Mathematisches Forschungsinstitut Oberwolfach

Total Page:16

File Type:pdf, Size:1020Kb

Mathematisches Forschungsinstitut Oberwolfach Mathematisches Forschungsinstitut Oberwolfach Rep ort No Complexity Theory November th November th Complexity theory is concerned with the study of the intrinsic diculty of computational th tasks It is a central eld of theoretical computer science The Ob erwolfach Conference on Complexity Theory was organized by Joachim von zur Gathen Paderborn Oded Goldreich Rehovot and Claus Peter Schnorr Frankfurt The meeting consisted of ve general sessions and in addition sp ecial sessions on the following topics Algebraic Complexity Cryptography Lattices Pseudorandomness Another event that to ok place in the meeting was the awarding of the Ob erwolfach prize to Luca Trevisan who was one of the participants Abstracts of General Session Talks A Few Facts ab out Division Eric Allender Chiu Davida and Litow recently solved a decadesold problem by showing that there are logspaceuniform constantdepth threshold circuits for division It remains op en if the uniformity condition can b e improved to obtain Dlogtimeuniform circuits We precisely characterize the uniformity requirements by showing that Division is com plete under rstorder reductions for the class FOMPOW where FOM is an equivalent i formalization of Dlogtimeuniform TC and POW is the predicate a b mo d p for primes p of O log n bits We also show that FOM and FOMPOW coincide if a wellknown conjecture ab out smo oth primes holds In the talk I also mention a recent lower b ound joint work with Koucky Ronneburger Roy and Vinay showing that the lower b ound techniques of Fortnow can b e extended to the probabilistic mo del if division has uniform TC circuits Other consequences of the new division algorithm include a new translational lemma for very small spaceb ounded complexity classes Joint work with David Mix Barrington and William Hesse Sup erlinear timespace tradeo lower b ounds for randomized computation Paul Beame We prove the rst timespace lower b ound tradeos for randomized computation of de cision problems The b ounds hold even in the case that the computation is allowed to have arbitrary probability of error on a small fraction of inputs Our techniques are an extension of those used by Ajtai in his timespace tradeos for deterministic RAM algorithms computing element distinctness and for deterministic Bo olean branching programs computing an explicit function based on quadratic forms over GF Our results also give a quantitative improvement over those given by Ajtai Ajtai shows for certain sp ecic functions that any branching program using space S on requires time T that is sup erlinear The functional form of the sup erlinear b ound is not given in his pap er but optimizing the parameters in his arguments gives T n log log n log log log n for S O n For the same functions considered by Ajtai we prove a timespace tradeo of p log nS log log nS In particular for space O n this improves the form T n p the lower b ound on time to n log n log log n Joint work with Mike Saks Xiadong Sun and Erik Vee Expansion in Prop ositional Pro of Complexity Eli BenSasson In this survey talk we describ e the main technique used in recent years to prove lower b ounds in pro of complexity for simple pro of systems such as resolution and the p olynomial calculus We dene a certain form of expansion Boundary Expansion on bipartite graphs We dene a reduction of CNF formulas to bipartite graphs and claim the following For F an unsatisable CNF formula and GF its corresp onding bipartite graph if GF is an expander then The minimal width of refuting F in resolution is large linear The minimal size of refuting F in resolution is large exp onential The minimal space needed to refute F in resolution is large linear Similar lower b ounds hold for degree of refutation in the Polynomial Calculus This basic idea allows us to show nontrivial and often optimal lower b ounds for the Pigeonhole Principles Tseitin Graph formulas random k CNFs PseudorandomGenerator based formulas and many others Based on works by Alekhnovich Beame BenSasson Clegg Edmonds Grigoriev Im pagliazzo Pitassi Pudlak Razb orov Sgall and Wigderson Lower b ounds for the complexity of asso ciative algebras Markus Blaser Let C A resp R A denote the multiplicative resp bilinear complexity of a nite dimen sional asso ciative algebra A dim A n n