Page 324 - 《软件学报》2026年第1期

P. 324

刘立伟等: 数据要素流通全流程隐私关键技术: 现状、挑战与展望 321

[4] Huo W, Yu Y, Yang K, Zheng ZX, Li XX, Yao L, Xie J. Privacy-preserving cryptographic algorithms and protocols: A survey on
designs and applications. Scientia Sinica Informationis, 2023, 53(9): 1688–1733 (in Chinese with English abstract). [doi: 10.1360/SSI-
2022-0434]
[5] Paul M, Ganguli S, Dziugaite GK. Deep learning on a data diet: Finding important examples early in training. In: Proc. of the 35th Int’l
Conf. on Neural Information Processing Systems. Curran Associates Inc., 2021. 1575.
[6] Shanmugam D, Diaz F, Shabanian S, Finck M, Biega A. Learning to limit data collection via scaling laws: A computational
interpretation for the legal principle of data minimization. In: Proc. of the 2022 ACM Conf. on Fairness, Accountability, and
Transparency. Seoul: ACM, 2022. 839–849.
[7] Ganesh P, Tran C, Shokri R, Fioretto F. The data minimization principle in machine learning. In: Proc. of the 2025 ACM Conf. on
Fairness, Accountability, and Transparency. Athens: ACM, 2025. 3075–3093.
[8] Staab R, Jovanović N, Balunović M, Vechev M. From principle to practice: Vertical data minimization for machine learning. In: Proc. of
the 2024 IEEE Symp. on Security and Privacy (SP). San Francisco: IEEE, 2024. 4733–4752. [doi: 10.1109/SP54263.2024.00089]
[9] Biega AJ, Potash P, Daumé H, Diaz F, Finck M. Operationalizing the legal principle of data minimization for personalization. In: Proc.
of the 43rd Int’l ACM SIGIR Conf. on Research and Development in Information Retrieval. ACM, 2020. 399–408. [doi: 10.1145/
3397271.3401034]
[10] Galdon Clavell G, Martín Zamorano M, Castillo C, Smith O, Matic A. Auditing algorithms: On lessons learned and the risks of data
minimization. In: Proc. of the 2020 AAAI/ACM Conf. on AI, Ethics, and Society. New York: ACM, 2020. 265–271. [doi: 10.1145/
3375627.3375852]
[11] Rastegarpanah B, Gummadi KP, Crovella M. Auditing black-box prediction models for data minimization compliance. In: Proc. of the
35th Int’l Conf. on Neural Information Processing Systems. Curran Associates Inc., 2021. 1577.
[12] Rastegarpanah B, Crovella M, Gummadi KP. Fair inputs and fair outputs: The incompatibility of fairness in privacy and accuracy. In:
Adjunct Publication of the 28th ACM Conf. on User Modeling, Adaptation and Personalization. Genoa: ACM, 2020. 260–267. [doi: 10.
1145/3386392.3399568]
[13] Sato R, Takezawa Y, Bao H, Niwa K, Yamada M. Embarrassingly simple text watermarks. arXiv:2310.08920, 2023.
[14] Munyer T, Tanvir A, Das A, Zhong X. DeepTextMark: A deep learning-driven text watermarking approach for identifying large
language model generated text. IEEE Access, 2024, 12: 40508–40520. [doi: 10.1109/ACCESS.2024.3376693]
[15] Atallah MJ, Raskin V, Crogan M, Hempelmann C, Kerschbaum F, Mohamed D, Naik S. Natural language watermarking: Design,
analysis, and a proof-of-concept implementation. In: Proc. of the 4th Int’l Workshop on Information Hiding. Pittsburgh: Springer, 2001.
185–200. [doi: 10.1007/3-540-45496-9_14]
[16] Abdelnabi S, Fritz M. Adversarial watermarking Transformer: Towards tracing text provenance with data hiding. In: Proc. of the 2021
IEEE Symp. on Security and Privacy (SP). San Francisco: IEEE, 2021. 121–140. [doi: 10.1109/SP40001.2021.00083]
[17] Lau GKR, Niu XY, Dao H, Chen JW, Foo CS, Low BKH. Waterfall: Framework for robust and scalable text watermarking. In: Proc. of
the 2024 Conf. on Empirical Methods in Natural Language Processing. Miami: EMNLP, 2024. 20432–20466.
[18] Adi Y, Baum C, Cisse M, Pinkas B, Keshet J. Turning your weakness into a strength: Watermarking deep neural networks by
backdooring. In: Proc. of the 27th USENIX Conf. on Security Symp. Baltimore: USENIX Association, 2018. 1615–1631.
[19] Tang RX, Feng QZ, Liu NH, Yang F, Hu X. Did you train on my dataset? Towards public dataset protection with CleanLabel backdoor
watermarking. ACM SIGKDD Explorations Newsletter, 2023, 25(1): 43–53. [doi: 10.1145/3606274.3606279]
[20] Kirchenbauer J, Geiping J, Wen YX, Katz J, Miers I, Goldstein T. A watermark for large language models. In: Proc. of the 40th Int’l
Conf. on Machine Learning. Honolulu: ICML, 2023. 17061–17084.
[21] Liu AW, Pan LY, Hu XM, Li S, Wen LJ, King I, Yu PS. An unforgeable publicly verifiable watermark for large language models. In:
Proc. of the 12th Int’l Conf. on Learning Representations. Vienna: OpenReview.net, 2024.
[22] Gentry C. Fully homomorphic encryption using ideal lattices. In: Proc. of the 41st Annual ACM Symp. on Theory of Computing.
Bethesda: ACM, 2009. 169–178. [doi: 10.1145/1536414.1536440]
[23] van Dijk M, Gentry C, Halevi S, Vaikuntanathan V. Fully homomorphic encryption over the integers. In: Proc. of the 29th Annual Int’l
Conf. on the Theory and Applications of Cryptographic Techniques. French Riviera: Springer, 2010. 24–43. [doi: 10.1007/978-3-642-
13190-5_2]
[24] Brakerski Z, Vaikuntanathan V. Efficient fully homomorphic encryption from (standard) LWE. SIAM Journal on computing, 2014,
43(2): 831–871. [doi: 10.1137/120868669]
[25] Fan JF, Vercauteren F. Somewhat practical fully homomorphic encryption. 2012. https://eprint.iacr.org/2012/144.pdf
[26] Gentry C, Sahai A, Waters B. Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attribute-

319 320 321 322 323 324 325 326 327 328 329