Papers
Topics
Authors
Recent
2000 character limit reached

Bounding data reconstruction attacks with the hypothesis testing interpretation of differential privacy (2307.03928v1)

Published 8 Jul 2023 in cs.CR and cs.AI

Abstract: We explore Reconstruction Robustness (ReRo), which was recently proposed as an upper bound on the success of data reconstruction attacks against machine learning models. Previous research has demonstrated that differential privacy (DP) mechanisms also provide ReRo, but so far, only asymptotic Monte Carlo estimates of a tight ReRo bound have been shown. Directly computable ReRo bounds for general DP mechanisms are thus desirable. In this work, we establish a connection between hypothesis testing DP and ReRo and derive closed-form, analytic or numerical ReRo bounds for the Laplace and Gaussian mechanisms and their subsampled variants.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (27)
  1. “Membership inference attacks from first principles” In 2022 IEEE Symposium on Security and Privacy (SP), 2022, pp. 1897–1914 IEEE
  2. Cynthia Dwork “Differential privacy” In Automata, Languages and Programming: 33rd International Colloquium, ICALP 2006, Venice, Italy, July 10-14, 2006, Proceedings, Part II 33, 2006, pp. 1–12 Springer
  3. Jinshuo Dong, Aaron Roth and Weijie Su “Gaussian Differential Privacy” In Journal of the Royal Statistical Society, 2021
  4. Borja Balle, Giovanni Cherubin and Jamie Hayes “Reconstructing training data with informed adversaries” In 2022 IEEE Symposium on Security and Privacy (SP), 2022, pp. 1138–1156 IEEE
  5. “Extracting Training Data from Large Language Models.” In USENIX Security Symposium 6, 2021
  6. “Extracting training data from diffusion models” In arXiv preprint arXiv:2301.13188, 2023
  7. “Inverting gradients-how easy is it to break privacy in federated learning?” In Advances in Neural Information Processing Systems 33, 2020, pp. 16937–16947
  8. “Bounding training data reconstruction in private (deep) learning” In International Conference on Machine Learning, 2022, pp. 8056–8071 PMLR
  9. Chuan Guo, Alexandre Sablayrolles and Maziar Sanjabi “Analyzing Privacy Leakage in Machine Learning via Multiple Hypothesis Testing: A Lesson From Fano” In arXiv preprint arXiv:2210.13662, 2022
  10. Ilya Mironov “Rényi differential privacy” In 2017 IEEE 30th computer security foundations symposium (CSF), 2017, pp. 263–275 IEEE
  11. Jamie Hayes, Saeed Mahloujifar and Borja Balle “Bounding Training Data Reconstruction in DP-SGD” In arXiv preprint arXiv:2302.07225, 2023
  12. “Deep learning with differential privacy” In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, 2016, pp. 308–318
  13. Borja Balle, Gilles Barthe and Marco Gaboardi “Privacy amplification by subsampling: Tight analyses via couplings and divergences” In Advances in Neural Information Processing Systems 31, 2018
  14. Jerzy Neyman and Egon Sharpe Pearson “On the problem of the most efficient tests of statistical hypotheses” In Philosophical Transactions of the Royal Society of London. Series A, Containing Papers of a Mathematical or Physical Character 231.694-706 The Royal Society London, 1933, pp. 289–337
  15. Yuqing Zhu, Jinshuo Dong and Yu-Xiang Wang “Optimal accounting of differential privacy via characteristic function” In International Conference on Artificial Intelligence and Statistics, 2022, pp. 4782–4817 PMLR
  16. “Hypothesis testing interpretations and Rényi Differential Privacy” In International Conference on Artificial Intelligence and Statistics, 2020, pp. 2496–2506 PMLR
  17. “Connect the dots: Tighter discrete approximations of privacy loss distributions” In arXiv preprint arXiv:2207.04380, 2022
  18. The team “mpmath: a Python library for arbitrary-precision floating-point arithmetic (version 1.3.0)” http://mpmath.org/, 2023
  19. “Theoretical statistics” CRC Press, 1979
  20. “Analytical composition of differential privacy via the edgeworth accountant” In arXiv preprint arXiv:2206.04236, 2022
  21. “The Saddle-Point Accountant for Differential Privacy” In arXiv preprint arXiv:2208.09595, 2022
  22. “Sharp composition bounds for Gaussian differential privacy via Edgeworth expansion” In International Conference on Machine Learning, 2020, pp. 11420–11435 PMLR
  23. “Deep Learning with Gaussian Differential Privacy” In Harvard data science review, 2020
  24. Sivakanth Gopi, Yin Tat Lee and Lukas Wutschitz “Numerical composition of differential privacy” In Advances in Neural Information Processing Systems 34, 2021, pp. 11631–11642
  25. “A Randomized Approach for Tight Privacy Accounting” In arXiv preprint arXiv:2304.07927, 2023
  26. “Unlocking high-accuracy differentially private image classification through scale” In arXiv preprint arXiv:2204.13650, 2022
  27. “A statistical framework for differential privacy” In Journal of the American Statistical Association 105.489 Taylor & Francis, 2010, pp. 375–389
Citations (9)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
Slide Deck Streamline Icon: https://streamlinehq.com

Whiteboard

Dice Question Streamline Icon: https://streamlinehq.com

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now
Lightbulb Streamline Icon: https://streamlinehq.com

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now
List To Do Tasks Checklist Streamline Icon: https://streamlinehq.com

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up