

























Bingsheng Zhang, Zhejiang University
Tianpei Lu, Zhejiang University
With the expansion of Machine Learning as a Service (MLaaS), Secure Multi-Party Computation (MPC) is widely used to protect the privacy of both proprietary models and client data during inference. To achieve practical performance, these protocols typically rely on fixed-point arithmetic over finite rings. However, this design choice introduces a unique arithmetic vulnerability: silent modular wraparound. In this paper, we propose a novel model extraction attack that actively exploits this behavior to accurately recover neural network parameters. Unlike existing methods that heavily rely on the non-differentiable points of piecewise linear activation functions (e.g., ReLU [CRYPTO 20, EUROCRYPT 25]), our attack leverages the discontinuous jumps triggered by modular wraparound. We successfully extract parameters from networks employing smooth activation functions (e.g., Swish, GELU) and effectively handle expansive network architectures where previous differential attacks fail. We present polynomial-time algorithms for recovering neuron signatures, norms, and signs, demonstrating that our approach remains highly robust even in restricted black-box scenarios where only top-1 label and probability are available to the attacker. Rigorous theoretical proofs and signal-to-interference ratio (SIR) analyses confirm that our sign recovery method significantly outperforms existing neuron wiggle techniques [EUROCRYPT24].
BibTeX
@misc{cryptoeprint:2026/848,
author = {Wen Zhang and Bingsheng Zhang and Tianpei Lu and Kui Ren},
title = {{PPML} Is More Vulnerable to Cryptanalytic Extraction Attacks},
howpublished = {Cryptology {ePrint} Archive, Paper 2026/848},
year = {2026},
url = {https://eprint.iacr.org/2026/848}
}
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。