Cutting-Edge Privacy Tech Unveiled: Gibbon, Panther & PromeFuzz at ACM CCS 2025

Gibbon: Faster Secure Two‑party Training of Gradient Boosting Decision Tree

Gradient Boosting Decision Trees (GBDT) are widely used in industry. Secure Multi‑Party Computation (MPC) enables collaborative computation while preserving data privacy. Gibbon introduces an MPC‑based two‑party GBDT training framework for vertically partitioned data, where each party holds different features of the same samples.

Compared with the state‑of‑the‑art Squirrel (USENIX Security 2023), Gibbon reduces runtime by 2–4× and communication by 2–3× across most settings.

Key innovations include: (1) Optimized GBDT algorithm that eliminates most MPC‑unfriendly inversion operations; (2) A novel sigmoid protocol that cuts communication 13‑fold relative to Squirrel; (3) Efficient Boolean matrix multiplication built on RLWE/MLWE homomorphic encryption, achieving roughly two orders of magnitude speedup.

The solution has been deployed in Ant Group’s privacy‑computing products (MOSS, FAIR), avoiding data leakage risks of prior SecureBoost implementations while delivering superior performance.

Panther: Private Approximate Nearest Neighbor Search in the Single‑Server Setting

Approximate Nearest Neighbor Search (ANNS) is essential for recommendation systems, biometric authentication, and many ML applications. This work addresses privacy‑preserving ANNS where the client queries a server‑hosted database without revealing the query and the server learns nothing about the client’s interest.

Existing schemes either incur high communication costs or rely on a non‑colluding double‑server assumption. Panther combines Private Information Retrieval, secret sharing, garbled circuits, and homomorphic encryption to achieve high efficiency under a single‑server model.

Evaluations on four public datasets show Panther can answer a 10‑million‑vector ANNS query in about 18 seconds with only 284 MB of communication, delivering a 7.8× speedup and 20× reduction in bandwidth compared to prior work.

PromeFuzz: A Knowledge‑Driven Approach to Fuzzing Harness Generation with Large Language Models

Generating effective fuzzing harnesses for API‑level fuzzing remains challenging. Existing methods rely on limited user code or shallow analysis, leading to low coverage and high false‑positive rates. Large Language Models (LLMs) have shown promise but suffer from hallucinations and lack of domain knowledge.

PromeFuzz builds a structured knowledge base from code metadata, API documentation, and real call graphs, then employs Retrieval‑Augmented Generation and a dedicated crash‑filtering module to produce high‑quality harnesses.

On 22 open‑source projects, PromeFuzz outperforms three LLM‑based baselines (PromptFuzz, CKGFuzzer, OSS‑Fuzz‑Gen) and manually written harnesses (OSS‑Fuzz), achieving 1.40–3.88× higher branch coverage and discovering 25 previously unknown bugs (21 confirmed, 3 assigned CVE IDs) with 89.7% precision.

Paper Highlights

Gibbon delivers a 3× speedup over SOTA secure two‑party GBDT training, featuring innovative Boolean matrix multiplication and sigmoid protocols.

Panther enables efficient encrypted database retrieval, supporting ten‑million 100‑dimensional vectors with ~20‑second response time, a near‑order‑of‑magnitude performance gain.

PromeFuzz’s knowledge‑driven, full‑pipeline optimization significantly boosts coverage and uncovers 25 new vulnerabilities, including three CVEs.