if the decomp osition of Arad A We prove that R A t n n A A into simple algebras A D contains only noncommutative factors that t is the division algebra D is noncommutative or n If A is in addition semisimple then the same b ound holds for the multiplicative complexity ie C A dim A n n t n n essential multiplications In particular n nmatrix multiplication requires at least Approximating the Minimum Bisection Uriel Feige A Bisection of a graph with n vertices is a partition of its vertices into two sets each of size n The bisection cost is the number of edges connecting the two sets Finding the minimum bisection cost is NPhard We present several approximation algorithms for bisection the b est of which nds a bisection whose cost is within a ratio of O log n from optimal The previously known approximation ratio for bisection was n Joint work with Rob ert Krauthgamer and in part with Kobbi Nissim In search of an easy witness Applications to Exp onential Time Valentine Kabanets Using the hardnessrandomness tradeos as well as the idea of easy witnesses we show several complexitytheoretic results involving exp onentialtime complexity classes First we prove that NEXP Pp oly i NEXPMA This can b e interpreted as saying that one cannot derandomize MA without proving sup erp olynomial circuit lower b ounds for NEXP We also establish several downward closure results for the probabilistic complexity classes ZPP RP BPP and MA In particular we prove that EXPBPP i EEBPE where EE is O n double exp onential time and BPE is the time analog of the class BPP Joint work with Russell Impagliazzo and Avi Wigderson On Rounds in Quantum Communication Hartmut Klauck We investigate the p ower of interaction in two player quantum communication proto cols Our main result is a roundscommunication hierarchy for the p ointer jumping function f k We show that f needs quantum communication n if Bob starts the communication k and the number of rounds is limited to k for any constant k Trivially if Alice starts O k log n communication in k rounds suces The lower b ound employs a result relating the relative von Neumann entropy b etween density matrices to their trace distance and uses a new measure of information We also describ e a classical probabilistic k round proto col for f with communication k O nk k log k in which Bob starts the communication for k at least log n Furthermore as a consequence of the lower b ound for p ointer jumping we show that any k k round quantum proto col for the disjointness problem needs communication n for k O A linear space algorithm for computing the Hermite Normal Form of an integer lattice Daniele Micciancio Computing the Hermite Normal Form of an n n matrix using the b est current algorithms typically requires O n log M space where M is a b ound on the length of the columns of the input matrix Although p olynomial in the input size which is O n log M this space blowup can easily b ecome a serious issue in practice when working on big integer matrices In this talk we present a new algorithm for computing the Hermite Normal Form which uses only O n log M space ie essentially the same as the input size When implemented using standard integer arithmetic our algorithm has the same time complexity of the asymptoti cally fastest but space inecient algorithms We also suggest simple heuristics that when incorp orated in our algorithm result in essentially the same asymptotic running time of the theoretically fastest solutions still maintaining our algorithm extremely practical Joint work with Bogdan Warinschi The ZigZag Graph Pro duct and Elementary Construction of Expander Graphs Omer Reingold Expander graphs are combinatorial ob jects which are fascinating and useful but seemed hard to construct The main result we present is an elementary way of constructing them The essential ingredient is a new type of graph pro duct which we call the zigzag pro duct Taking a pro duct of a large graph with a small graph the resulting graph inherits roughly its size from the large one its degree from the small one and its expansion prop erties from b oth Iteration yields simple explicit constructions of constant degree expanders of arbitrary size starting from one constantsize expander Crucial to our intuition and simple analysis of the prop erties of this graph pro duct is the view of expanders as functions which act as entropy wave propagators they transform probability