Breaking Euston: Recovering Private Inputs from Secure Inference by Exploiting Subspace Leakage

Computer Science > Cryptography and Security [Submitted on 19 Apr 2026] Breaking Euston: Recovering Private Inputs from Secure Inference by Exploiting Subspace Leakage Jiaqi Zhao, Fengwei Wang In the 47th IEEE Symposium on Security and Privacy (IEEE S&P 2026), Gao et al. proposed an efficient and user-friendly secure transformer inference framework, namely Euston. In Euston, a singular value decomposition-based matrix transmission protocol is designed to efficiently transmit input matrices, reducing communication bandwidth by approximately 2.8 times. In this manuscript, we show that this transmission protocol introduces subspace leakage of random masks, enabling the model owner to recover private samples easily. We further validate the effectiveness of the recovery attack through simple experiments on image and language datasets, highlighting a fundamental privacy risk of the protocol design. Comments: 3 pages, 4 figures Subjects: Cryptography and Security (cs.CR) Cite as: arXiv:2604.17238 [cs.CR]   (or arXiv:2604.17238v1 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2604.17238 Focus to learn more Submission history From: Jiaqi Zhao [view email] [v1] Sun, 19 Apr 2026 03:49:38 UTC (253 KB) Access Paper: HTML (experimental) view license Current browse context: cs.CR < prev   |   next > new | recent | 2026-04 Change to browse by: cs References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)