{"id":"https://openalex.org/W4416549358","doi":"https://doi.org/10.1145/3719027.3765028","title":"Mosformer: Maliciously Secure Three-Party Inference Framework for Large Transformers","display_name":"Mosformer: Maliciously Secure Three-Party Inference Framework for Large Transformers","publication_year":2025,"publication_date":"2025-11-19","ids":{"openalex":"https://openalex.org/W4416549358","doi":"https://doi.org/10.1145/3719027.3765028"},"language":null,"primary_location":{"id":"doi:10.1145/3719027.3765028","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3719027.3765028","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5054135894","display_name":"Ke Cheng","orcid":"https://orcid.org/0000-0001-7948-819X"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Ke Cheng","raw_affiliation_strings":["Xidian University, Xi'an, China"],"raw_orcid":"https://orcid.org/0000-0001-7948-819X","affiliations":[{"raw_affiliation_string":"Xidian University, Xi'an, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5091389292","display_name":"Yuheng Xia","orcid":"https://orcid.org/0009-0001-9273-644X"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuheng Xia","raw_affiliation_strings":["Xidian University, Xi'an, China"],"raw_orcid":"https://orcid.org/0009-0001-9273-644X","affiliations":[{"raw_affiliation_string":"Xidian University, Xi'an, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043619812","display_name":"Anxiao Song","orcid":"https://orcid.org/0000-0001-6616-265X"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Anxiao Song","raw_affiliation_strings":["Xidian University, Xi'an, China"],"raw_orcid":"https://orcid.org/0000-0001-6616-265X","affiliations":[{"raw_affiliation_string":"Xidian University, Xi'an, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088999796","display_name":"Jiaxuan Fu","orcid":"https://orcid.org/0000-0002-7020-2156"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jiaxuan Fu","raw_affiliation_strings":["Xidian University, Xi'an, China"],"raw_orcid":"https://orcid.org/0000-0002-7020-2156","affiliations":[{"raw_affiliation_string":"Xidian University, Xi'an, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109420698","display_name":"Wenjie Qu","orcid":"https://orcid.org/0009-0006-2907-008X"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Wenjie Qu","raw_affiliation_strings":["National University of Singapore, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0009-0006-2907-008X","affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043356063","display_name":"Yulong Shen","orcid":"https://orcid.org/0000-0002-8448-705X"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yulong Shen","raw_affiliation_strings":["Xidian University, Xi'an, China"],"raw_orcid":"https://orcid.org/0000-0002-8448-705X","affiliations":[{"raw_affiliation_string":"Xidian University, Xi'an, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5110245585","display_name":"J. Zhang","orcid":"https://orcid.org/0000-0002-7950-7845"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Jiaheng Zhang","raw_affiliation_strings":["National University of Singapore, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0002-7950-7845","affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5054135894"],"corresponding_institution_ids":["https://openalex.org/I149594827"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.18438291,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"4124","last_page":"4138"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.5631999969482422,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.5631999969482422,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.17880000174045563,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.08659999817609787,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.6991999745368958},{"id":"https://openalex.org/keywords/transformer","display_name":"Transformer","score":0.4147999882698059},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.4075999855995178},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.3682999908924103},{"id":"https://openalex.org/keywords/cryptosystem","display_name":"Cryptosystem","score":0.3564999997615814},{"id":"https://openalex.org/keywords/cryptographic-protocol","display_name":"Cryptographic protocol","score":0.35370001196861267},{"id":"https://openalex.org/keywords/suite","display_name":"Suite","score":0.35040000081062317},{"id":"https://openalex.org/keywords/speedup","display_name":"Speedup","score":0.3303000032901764}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7990999817848206},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.6991999745368958},{"id":"https://openalex.org/C66322947","wikidata":"https://www.wikidata.org/wiki/Q11658","display_name":"Transformer","level":3,"score":0.4147999882698059},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.4146000146865845},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.4075999855995178},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.37380000948905945},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.3682999908924103},{"id":"https://openalex.org/C6295992","wikidata":"https://www.wikidata.org/wiki/Q976521","display_name":"Cryptosystem","level":3,"score":0.3564999997615814},{"id":"https://openalex.org/C33884865","wikidata":"https://www.wikidata.org/wiki/Q1254335","display_name":"Cryptographic protocol","level":3,"score":0.35370001196861267},{"id":"https://openalex.org/C79581498","wikidata":"https://www.wikidata.org/wiki/Q1367530","display_name":"Suite","level":2,"score":0.35040000081062317},{"id":"https://openalex.org/C68339613","wikidata":"https://www.wikidata.org/wiki/Q1549489","display_name":"Speedup","level":2,"score":0.3303000032901764},{"id":"https://openalex.org/C175291020","wikidata":"https://www.wikidata.org/wiki/Q1156822","display_name":"Offset (computer science)","level":2,"score":0.3296000063419342},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.32600000500679016},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.32589998841285706},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3237999975681305},{"id":"https://openalex.org/C45374587","wikidata":"https://www.wikidata.org/wiki/Q12525525","display_name":"Computation","level":2,"score":0.32010000944137573},{"id":"https://openalex.org/C85847156","wikidata":"https://www.wikidata.org/wiki/Q59015987","display_name":"Verifiable secret sharing","level":3,"score":0.30790001153945923},{"id":"https://openalex.org/C82876162","wikidata":"https://www.wikidata.org/wiki/Q17096504","display_name":"Latency (audio)","level":2,"score":0.29330000281333923},{"id":"https://openalex.org/C113775141","wikidata":"https://www.wikidata.org/wiki/Q428691","display_name":"Computer engineering","level":1,"score":0.289000004529953},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.27630001306533813},{"id":"https://openalex.org/C3087436","wikidata":"https://www.wikidata.org/wiki/Q1386603","display_name":"Secret sharing","level":3,"score":0.2705000042915344},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.26269999146461487},{"id":"https://openalex.org/C18396474","wikidata":"https://www.wikidata.org/wiki/Q2465888","display_name":"Secure multi-party computation","level":3,"score":0.25859999656677246},{"id":"https://openalex.org/C123201435","wikidata":"https://www.wikidata.org/wiki/Q456632","display_name":"Information privacy","level":2,"score":0.25600001215934753}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3719027.3765028","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3719027.3765028","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G794170728","display_name":null,"funder_award_id":"62402358, 62220106004, 92267204","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W2031533839","https://openalex.org/W2701059868","https://openalex.org/W2765632506","https://openalex.org/W2895865029","https://openalex.org/W3016063723","https://openalex.org/W3093021001","https://openalex.org/W3108672920","https://openalex.org/W4281806276","https://openalex.org/W4293783482","https://openalex.org/W4386389592","https://openalex.org/W4389279199","https://openalex.org/W4392177746","https://openalex.org/W4402263660"],"related_works":[],"abstract_inverted_index":{"Transformer-based":[0],"models":[1,238],"like":[2],"BERT":[3,114,241],"and":[4,42,115,122,147,191,219,232,242],"GPT":[5],"have":[6],"achieved":[7],"state-of-the-art":[8,216],"performance":[9,214],"across":[10],"a":[11,76,140,188,192],"wide":[12],"range":[13],"of":[14,142,150,167],"AI":[15],"tasks":[16],"but":[17],"raise":[18],"serious":[19],"privacy":[20],"concerns":[21],"when":[22],"deployed":[23],"as":[24,113,240],"cloud":[25],"inference":[26,47,58,105,170],"services.":[27],"To":[28],"address":[29],"this,":[30],"secure":[31,56,102,148,168,200],"multi-party":[32],"computation":[33],"(MPC)":[34],"is":[35],"commonly":[36],"employed,":[37],"encrypting":[38],"both":[39],"user":[40],"inputs":[41],"model":[43,173],"parameters":[44],"to":[45,71,81,187,215],"enable":[46],"without":[48],"revealing":[49],"any":[50],"private":[51],"information.":[52],"However,":[53],"existing":[54],"MPC-based":[55],"transformer":[57,169,180],"protocols":[59,70,125,144],"are":[60],"predominantly":[61],"designed":[62],"under":[63],"the":[64,82,99,165,178],"semi-honest":[65,217],"security":[66,74,205],"model.":[67],"Extending":[68],"these":[69],"support":[72],"malicious":[73,127],"remains":[75],"significant":[77],"challenge,":[78],"primarily":[79],"due":[80],"substantial":[83],"overhead":[84,166],"introduced":[85],"by":[86],"securely":[87],"evaluating":[88],"complex":[89,151],"non-linear":[90,152],"functions":[91,133,153],"required":[92],"for":[93,145],"adversarial":[94],"resilience.":[95],"We":[96,117],"introduce":[97],"Mosformer,":[98],"first":[100,118],"maliciously":[101,199],"three-party":[103],"(3PC)":[104],"framework":[106],"that":[107,183],"efficiently":[108],"supports":[109],"large":[110],"transformers":[111],"such":[112,239],"GPT.":[116],"design":[119],"constant-round":[120],"comparison":[121],"lookup":[123],"table":[124],"with":[126,157],"security,":[128],"leveraging":[129],"verifiable":[130],"distributed":[131],"point":[132],"(VDPFs).":[134],"Building":[135],"on":[136,177,236],"these,":[137],"we":[138],"develop":[139],"suite":[141],"3PC":[143,220],"efficient":[146],"evaluation":[149],"in":[154,195],"transformers.":[155],"Together":[156],"optimized":[158],"modulus":[159],"conversion,":[160],"our":[161],"approach":[162],"substantially":[163],"reduces":[164],"while":[171],"preserving":[172],"accuracy.":[174],"Experimental":[175],"results":[176],"vanilla":[179],"block":[181],"show":[182],"Mosformer":[184,207],"achieves":[185,208],"up":[186],"5.3\u00d7":[189],"speedup":[190],"4.3\u00d7":[193],"reduction":[194],"communication":[196],"over":[197],"prior":[198],"protocols.":[201],"Despite":[202],"offering":[203],"stronger":[204],"guarantees,":[206],"comparable":[209],"or":[210],"even":[211],"superior":[212],"online":[213],"2PC":[218],"frameworks,":[221],"including":[222],"BOLT":[223],"(Oakland":[224],"2024),":[225,235],"BumbleBee":[226],"(NDSS":[227,230],"2025),":[228,231],"SHAFT":[229],"Ditto":[233],"(ICML":[234],"full-scale":[237],"GPT-2.":[243]},"counts_by_year":[],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-11-23T00:00:00"}