Khac-Hoang Ngo

Khac-Hoang Ngo, Erik G. Larsson

Reciprocity-based, joint coherent downlink beamforming from multiple access points (APs) in distributed multiple-input multiple-output (MIMO) with independent local oscillators (LOs) requires the APs to be periodically phase-calibrated (a.k.a. phase-synchronized or phase-aligned). Such phase calibration can be accomplished by bidirectional over-the-air measurements between the APs. In this paper, we show how such over-the-air measurements can be integrated into the time-division duplexing (TDD) flow by appropriately shifting the uplink/downlink switching points of the TDD slot structure, creating short time segments during which APs can measure on one another. We also show how this technique scales to large networks. Furthermore, we analytically characterize the tradeoff between the amount of resources spent on calibration measurements and the resulting spectral efficiency of the system, when conjugate beamforming or zero-forcing beamforming is used. The results demonstrate the feasibility of distributed MIMO with phase-calibration through over-the-air inter-AP measurements integrated into the TDD flow, and the advantage of this design over schemes with dedicated calibration slots.

Khac-Hoang Ngo, Johan Östman, Giuseppe Durisi et al.

Secure aggregation (SecAgg) is a commonly-used privacy-enhancing mechanism in federated learning, affording the server access only to the aggregate of model updates while safeguarding the confidentiality of individual updates. Despite widespread claims regarding SecAgg's privacy-preserving capabilities, a formal analysis of its privacy is lacking, making such presumptions unjustified. In this paper, we delve into the privacy implications of SecAgg by treating it as a local differential privacy (LDP) mechanism for each local update. We design a simple attack wherein an adversarial server seeks to discern which update vector a client submitted, out of two possible ones, in a single training round of federated learning under SecAgg. By conducting privacy auditing, we assess the success probability of this attack and quantify the LDP guarantees provided by SecAgg. Our numerical results unveil that, contrary to prevailing claims, SecAgg offers weak privacy against membership inference attacks even in a single training round. Indeed, it is difficult to hide a local update by adding other independent local updates when the updates are of high dimension. Our findings underscore the imperative for additional privacy-enhancing mechanisms, such as noise injection, in federated learning.

Deekshith Pathayappilly Krishnan, Kaan Okumus, Khac-Hoang Ngo et al.

We derive finite-blocklength bounds on the minimum achievable energy per bit over a Gaussian unsourced multiple access (UMA) channel in the presence of heterogeneous path-loss conditions. We consider a setting in which the path loss is known to the users, which enables the use of location-based codebook partitioning [Çakmak et al., 2025]. Through numerical simulations and a large-system analysis based on the replica method, we quantify the performance gain of this strategy relative to the conventional UMA approach in which all users employ a common codebook.

Marcus Lassila, Johan Östman, Khac-Hoang Ngo et al.

We develop practical and theoretically grounded membership inference attacks (MIAs) against both independent and identically distributed (i.i.d.) data and graph-structured data. Building on the Bayesian decision-theoretic framework of Sablayrolles et al., we derive the Bayes-optimal membership inference rule for node-level MIAs against graph neural networks, addressing key open questions about optimal query strategies in the graph setting. We introduce BASE and G-BASE, tractable approximations of the Bayes-optimal membership inference. G-BASE achieves superior performance compared to previously proposed classifier-based node-level MIA attacks. BASE, which is also applicable to non-graph data, matches or exceeds the performance of prior state-of-the-art MIAs, such as LiRA and RMIA, at a significantly lower computational cost. Finally, we show that BASE and RMIA are equivalent under a specific hyperparameter setting, providing a principled, Bayes-optimal justification for the RMIA attack.

Shipeng Liu, Ziliang Xiong, Khac-Hoang Ngo et al.

Point cloud registration (PCR) is crucial for many downstream tasks, such as simultaneous localization and mapping (SLAM) and object tracking. This makes detecting and quantifying registration misalignment, i.e., PCR quality validation, an important task. All existing methods treat validation as a classification task, aiming to assign the PCR quality to a few classes. In this work, we instead use regression for PCR validation, allowing for a more fine-grained quantification of the registration quality. We also extend previously used misalignment-related features by using multiscale extraction and attention-based aggregation. This leads to accurate and robust registration error estimation on diverse datasets, especially for point clouds with heterogeneous spatial densities. Furthermore, when used to guide a mapping downstream task, our method significantly improves the mapping quality for a given amount of re-registered frames, compared to the state-of-the-art classification-based method.