distributions in which entropy is concentrated in one area to distributions where that concentration is dissipated In these terms the graph pro duct aords the constructive interference of two such waves No sp ecial background is assumed Joint work with Salil Vadhan and Avi Wigderson Variation of the BaurStrassen Theorem for Size and Depth Arnold Schonhage In this talk I present a simple pro of for the following Theorem Let a rational function f K x x b e computable by an arithmetical n circuit D of size s and depth d with the indeterminates x x and any constants K n as costfree inputs of D and op eration no des using f g at unit cost Then there exists also a circuit D of size s and depth d computing f plus its rst partial derivatives f
Recommended publications
  • The Limits of Post-Selection Generalization
    The Limits of Post-Selection Generalization Kobbi Nissim∗ Adam Smithy Thomas Steinke Georgetown University Boston University IBM Research – Almaden [email protected] [email protected] [email protected] Uri Stemmerz Jonathan Ullmanx Ben-Gurion University Northeastern University [email protected] [email protected] Abstract While statistics and machine learning offers numerous methods for ensuring gener- alization, these methods often fail in the presence of post selection—the common practice in which the choice of analysis depends on previous interactions with the same dataset. A recent line of work has introduced powerful, general purpose algorithms that ensure a property called post hoc generalization (Cummings et al., COLT’16), which says that no person when given the output of the algorithm should be able to find any statistic for which the data differs significantly from the population it came from. In this work we show several limitations on the power of algorithms satisfying post hoc generalization. First, we show a tight lower bound on the error of any algorithm that satisfies post hoc generalization and answers adaptively chosen statistical queries, showing a strong barrier to progress in post selection data analysis. Second, we show that post hoc generalization is not closed under composition, despite many examples of such algorithms exhibiting strong composition properties. 1 Introduction Consider a dataset X consisting of n independent samples from some unknown population P. How can we ensure that the conclusions drawn from X generalize to the population P? Despite decades of research in statistics and machine learning on methods for ensuring generalization, there is an increased recognition that many scientific findings do not generalize, with some even declaring this to be a “statistical crisis in science” [14].
    [Show full text]
  • Individuals and Privacy in the Eye of Data Analysis
    Individuals and Privacy in the Eye of Data Analysis Thesis submitted in partial fulfillment of the requirements for the degree of “DOCTOR OF PHILOSOPHY” by Uri Stemmer Submitted to the Senate of Ben-Gurion University of the Negev October 2016 Beer-Sheva This work was carried out under the supervision of Prof. Amos Beimel and Prof. Kobbi Nissim In the Department of Computer Science Faculty of Natural Sciences Acknowledgments I could not have asked for better advisors. I will be forever grateful for their close guidance, their constant encouragement, and the warm shelter they provided. Without them, this thesis could have never begun. I have been fortunate to work with Raef Bassily, Amos Beimel, Mark Bun, Kobbi Nissim, Adam Smith, Thomas Steinke, Jonathan Ullman, and Salil Vadhan. I enjoyed working with them all, and I thank them for everything they have taught me. iii Contents Acknowledgments . iii Contents . iv List of Figures . vi Abstract . vii 1 Introduction1 1.1 Differential Privacy . .2 1.2 The Sample Complexity of Private Learning . .3 1.3 Our Contributions . .5 1.4 Additional Contributions . 10 2 Related Literature 15 2.1 The Computational Price of Differential Privacy . 15 2.2 Interactive Query Release . 18 2.3 Answering Adaptively Chosen Statistical Queries . 19 2.4 Other Related Work . 21 3 Background and Preliminaries 22 3.1 Differential privacy . 22 3.2 Preliminaries from Learning Theory . 24 3.3 Generalization Bounds for Points and Thresholds . 29 3.4 Private Learning . 30 3.5 Basic Differentially Private Mechanisms . 31 3.6 Concentration Bounds . 33 4 The Generalization Properties of Differential Privacy 34 4.1 Main Results .
