Search papers, labs, and topics across Lattice.
This paper formalizes the security of model weight release schemes by introducing concrete security definitions inspired by cryptography. It then applies these definitions to analyze TaylorMLP, a prominent weight release scheme. The analysis reveals vulnerabilities in TaylorMLP that allow for parameter extraction, demonstrating its failure to meet its intended security goals.
Turns out, "secure" weight release schemes like TaylorMLP aren't so secure after all, as this paper cracks them open with formal cryptographic attacks.
Recent secure weight release schemes claim to enable open-source model distribution while protecting model ownership and preventing misuse. However, these approaches lack rigorous security foundations and provide only informal security guarantees. Inspired by established works in cryptography, we formalize the security of weight release schemes by introducing several concrete security definitions. We then demonstrate our definition's utility through a case study of TaylorMLP, a prominent secure weight release scheme. Our analysis reveals vulnerabilities that allow parameter extraction thus showing that TaylorMLP fails to achieve its informal security goals. We hope this work will advocate for rigorous research at the intersection of machine learning and security communities and provide a blueprint for how future weight release schemes should be designed and evaluated.
