.":[158],"Specifically,":[159],"show":[161],"least":[164],"4":[165],"most":[168],"popular":[169],"frameworks":[171],"use":[173,180],"today":[174],"either":[175],"default":[176],"configurations":[181],"leak":[183],"across":[185],"boundary.":[188],"leakage,":[191],"theory,":[193],"allows":[194],"attackers":[195],"partially":[197],"even":[199],"fully":[200],"recover":[201],"users'":[203],"batched":[204],"data,":[206],"representing":[207],"serious":[209],"privacy":[210],"risk":[211],"existing":[213],"frameworks.":[216]},"counts_by_year":[],"updated_date":"2026-05-01T06:10:29.291645","created_date":"2026-05-01T00:00:00"}