    [Show full text]
  • Signature Redacted
    On Foundations of Public-Key Encryption and Secret Sharing by Akshay Dhananjai Degwekar B.Tech., Indian Institute of Technology Madras (2014) S.M., Massachusetts Institute of Technology (2016) Submitted to the Department of Electrical Engineering and Computer Science in partial fulfillment of the requirements for the degree of Doctor of Philosophy at the MASSACHUSETTS INSTITUTE OF TECHNOLOGY September 2019 @Massachusetts Institute of Technology 2019. All rights reserved. Signature redacted Author ............................................ Department of Electrical Engineering and Computer Science June 28, 2019 Signature redacted Certified by....................................... VWi dVaikuntanathan Associate Professor of Electrical Engineering and Computer Science Thesis Supervisor Signature redacted A ccepted by . ......... ...................... MASSACLislie 6jp lodziejski OF EHs o fTE Professor of Electrical Engineering and Computer Science Students Committee on Graduate OCT Chair, Department LIBRARIES c, On Foundations of Public-Key Encryption and Secret Sharing by Akshay Dhananjai Degwekar Submitted to the Department of Electrical Engineering and Computer Science on June 28, 2019, in partial fulfillment of the requirements for the degree of Doctor of Philosophy Abstract Since the inception of Cryptography, Information theory and Coding theory have influenced cryptography in myriad ways including numerous information-theoretic notions of security in secret sharing, multiparty computation and statistical zero knowledge; and by providing a large toolbox used extensively in cryptography. This thesis addresses two questions in this realm: Leakage Resilience of Secret Sharing Schemes. We show that classical secret sharing schemes like Shamir secret sharing and additive secret sharing over prime order fields are leakage resilient. Leakage resilience of secret sharing schemes is closely related to locally repairable codes and our results can be viewed as impossibility results for local recovery over prime order fields.
    [Show full text]
  • Calibrating Noise to Sensitivity in Private Data Analysis
    Calibrating Noise to Sensitivity in Private Data Analysis Cynthia Dwork1, Frank McSherry1, Kobbi Nissim2, and Adam Smith3? 1 Microsoft Research, Silicon Valley. {dwork,mcsherry} 2 Ben-Gurion University. [email protected] 3 Weizmann Institute of Science. [email protected] Abstract. We continue a line of research initiated in [10, 11] on privacy- preserving statistical databases. Consider a trusted server that holds a database of sensitive information. Given a query function f mapping databases to reals, the so-called true answer is the result of applying f to the database. To protect privacy, the true answer is perturbed by the addition of random noise generated according to a carefully chosen distribution, and this response, the true answer plus noise, is returned to the user. Previous work focused on the case of noisy sums, in which f = P i g(xi), where xi denotes the ith row of the database and g maps database rows to [0, 1]. We extend the study to general functions f, proving that privacy can be preserved by calibrating the standard devi- ation of the noise according to the sensitivity of the function f. Roughly speaking, this is the amount that any single argument to f can change its output. The new analysis shows that for several particular applications substantially less noise is needed than was previously understood to be the case. The first step is a very clean characterization of privacy in terms of indistinguishability of transcripts. Additionally, we obtain separation re- sults showing the increased value of interactive sanitization mechanisms over non-interactive.
    [Show full text]
  • Differential Privacy, Property Testing, and Perturbations
    Differential Privacy, Property Testing, and Perturbations by Audra McMillan A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy (Mathematics) in The University of Michigan 2018 Doctoral Committee: Professor Anna Gilbert, Chair Professor Selim Esedoglu Professor John Schotland Associate Professor Ambuj Tewari Audra McMillan [email protected] ORCID iD: 0000-0003-4231-6110 c Audra McMillan 2018 ACKNOWLEDGEMENTS First and foremost, I would like to thank my advisor, Anna Gilbert. Anna managed to strike the balance between support and freedom that is the goal of many advisors. I always felt that she believed in my ideas and I am a better, more confident researcher because of her. I was fortunate to have a large number of pseudo-advisors during my graduate ca- reer. Martin Strauss, Adam Smith, and Jacob Abernethy deserve special mention. Martin guided me through the early stages of my graduate career and helped me make the tran- sition into more applied research. Martin was the first to suggest that I work on privacy. He taught me that interesting problems and socially-conscious research are not mutually exclusive. Adam Smith hosted me during what became my favourite summer of graduate school. I published my first paper with Adam, which he tirelessly guided towards a pub- lishable version. He has continued to be my guide in the differential privacy community, introducing me to the right people and the right problems. Jacob Abernethy taught me much of what I know about machine learning. He also taught me the importance of being flexible in my research and that research is as much as about exploration as it is about solving a pre-specified problem.
