English

Breaking Euston: Recovering Private Inputs from Secure Inference by Exploiting Subspace Leakage

Cryptography and Security 2026-04-28 v2

Abstract

In the 47th IEEE Symposium on Security and Privacy (IEEE S&P 2026), Gao et al. proposed an efficient and user-friendly secure transformer inference framework, namely Euston. In Euston, a singular value decomposition-based matrix transmission protocol is designed to efficiently transmit input matrices, reducing communication bandwidth by approximately 2.8 times. In this manuscript, we show that this transmission protocol introduces subspace leakage of random masks, enabling the model owner to recover private samples easily. We further validate the effectiveness of the recovery attack through simple experiments on image and language datasets, highlighting a fundamental privacy risk of the protocol design.

Keywords

Cite

@article{arxiv.2604.17238,
  title  = {Breaking Euston: Recovering Private Inputs from Secure Inference by Exploiting Subspace Leakage},
  author = {Jiaqi Zhao and Fengwei Wang},
  journal= {arXiv preprint arXiv:2604.17238},
  year   = {2026}
}

Comments

The authors have decided to withdraw this manuscript due to concerns regarding the timing and appropriateness of public disclosure. The work involves analysis of results that have not yet been formally presented, and releasing this version at the current stage may not be suitable. The manuscript will be further revised and may be resubmitted at a more appropriate time

R2 v1 2026-07-01T12:16:30.829Z