How to Allow Deep Learning on Your Data Without Revealing Your Data

Explore the challenges and solutions for enabling deep learning on private data without compromising privacy in this 23-minute conference talk by Sanjeev Arora from Princeton University. Delve into the concept of Federated Learning and the need for secure data sharing among multiple parties. Learn about InstaHide and TextHide, innovative methods for "encrypting" images and text to enhance data security. Examine the limitations of current Federated Learning frameworks and understand the potential vulnerabilities exposed by recent attacks. Discover how these encryption techniques, inspired by the MixUp data augmentation technique, aim to provide enhanced security in various applications. Analyze the Carlini et al. 2020 attack on InstaHide, which combines combinatorial algorithms and deep learning, and evaluate its implications for data privacy. Gain insights into the ongoing challenges and advancements in protecting sensitive data while enabling collaborative deep learning across multiple parties.

How to allow deep learning on your data without revealing your data
TWO DISTINCT SETTINGS
FEDERATED LEARNING FRAMEWORK
PAST APPROACH 11 DIFFERENTIAL PRIVACY
PAST APPROACH 21 CRYPTOGRAPHY
Outline for rest of the talk
INSTAHIDE ENCRYPTION FOR DATA
INSTAHIDE INSPIRED BY MIXUP
INSTAHIDE: HOW IT WORKS
INSTAHIDE MINOR IMPACT ON ACCURACY
TEXTHIDE: BACKGROUND
TEXTHIDE: HOW IT WORKS
TEXTHIDE MINOR IMPACT ON ACCURACY
Released software
RECALL: TWO SETTINGS
Carlini et al.'s Attack Overview
Carlini et al.'s Attack Cubic running time
Carlini et al.'s Attack Limitations
CONCLUSIONS