Model Stealing Attacks On FHE-based Privacy-Preserving Machine Learning through Adversarial Examples.