    [Show full text]
  • Amicus Brief of Data Privacy Experts
    Case 3:21-cv-00211-RAH-ECM-KCN Document 99-1 Filed 04/23/21 Page 1 of 27 EXHIBIT A Case 3:21-cv-00211-RAH-ECM-KCN Document 99-1 Filed 04/23/21 Page 2 of 27 UNITED STATES DISTRICT COURT FOR THE MIDDLE DISTRICT OF ALABAMA EASTERN DIVISION THE STATE OF ALABAMA, et al., ) ) Plaintiffs, ) ) v. ) Civil Action No. ) 3:21-CV-211-RAH UNITED STATES DEPARTMENT OF ) COMMERCE, et al., ) ) Defendants. ) AMICUS BRIEF OF DATA PRIVACY EXPERTS Ryan Calo Deirdre K. Mulligan Ran Canetti Omer Reingold Aloni Cohen Aaron Roth Cynthia Dwork Guy N. Rothblum Roxana Geambasu Aleksandra (Seša) Slavkovic Somesh Jha Adam Smith Nitin Kohli Kunal Talwar Aleksandra Korolova Salil Vadhan Jing Lei Larry Wasserman Katrina Ligett Daniel J. Weitzner Shannon L. Holliday Michael B. Jones (ASB-5440-Y77S) Georgia Bar No. 721264 COPELAND, FRANCO, SCREWS [email protected] & GILL, P.A. BONDURANT MIXSON & P.O. Box 347 ELMORE, LLP Montgomery, AL 36101-0347 1201 West Peachtree Street, NW Suite 3900 Atlanta, GA 30309 Counsel for the Data Privacy Experts #3205841v1 Case 3:21-cv-00211-RAH-ECM-KCN Document 99-1 Filed 04/23/21 Page 3 of 27 TABLE OF CONTENTS STATEMENT OF INTEREST ..................................................................................... 1 SUMMARY OF ARGUMENT .................................................................................... 1 ARGUMENT ................................................................................................................. 2 I. Reconstruction attacks Are Real and Put the Confidentiality of Individuals Whose Data are Reflected
    [Show full text]
  • Calibrating Noise to Sensitivity in Private Data Analysis
    Calibrating Noise to Sensitivity in Private Data Analysis Cynthia Dwork1, Frank McSherry1, Kobbi Nissim2, and Adam Smith3? 1 Microsoft Research, Silicon Valley. {dwork,mcsherry} 2 Ben-Gurion University. [email protected] 3 Weizmann Institute of Science. [email protected] Abstract. We continue a line of research initiated in [10, 11] on privacy- preserving statistical databases. Consider a trusted server that holds a database of sensitive information. Given a query function f mapping databases to reals, the so-called true answer is the result of applying f to the database. To protect privacy, the true answer is perturbed by the addition of random noise generated according to a carefully chosen distribution, and this response, the true answer plus noise, is returned to the user. P Previous work focused on the case of noisy sums, in which f = i g(xi), where xi denotes the ith row of the database and g maps data- base rows to [0, 1]. We extend the study to general functions f, proving that privacy can be preserved by calibrating the standard deviation of the noise according to the sensitivity of the function f. Roughly speak- ing, this is the amount that any single argument to f can change its output. The new analysis shows that for several particular applications substantially less noise is needed than was previously understood to be the case. The first step is a very clean characterization of privacy in terms of indistinguishability of transcripts. Additionally, we obtain separation re- sults showing the increased value of interactive sanitization mechanisms over non-interactive.
