Physics solutions for machine learning privacy leaks
| dc.contributor.author | Pozas Kerstjens, Alejandro | |
| dc.contributor.author | Hernández Santana, Senaida | |
| dc.contributor.author | Pareja Monturiol, José Ramón | |
| dc.contributor.author | Castrillón López, Marco | |
| dc.contributor.author | Scarpa, Giannicola | |
| dc.contributor.author | Gonzalez Guillen, Carlos E. | |
| dc.contributor.author | Pérez García, David | |
| dc.date.accessioned | 2023-06-22T10:48:13Z | |
| dc.date.available | 2023-06-22T10:48:13Z | |
| dc.date.issued | 2022 | |
| dc.description.abstract | Machine learning systems are becoming more and more ubiquitous in increasingly complex areas, including cutting-edge scientific research. The opposite is also true: the interest in better understanding the inner workings of machine learning systems motivates their analysis under the lens of different scientific disciplines. Physics is particularly successful in this, due to its ability to describe complex dynamical systems. While explanations of phenomena in machine learning based physics are increasingly present, examples of direct application of notions akin to physics in order to improve machine learning systems are more scarce. Here we provide one such pplication in the problem of developing algorithms that preserve the privacy of the manipulated data, which is especially important in tasks such as the processing of medical records. We develop well-defined conditions to guarantee robustness to specific types of privacy leaks, and rigorously prove that such conditions are satisfied by tensor-network architectures. These are inspired by the efficient representation of quantum many-body systems, and have shown to compete and even surpass traditional machine learning architectures in certain cases. Given the growing expertise in training tensornetwork architectures, these results imply that one may not have to be forced to make a choice between accuracy in prediction and ensuring the privacy of the information processed. | |
| dc.description.department | Depto. de Álgebra, Geometría y Topología | |
| dc.description.faculty | Fac. de Ciencias Matemáticas | |
| dc.description.refereed | FALSE | |
| dc.description.sponsorship | Unión Europea. Horizonte 2020 | |
| dc.description.sponsorship | Ministerio de Ciencia e Innovación (MICINN) | |
| dc.description.sponsorship | Comunidad de Madrid | |
| dc.description.sponsorship | Centro de Excelencia Severo Ochoa | |
| dc.description.status | unpub | |
| dc.eprint.id | https://eprints.ucm.es/id/eprint/73160 | |
| dc.identifier.uri | https://hdl.handle.net/20.500.14352/71696 | |
| dc.language.iso | eng | |
| dc.relation.projectID | GAPS (648913) | |
| dc.relation.projectID | (MTM2014- 54240-P, MTM2017-88385-P, PGC2018-098321-B-I00 and PID2020-113523GB-I00) | |
| dc.relation.projectID | (CEX2019- 000904-S and ICMAT Severo Ochoa project SEV-2015- 0554, and grants CEX2019-000904-S-20-4) | |
| dc.relation.projectID | QUITEMAD-CM (P2018/TCS-4342); PEJ-2021-AI/TIC-23267 | |
| dc.rights.accessRights | open access | |
| dc.subject.cdu | 519.87 | |
| dc.subject.cdu | 519.713 | |
| dc.subject.keyword | Machine learning | |
| dc.subject.keyword | Complex dynamical systems | |
| dc.subject.keyword | Tensor-network architectures | |
| dc.subject.keyword | Criptography | |
| dc.subject.ucm | Física matemática | |
| dc.subject.ucm | Seguridad informática | |
| dc.subject.ucm | Investigación operativa (Matemáticas) | |
| dc.subject.unesco | 1207 Investigación Operativa | |
| dc.title | Physics solutions for machine learning privacy leaks | |
| dc.type | journal article | |
| dcterms.references | [1] Apple, Differential privacy overview, https://www.apple.com/privacy/docs/Differential Privacy Overview.pdf (2021), accessed:2021-12-02. [2] Google, How we’re helping developers with differential privacy, https://developers.googleblog.com/2021/01/ how-were-helping-developers-with-differentialprivacy.html (2021), accessed: 2021-12-02. [3] C. Dwork, F. McSherry, K. Nissim, and A. Smith, J. Priv. Confid. 7, 17 (2017). [4] S. L. Warner, J. Am. Stat. Assoc. 60, 63 (1965). [5] C. Dwork and A. Roth, Found. Trends Theor. Comput.Sci. 9, 211 (2014). [6] N. Phan, X. Wu, and D. Dou, Mach. Learn. 106, 1681 (2017). [7] M. Abadi, A. Chu, I. Goodfellow, H. B. McMahan,I. Mironov, K. Talwar, and L. Zhang, in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS ’16 (Association for Computing Machinery, New York, NY, USA, 2016) pp.308–318. [8] C. Collberg, J. Davidson, R. Giacobazzi, Y. X. Gu, A. Herzberg, and F.