1. The _B2A_private function seems unsafe. a0, a1, a2 is known to all parties, which is unsafe. a0, a1, a2 is for masking, but konwn to all parties.
2. neg_x1_neg_x2[0][1] = neg_x1_neg_x2[1][0] should be forbidden? i thought you just can't simply put device[0]'s number to device[1] without any other operation.
3. Can you teach me how to implement the process just as the way described in ABY3 paper?

As pointed out in our email communication, these features come inherent with Tensorflow and has NO security problem.
I will close this issue.

@dujifeng could you please close this issue? Just realize that I don't have permission to do so :).

I'm sorry, I just saw it...Thank you for your answer!