    [Show full text]
  • Efficiently Querying Databases While Providing Differential Privacy
    Epsolute: Efficiently Querying Databases While Providing Differential Privacy Dmytro Bogatov Georgios Kellaris George Kollios Boston University Canada Boston University Boston, MA, USA [email protected] Boston, MA, USA [email protected] [email protected] Kobbi Nissim Adam O’Neill Georgetown University University of Massachusetts, Amherst Washington, D.C., USA Amherst, MA, USA [email protected] [email protected] ABSTRACT KEYWORDS As organizations struggle with processing vast amounts of informa- Differential Privacy; ORAM; differential obliviousness; sanitizers; tion, outsourcing sensitive data to third parties becomes a necessity. ACM Reference Format: To protect the data, various cryptographic techniques are used in Dmytro Bogatov, Georgios Kellaris, George Kollios, Kobbi Nissim, and Adam outsourced database systems to ensure data privacy, while allowing O’Neill. 2021. Epsolute: Efficiently Querying Databases While Providing efficient querying. A rich collection of attacks on such systems Differential Privacy. In Proceedings of the 2021 ACM SIGSAC Conference on has emerged. Even with strong cryptography, just communication Computer and Communications Security (CCS ’21), November 15–19, 2021, volume or access pattern is enough for an adversary to succeed. Virtual Event, Republic of Korea. ACM, New York, NY, USA, 15 pages. https: In this work we present a model for differentially private out- // sourced database system and a concrete construction, Epsolute, that provably conceals the aforementioned leakages, while remaining 1 INTRODUCTION efficient and scalable. In our solution, differential privacy ispre- Secure outsourced database systems aim at helping organizations served at the record level even against an untrusted server that outsource their data to untrusted third parties, without compro- controls data and queries.
    [Show full text]
  • UC Berkeley UC Berkeley Electronic Theses and Dissertations
    UC Berkeley UC Berkeley Electronic Theses and Dissertations Title Hardness of Maximum Constraint Satisfaction Permalink Author Chan, Siu On Publication Date 2013 Peer reviewed|Thesis/dissertation Powered by the California Digital Library University of California Hardness of Maximum Constraint Satisfaction by Siu On Chan A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate Division of the University of California, Berkeley Committee in charge: Professor Elchanan Mossel, Chair Professor Luca Trevisan Professor Satish Rao Professor Michael Christ Spring 2013 Hardness of Maximum Constraint Satisfaction Creative Commons 3.0 BY: C 2013 by Siu On Chan 1 Abstract Hardness of Maximum Constraint Satisfaction by Siu On Chan Doctor of Philosophy in Computer Science University of California, Berkeley Professor Elchanan Mossel, Chair Maximum constraint satisfaction problem (Max-CSP) is a rich class of combinatorial op- timization problems. In this dissertation, we show optimal (up to a constant factor) NP- hardness for maximum constraint satisfaction problem with k variables per constraint (Max- k-CSP), whenever k is larger than the domain size. This follows from our main result con- cerning CSPs given by a predicate: a CSP is approximation resistant if its predicate contains a subgroup that is balanced pairwise independent. Our main result is related to previous works conditioned on the Unique-Games Conjecture and integrality gaps in sum-of-squares semidefinite programming hierarchies. Our main ingredient is a new gap-amplification technique inspired by XOR-lemmas. Using this technique, we also improve the NP-hardness of approximating Independent-Set on bounded-degree graphs, Almost-Coloring, Two-Prover-One-Round-Game, and various other problems.
    [Show full text]
  • Arxiv:2105.01193V1
    Improved approximation algorithms for bounded-degree local Hamiltonians Anurag Anshu1, David Gosset2, Karen J. Morenz Korol3, and Mehdi Soleimanifar4 1 Department of EECS & Challenge Institute for Quantum Computation, University of California, Berkeley, USA and Simons Institute for the Theory of Computing, Berkeley, California, USA. 2 Department of Combinatorics and Optimization and Institute for Quantum Computing, University of Waterloo, Canada 3 Department of Chemistry, University of Toronto, Canada and 4 Center for Theoretical Physics, Massachusetts Institute of Technology, USA We consider the task of approximating the ground state energy of two-local quantum Hamiltonians on bounded-degree graphs. Most existing algorithms optimize the energy over the set of product states. Here we describe a family of shallow quantum circuits that can be used to improve the approximation ratio achieved by a given product state. The algorithm takes as input an n-qubit 2 product state |vi with mean energy e0 = hv|H|vi and variance Var = hv|(H − e0) |vi, and outputs a 2 state with an energy that is lower than e0 by an amount proportional to Var /n. In a typical case, we have Var = Ω(n) and the energy improvement is proportional to the number of edges in the graph. When applied to an initial random product state, we recover and generalize the performance guarantees of known algorithms for bounded-occurrence classical constraint satisfaction problems. We extend our results to k-local Hamiltonians and entangled initial states. Quantum computers are capable of efficiently comput- Hamiltonian ing the dynamics of quantum many-body systems [1], and it is anticipated that they can be useful for scien- H = hij (1) i,j E tific applications in physics, materials science and quan- { X}∈ tum chemistry.
