Search papers, labs, and topics across Lattice.
This paper analyzes Euston, a secure transformer inference framework, and reveals a vulnerability in its SVD-based matrix transmission protocol. The protocol leaks information about the subspace spanned by random masks used to protect private inputs. Consequently, the model owner can reconstruct private samples from the leaked subspace information, as demonstrated on image and language datasets.
Euston's "bandwidth-efficient" secure inference comes at the cost of catastrophic leakage, allowing recovery of private inputs from subspace information.
In the 47th IEEE Symposium on Security and Privacy (IEEE S&P 2026), Gao et al. proposed an efficient and user-friendly secure transformer inference framework, namely Euston. In Euston, a singular value decomposition-based matrix transmission protocol is designed to efficiently transmit input matrices, reducing communication bandwidth by approximately 2.8 times. In this manuscript, we show that this transmission protocol introduces subspace leakage of random masks, enabling the model owner to recover private samples easily. We further validate the effectiveness of the recovery attack through simple experiments on image and language datasets, highlighting a fundamental privacy risk of the protocol design.