-Y. Wang, IEEE Intell. Syst. 26, 8(2011). [9] F. Verstraete, V. Murg, and J. I. Cirac, Adv. Phys. 57, 143 (2008). [10] G. Carleo, I. Cirac, K. Cranmer, L. Daudet, M. Schuld, N. Tishby, L. Vogt-Maranto, and L. Zdeborová, Rev. Mod. Phys. 91, 045002 (2019). [11] A. Radovic, M. Williams, D. Rousseau, M. Kagan,D. Bonacorsi, A. Himmel, A. Aurisano, K. Terao, and T. Wongjirad, Nature 560, 41 (2018). [12] J. Carrasquilla, Adv. Phys.: X 5, 1797528 (2020). [13] J. F. Rodriguez-Nieva and M. S. Scheurer, Nat. Phys. 15, 790 (2019). [14] M. Y. Niu, S. Boixo, V. Smelyanskiy, and H. Neven, npj Quantum Inf. 5, 33 (2019). [15] T. Fösel, P. Tighineanu, T. Weiss, and F. Marquardt, Phys. Rev. X 8, 031084 (2018). [16] N. Tishby, F. C. Pereira, and W. Bialek, The information bottleneck method, arXiv:physics/0004057. [17] H. C. Nguyen, R. Zecchina, and J. Berg, Adv. Phys. 66, 197 (2017). [18] E. W. Tramel, M. Gabrié, A. Manoel, F. Caltagirone, and F. Krzakala, Phys. Rev. X 8, 041006 (2018). [19] A. Pozas-Kerstjens, G. Muñoz-Gil, E. Piñol, M. Á. García-March, A. Acín, M. Lewenstein, and P. R. Grzybowski, Mach. Learn.: Sci. Technol. 2, 025026 (2021). [20] A. Pozas-Kerstjens and S. Hernández-Santana, Computational appendix of Physics solutions to machine learning privacy leaks, GitHub repository (2021), https:// www.gihub.com/apozas/private-tn. [21] Global.health, a data science initiative, https:// global.health (2021), accessed: 2021-03-22. [22] G. Ateniese, L. V. Mancini, A. Spognardi, A. Villani, D. Vitali, and G. Felici, Int. J. Secur. Netw. 10, 137 (2015). [23] R. Shokri, M. Stronati, C. Song, and V. Shmatikov, in 2017 IEEE Symposium on Security and Privacy (SP) (2017) pp. 3–18. [24] E. Stoudenmire and D. J. Schwab, in Advances in Neural Information Processing Systems, Vol. 29, edited by D. Lee, M. Sugiyama, U. Luxburg, I. Guyon, and R. Garnett (Curran Associates, Inc., 2016) pp. 4799–4807. [25] I. F. Oseledets, SIAM J. Sci. Comput. 33, 2295 (2011). [26] I. V. Oseledets, Dokl. Math. 80, 495 (2009). [27] D. P´erez-García, F. Verstraete, M. M. Wolf, and J. I. Cirac, Quantum Info. Comput. 7, 401 (2007). [28] G. Vidal, Phys. Rev. Lett. 91, 147902 (2003). [29] K. B. Marathe and G. Martucci, The mathematical foundations of gauge theories (North Holland, 1992). [30] J. Haegeman, M. Mariën, T. J. Osborne, and F. Verstraete, J. Math. Phys. 55, 021902 (2014). [31] J. I. Cirac, D. Pérez-García, N. Schuch, and F. Verstraete, Rev. Mod. Phys. 93, 045003 (2021). [32] F. Tramèr, F. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart, in 25th USENIX Security Symposium (USENIX Security 16) (USENIX Association, 2016) pp. 601–618. [33] M. Jagielski, N. Carlini, D. Berthelot, A. Kurakin, and N. Papernot, in 29th USENIX Security Symposium (USENIX Security 20) (USENIX Association, 2020) pp.1345–1362. [34] A. Molnar, J. Garre-Rubio, D. Pérez-García, N. Schuch, and J. I. Cirac, New J. Phys. 20, 113017 (2018). [35] J. Wang, C. Roberts, G. Vidal, and S. Leichenauer, Anomaly detection with tensor networks, arXiv:2006.02516. [36] D. Liu, S.-J. Ran, P. Wittek, C. Peng, R. Blázquez García, G. Su, and M. Lewenstein, New J. Phys. 21, 073059 (2019). [37] J. Su, W. Byeon, J. Kossaifi, F. Huang, J. Kautz, and A. Anandkumar, in Advances in Neural Information Processing Systems, Vol. 33, edited by H. Larochelle, M. Ranzato, R. Hadsell, M. F. Balcan, and H. Lin (Curran Associates, Inc., 2020) pp. 13714–13726. [38] X. Ma, P. Zhang, S. Zhang, N. Duan, Y. Hou, D. Song, and M. Zhou, in Proceedings of the 33rd International Conference on Neural Information Processing Systems (Curran Associates Inc., Red Hook, NY, USA, 2019) pp. 2232–2242. [39] I. Glasser, N. Pancotti, and J. I. Cirac, IEEE Access 8, 68169 (2020). [40] M. Kuznetsov, D. Polykovskiy, D. P. Vetrov, and A. Zhebrak, in Advances in Neural Information Processing Systems, Vol. 32, edited by H. Wallach, H. Larochelle, A. Beygelzimer, F. d'Alché-Buc, E. Fox, and R. Garnett (Curran Associates, Inc., 2019) pp. 4102–4112. [41] S. Cheng, L. Wang, and P. Zhang, Phys. Rev. B 103, 125117 (2021). | |
| dspace.entity.type | Publication | |
| relation.isAuthorOfPublication | 2781793b-ed91-4510-89e3-270a2efc2de8 | |
| relation.isAuthorOfPublication | 32e59067-ef83-4ca6-8435-cd0721eb706b | |
| relation.isAuthorOfPublication | 5edb2da8-669b-42d1-867d-8fe3144eb216 | |
| relation.isAuthorOfPublication.latestForDiscovery | 2781793b-ed91-4510-89e3-270a2efc2de8 |
Download
Original bundle
1 - 1 of 1
