English

Is Private Learning Possible with Instance Encoding?

Cryptography and Security 2021-04-29 v2 Computer Vision and Pattern Recognition Machine Learning
Authors: Nicholas Carlini , Samuel Deng , Sanjam Garg , Somesh Jha , Saeed Mahloujifar , Mohammad Mahmoody , Shuang Song , Abhradeep Thakurta , Florian Tramer
View on arXiv PDF

Abstract

A private machine learning algorithm hides as much as possible about its training data while still preserving accuracy. In this work, we study whether a non-private learning algorithm can be made private by relying on an instance-encoding mechanism that modifies the training inputs before feeding them to a normal learner. We formalize both the notion of instance encoding and its privacy by providing two attack models. We first prove impossibility results for achieving a (stronger) model. Next, we demonstrate practical attacks in the second (weaker) attack model on InstaHide, a recent proposal by Huang, Song, Li and Arora [ICML'20] that aims to use instance encoding for privacy.

Keywords

privacy attacks on machine learning differential privacy secure multi-party computation

Cite

@article{arxiv.2011.05315,
  title  = {Is Private Learning Possible with Instance Encoding?},
  author = {Nicholas Carlini and Samuel Deng and Sanjam Garg and Somesh Jha and Saeed Mahloujifar and Mohammad Mahmoody and Shuang Song and Abhradeep Thakurta and Florian Tramer},
  journal= {arXiv preprint arXiv:2011.05315},
  year   = {2021}
}

Related papers

View all related →
Machine Learning · Computer Science
InstaHide's Sample Complexity When Mixing Two Private Images
Baihe Huang, Zhao Song, Runzhou Tao, Junze Yin +2
2024-02-07
Machine Learning · Computer Science
Personalized and Private Peer-to-Peer Machine Learning
Aurélien Bellet, Rachid Guerraoui, Mahsa Taziki, Marc Tommasi
2018-02-20
Machine Learning · Computer Science
Private Learning with Public Features
Walid Krichene, Nicolas Mayoraz, Steffen Rendle, Shuang Song +2
2023-10-25
Cryptography and Security · Computer Science
InstaHide: Instance-hiding Schemes for Private Distributed Learning
Yangsibo Huang, Zhao Song, Kai Li, Sanjeev Arora
2021-02-25
Machine Learning · Computer Science
Learning Privacy Preserving Encodings through Adversarial Training
Francesco Pittaluga, Sanjeev J. Koppal, Ayan Chakrabarti
2018-12-06
Machine Learning · Statistics
How Private is Your Attention? Bridging Privacy with In-Context Learning
Soham Bonnerjee, Zhen Wei, Yeon, Anna Asch +2
2025-04-23
Cryptography and Security · Computer Science
Privacy-preserving Machine Learning through Data Obfuscation
Tianwei Zhang, Zecheng He, Ruby B. Lee
2018-07-16
Quantum Physics · Physics
Quantum Privacy-Preserving Perceptron
Shenggang Ying, Mingsheng Ying, Yuan Feng
2017-08-01
Information Theory · Computer Science
Efficient Private Storage of Sparse Machine Learning Data
Marvin Xhemrishi, Maximilian Egger, Rawad Bitar
2022-06-15
Machine Learning · Computer Science
On InstaHide, Phase Retrieval, and Sparse Matrix Factorization
Sitan Chen, Xiaoxiao Li, Zhao Song, Danyang Zhuo
2021-03-26
Cryptography and Security · Computer Science
Pre-trained Encoders in Self-Supervised Learning Improve Secure and Privacy-preserving Supervised Learning
Hongbin Liu, Wenjie Qu, Jinyuan Jia, Neil Zhenqiang Gong
2022-12-08
Machine Learning · Computer Science
Privacy-Preserving Machine Learning for Collaborative Data Sharing via Auto-encoder Latent Space Embeddings
Ana María Quintero-Ossa, Jesús Solano, Hernán Jarcía, David Zarruk +2
2022-11-14
Machine Learning · Computer Science
What Can We Learn Privately?
Shiva Prasad Kasiviswanathan, Homin K. Lee, Kobbi Nissim, Sofya Raskhodnikova +1
2012-10-10
Information Theory · Computer Science
Private Inference in Quantized Models
Zirui Deng, Vinayak Ramkumar, Rawad Bitar, Netanel Raviv
2023-11-27
Machine Learning · Computer Science
Prive-HD: Privacy-Preserved Hyperdimensional Computing
Behnam Khaleghi, Mohsen Imani, Tajana Rosing
2020-05-15
Machine Learning · Computer Science
CodedPrivateML: A Fast and Privacy-Preserving Framework for Distributed Machine Learning
Jinhyun So, Basak Guler, A. Salman Avestimehr
2021-02-23
Artificial Intelligence · Computer Science
Public Data Assisted Differentially Private In-Context Learning
Seongho Joo, Hyukhun Koh, Kyomin Jung
2025-09-16
Machine Learning · Computer Science
Trade-offs between membership privacy & adversarially robust learning
Jamie Hayes
2022-01-11
Machine Learning · Computer Science
Training Private Models That Know What They Don't Know
Stephan Rabanser, Anvith Thudi, Abhradeep Thakurta, Krishnamurthy Dvijotham +1
2023-05-31
Machine Learning · Computer Science
The Trade-Offs of Private Prediction
Laurens van der Maaten, Awni Hannun
2020-07-13
Machine Learning · Computer Science
Learning Robust and Privacy-Preserving Representations via Information Theory
Binghui Zhang, Sayedeh Leila Noorbakhsh, Yun Dong, Yuan Hong +1
2024-12-17
Cryptography and Security · Computer Science
Generalization Techniques Empirically Outperform Differential Privacy against Membership Inference
Jiaxiang Liu, Simon Oya, Florian Kerschbaum
2021-10-13
Quantum Physics · Physics
Quantum machine learning with differential privacy
William M Watkins, Samuel Yen-Chi Chen, Shinjae Yoo
2021-03-11
Machine Learning · Computer Science
Debugging Differential Privacy: A Case Study for Privacy Auditing
Florian Tramer, Andreas Terzis, Thomas Steinke, Shuang Song +2
2022-03-29
Distributed, Parallel, and Cluster Computing · Computer Science
Private Learning on Networks
Shripad Gade, Nitin H. Vaidya
2016-12-16