    [Show full text]
  • Towards Formalizing the GDPR's Notion of Singling
    Towards Formalizing the GDPR's Notion of Singling Out Aloni Cohen∗ Kobbi Nissim† December 21, 2020 Abstract There is a significant conceptual gap between legal and mathematical thinking around data privacy. The effect is uncertainty as to which technical offerings adequately match expectations expressed in legal standards. The uncertainty is exacerbated by a litany of successful privacy attacks demonstrating that traditional statistical disclosure limitation techniques often fall short of the sort of privacy envisioned by legal standards. We define predicate singling out, a new type of privacy attack intended to capture the concept of singling out appearing in the General Data Protection Regulation (GDPR). Informally, an adversary predicate singles out a dataset x using the output of a data-release mechanism M(x) if it manages to find a predicate p matching exactly one row x x with probability much better than a statistical baseline. A data-release mechanism that2 precludes such attacks is secure against predicate singling out (PSO secure). We argue that PSO security is a mathematical concept with legal consequences. Any data- release mechanism that purports to \render anonymous" personal data under the GDPR must be secure against singling out, and, hence, must be PSO secure. We then analyze PSO security, showing that it fails to self-compose. Namely, a combination of !(log n) exact counts, each individually PSO secure, enables an attacker to predicate single out. In fact, the composition of just two PSO-secure mechanisms can fail to provide PSO security. Finally, we ask whether differential privacy and k-anonymity are PSO secure. Leveraging a connection to statistical generalization, we show that differential privacy implies PSO security.
    [Show full text]
  • Differentially Private Deep Learning with Smooth Sensitivity
    Differentially Private Deep Learning with Smooth Sensitivity Lichao Sun Yingbo Zhou University of Illinois at Chicago Salesforce Research [email protected] [email protected] Philip S. Yu Caiming Xiong University of Illinois at Chicago Salesforce Research [email protected] [email protected] ABSTRACT KEYWORDS Ensuring the privacy of sensitive data used to train modern ma- privacy, differential privacy, smooth sensitivity, teacher-student chine learning models is of paramount importance in many areas learning, data-dependent analysis of practice. One approach to study these concerns is through the ACM Reference Format: lens of differential privacy. In this framework, privacy guarantees Lichao Sun, Yingbo Zhou, Philip S. Yu, and Caiming Xiong. 2020. Differ- are generally obtained by perturbing models in such a way that entially Private Deep Learning with Smooth Sensitivity. In KDD ’20: ACM specifics of data used to train the model are made ambiguous. A SIGKDD International Conference on Knowledge discovery and data min- particular instance of this approach is through a “teacher-student” ing, Aug 22–27, 2020, San Diego, CA. ACM, New York, NY, USA, 10 pages. framework, wherein the teacher, who owns the sensitive data, pro- vides the student with useful, but noisy, information, hopefully allowing the student model to perform well on a given task without access to particular features of the sensitive data. Because stronger 1 INTRODUCTION privacy guarantees generally involve more significant perturbation Recent years have witnessed impressive breakthroughs of deep on the part of the teacher, deploying existing frameworks funda- learning in a wide variety of domains, such as image classifica- mentally involves a trade-off between student’s performance and tion [20], natural language processing [8], and many more.
    [Show full text]