{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2017:J3MNMP2PLSJCSIJINVJ53XZ4RU","short_pith_number":"pith:J3MNMP2P","schema_version":"1.0","canonical_sha256":"4ed8d63f4f5c922921286d53dddf3c8d29278722bd5987ce0270e7b97706224b","source":{"kind":"arxiv","id":"1709.07886","version":1},"attestation_state":"computed","paper":{"title":"Machine Learning Models that Remember Too Much","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.LG"],"primary_cat":"cs.CR","authors_text":"Congzheng Song, Thomas Ristenpart, Vitaly Shmatikov","submitted_at":"2017-09-22T18:00:19Z","abstract_excerpt":"Machine learning (ML) is becoming a commodity. Numerous ML frameworks and services are available to data holders who are not ML experts but want to train predictive models on their data. It is important that ML models trained on sensitive inputs (e.g., personal images or documents) not leak too much information about the training data.\n  We consider a malicious ML provider who supplies model-training code to the data holder, does not observe the training, but then obtains white- or black-box access to the resulting model. In this setting, we design and implement practical algorithms, some of t"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"1709.07886","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2017-09-22T18:00:19Z","cross_cats_sorted":["cs.LG"],"title_canon_sha256":"023c5d6ea20aa5cd6806dd34183306aea7fae4ab4623ab279f008c4a386ab86f","abstract_canon_sha256":"6091bda1b401c0854b23df67e3a68cc609e522fe436b803c2e21c13d4b783192"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T00:34:12.625587Z","signature_b64":"4Sob7psB4lcwEeiNa6xrWNcpk/CjUQpMEhEc4GfIM8sU+Iq+TocMG/Z/q6qFvd4bEtEF3udH45I4L30/UsMwAA==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"4ed8d63f4f5c922921286d53dddf3c8d29278722bd5987ce0270e7b97706224b","last_reissued_at":"2026-05-18T00:34:12.624989Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T00:34:12.624989Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"Machine Learning Models that Remember Too Much","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.LG"],"primary_cat":"cs.CR","authors_text":"Congzheng Song, Thomas Ristenpart, Vitaly Shmatikov","submitted_at":"2017-09-22T18:00:19Z","abstract_excerpt":"Machine learning (ML) is becoming a commodity. Numerous ML frameworks and services are available to data holders who are not ML experts but want to train predictive models on their data. It is important that ML models trained on sensitive inputs (e.g., personal images or documents) not leak too much information about the training data.\n  We consider a malicious ML provider who supplies model-training code to the data holder, does not observe the training, but then obtains white- or black-box access to the resulting model. In this setting, we design and implement practical algorithms, some of t"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1709.07886","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"1709.07886","created_at":"2026-05-18T00:34:12.625073+00:00"},{"alias_kind":"arxiv_version","alias_value":"1709.07886v1","created_at":"2026-05-18T00:34:12.625073+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1709.07886","created_at":"2026-05-18T00:34:12.625073+00:00"},{"alias_kind":"pith_short_12","alias_value":"J3MNMP2PLSJC","created_at":"2026-05-18T12:31:21.493067+00:00"},{"alias_kind":"pith_short_16","alias_value":"J3MNMP2PLSJCSIJI","created_at":"2026-05-18T12:31:21.493067+00:00"},{"alias_kind":"pith_short_8","alias_value":"J3MNMP2P","created_at":"2026-05-18T12:31:21.493067+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":0,"internal_anchor_count":0,"sample":[]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/J3MNMP2PLSJCSIJINVJ53XZ4RU","json":"https://pith.science/pith/J3MNMP2PLSJCSIJINVJ53XZ4RU.json","graph_json":"https://pith.science/api/pith-number/J3MNMP2PLSJCSIJINVJ53XZ4RU/graph.json","events_json":"https://pith.science/api/pith-number/J3MNMP2PLSJCSIJINVJ53XZ4RU/events.json","paper":"https://pith.science/paper/J3MNMP2P"},"agent_actions":{"view_html":"https://pith.science/pith/J3MNMP2PLSJCSIJINVJ53XZ4RU","download_json":"https://pith.science/pith/J3MNMP2PLSJCSIJINVJ53XZ4RU.json","view_paper":"https://pith.science/paper/J3MNMP2P","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=1709.07886&json=true","fetch_graph":"https://pith.science/api/pith-number/J3MNMP2PLSJCSIJINVJ53XZ4RU/graph.json","fetch_events":"https://pith.science/api/pith-number/J3MNMP2PLSJCSIJINVJ53XZ4RU/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/J3MNMP2PLSJCSIJINVJ53XZ4RU/action/timestamp_anchor","attest_storage":"https://pith.science/pith/J3MNMP2PLSJCSIJINVJ53XZ4RU/action/storage_attestation","attest_author":"https://pith.science/pith/J3MNMP2PLSJCSIJINVJ53XZ4RU/action/author_attestation","sign_citation":"https://pith.science/pith/J3MNMP2PLSJCSIJINVJ53XZ4RU/action/citation_signature","submit_replication":"https://pith.science/pith/J3MNMP2PLSJCSIJINVJ53XZ4RU/action/replication_record"}},"created_at":"2026-05-18T00:34:12.625073+00:00","updated_at":"2026-05-18T00:34:12.625073+00:00"}