362 research outputs found
Scalable and Jointly Differentially Private Packing
We introduce an (epsilon, delta)-jointly differentially private algorithm for packing problems. Our algorithm not only achieves the optimal trade-off between the privacy parameter epsilon and the minimum supply requirement (up to logarithmic factors), but is also scalable in the sense that the running time is linear in the number of agents n. Previous algorithms either run in cubic time in n, or require a minimum supply per resource that is sqrt{n} times larger than the best possible
Langevin Diffusion: An Almost Universal Algorithm for Private Euclidean (Convex) Optimization
In this paper we revisit the problem of differentially private empirical risk
minimization (DP-ERM) and stochastic convex optimization (DP-SCO). We show that
a well-studied continuous time algorithm from statistical physics called
Langevin diffusion (LD) simultaneously provides optimal privacy/utility
tradeoffs for both DP-ERM and DP-SCO under -DP and
-DP. Using the uniform stability properties of LD, we
provide the optimal excess population risk guarantee for -Lipschitz
convex losses under -DP (even up to factors), thus improving
on Asi et al.
Along the way we provide various technical tools which can be of independent
interest: i) A new R\'enyi divergence bound for LD when run on loss functions
over two neighboring data sets, ii) Excess empirical risk bounds for
last-iterate LD analogous to that of Shamir and Zhang for noisy stochastic
gradient descent (SGD), and iii) A two phase excess risk analysis of LD, where
the first phase is when the diffusion has not converged in any reasonable sense
to a stationary distribution, and in the second phase when the diffusion has
converged to a variant of Gibbs distribution. Our universality results
crucially rely on the dynamics of LD. When it has converged to a stationary
distribution, we obtain the optimal bounds under -DP. When it is run
only for a very short time , we obtain the optimal bounds under
-DP. Here, is the dimensionality of the model space.
Our work initiates a systematic study of DP continuous time optimization. We
believe this may have ramifications in the design of discrete time DP
optimization algorithms analogous to that in the non-private setting, where
continuous time dynamical viewpoints have helped in designing new algorithms,
including the celebrated mirror-descent and Polyak's momentum method.Comment: Added a comparison to the work of Asi et a
A Novel Privacy-Preserved Recommender System Framework based on Federated Learning
Recommender System (RS) is currently an effective way to solve information
overload. To meet users' next click behavior, RS needs to collect users'
personal information and behavior to achieve a comprehensive and profound user
preference perception. However, these centrally collected data are
privacy-sensitive, and any leakage may cause severe problems to both users and
service providers. This paper proposed a novel privacy-preserved recommender
system framework (PPRSF), through the application of federated learning
paradigm, to enable the recommendation algorithm to be trained and carry out
inference without centrally collecting users' private data. The PPRSF not only
able to reduces the privacy leakage risk, satisfies legal and regulatory
requirements but also allows various recommendation algorithms to be applied
On facility location problem in the local differential privacy model
In this paper we study the uncapacitated facility location problem in the model of differential privacy (DP) with uniform facility cost. Specifically, we first show that, under the hierarchically well-separated tree (HST) metrics and the super-set output setting that was introduced in [8], there is an ∊-DP algorithm that achieves an O (¹/∊) expected multiplicative) approximation ratio; this implies an O( ^log n/_∊) approximation ratio for the general metric case, where n is the size of the input metric. These bounds improve the best-known results given by [8]. In particular, our
approximation ratio for HST-metrics is independent of n, and the ratio for general metrics is independent of the aspect ratio of the input metric.
On the negative side, we show that the approximation ratio of any ∊-DP algorithm is lower bounded by Ω (1/√∊), even for instances on HST metrics with uniform facility cost, under the super-set output setting. The lower bound shows that the dependence of the approximation ratio for HST metrics on ∊ can not be removed or greatly improved.
Our novel methods and techniques for both the upper and lower bound may find additional applications.CNS-2040249 - National Science Foundationhttps://proceedings.mlr.press/v151/cohen-addad22a/cohen-addad22a.pdfFirst author draf
Recommended from our members
Toward practical and private online services
Today's common online services (social networks, media streaming, messaging,
email, etc.) bring convenience. However, these services are susceptible to
privacy leaks. Certainly, email snooping by rogue employees, email server
hacks, and accidental disclosures of user ratings for movies are some
sources of private information leakage. This dissertation investigates the
following question: Can we build systems that (a) provide strong privacy
guarantees to the users, (b) are consistent with existing commercial and policy
regimes, and (c) are affordable?
Satisfying all three requirements simultaneously is challenging, as providing
strong privacy guarantees usually necessitates either sacrificing functionality,
incurring high resource costs, or both. Indeed, there are powerful cryptographic
protocols---private information retrieval (PIR), and secure two-party
computation (2PC)---that provide strong guarantees but are orders of magnitude
more expensive than their non-private counterparts. This dissertation takes
these protocols as a starting point and then substantially reduces their costs
by tailoring them using application-specific properties. It presents two
systems, Popcorn and Pretzel, built on this design ethos.
Popcorn is a Netflix-like media delivery system, that provably hides, even from
the content distributor (for example, Netflix), which movie a user is watching.
Popcorn tailors PIR protocols to the media domain. It amortizes the server-side
overhead of PIR by batching requests from the large number of concurrent users
retrieving content at any given time; and, it forms large batches without
introducing playback delays by leveraging the properties of media streaming.
Popcorn is consistent with the prevailing commercial regime (copyrights, etc.),
and its per-request dollar cost is 3.87 times that of a non-private system.
The other system described in this dissertation, Pretzel, is an email system
that encrypts emails end-to-end between senders and intended recipients, but
allows the email service provider to perform content-based spam filtering and
targeted advertising. Pretzel refines a 2PC protocol. It reduces the resource
consumption of the protocol by replacing the underlying encryption scheme with a
more efficient one, applying a packing technique to conserve invocations of the
encryption algorithm, and pruning the inputs to the protocol. Pretzel's costs,
versus a legacy non-private implementation, are estimated to be up to 5.4 times
for the email provider, with additional but modest client-side requirements.
Popcorn and Pretzel have fundamental connections. For instance, the
cryptographic protocols in both systems securely compute vector-matrix products.
However, we observe that differences in the vector and matrix dimensions lead to
different system designs.
Ultimately, both systems represent a potentially appealing compromise: sacrifice
some functionality to build in strong privacy properties at affordable costs.Computer Science
Privacy-preserving recommendation system using federated learning
Federated Learning is a form of distributed learning which leverages edge devices for training. It aims to preserve privacy by communicating users’ learning parameters and gradient updates to the global server during the training while keeping the actual data on the users’ devices. The training on global server is performed on these parameters instead of user data directly while fine tuning of the model can be done on client’s devices locally. However, federated learning is not without its shortcomings and in this thesis, we present an overview of the learning paradigm and propose a new federated recommender system framework that utilizes homomorphic encryption. This results in a slight decrease in accuracy metrics but leads to greatly increased user-privacy. We also show that performing computations on encrypted gradients barely affects the recommendation performance while ensuring a more secure means of communicating user gradients to and from the global server
- …