论文标题
实例编码是否可以进行私人学习?
Is Private Learning Possible with Instance Encoding?
论文作者
论文摘要
一种私人机器学习算法尽可能地掩盖其训练数据,同时仍保持准确性。在这项工作中,我们研究了非私人学习算法是否可以通过依靠实例编码机制来私有化,该实例编码机制在将培训输入喂入正常学习者之前会修改培训输入。我们通过提供两个攻击模型来形式化实例编码及其隐私的概念。我们首先证明了实现(更强)模型的不可能结果。接下来,我们在Instahide的第二个(弱)攻击模型中展示了实用攻击,这是Huang,Song,Li,Li和Arora [ICML'20]的最新建议,旨在将实例编码用于隐私。
A private machine learning algorithm hides as much as possible about its training data while still preserving accuracy. In this work, we study whether a non-private learning algorithm can be made private by relying on an instance-encoding mechanism that modifies the training inputs before feeding them to a normal learner. We formalize both the notion of instance encoding and its privacy by providing two attack models. We first prove impossibility results for achieving a (stronger) model. Next, we demonstrate practical attacks in the second (weaker) attack model on InstaHide, a recent proposal by Huang, Song, Li and Arora [ICML'20] that aims to use instance encoding for privacy.
