Privacy-preserving machine learning with tensor networks

Author:

Pozas-Kerstjens Alejandro1234,Hernández-Santana Senaida5,Pareja Monturiol José Ramón34,Castrillón López Marco6,Scarpa Giannicola7,González-Guillén Carlos E.5,Pérez-García David34

Affiliation:

1. Group of Applied Physics, University of Geneva, 1211 Geneva 4, Switzerland

2. Constructor Institute, 8200 Schaffhausen, Switzerland

3. Instituto de Ciencias Matemáticas (CSIC-UAM-UC3M-UCM), 28049 Madrid, Spain

4. Departamento de Análisis Matemático, Universidad Complutense de Madrid, 28040 Madrid, Spain

5. Departamento de Matemática Aplicada a la Ingeniería Industrial, Universidad Politécnica de Madrid, 28006 Madrid, Spain

6. Departamento de Álgebra, Geometría y Topología, Universidad Complutense de Madrid, 28040 Madrid, Spain

7. Escuela Técnica Superior de Ingeniería de Sistemas Informáticos, Universidad Politécnica de Madrid, 28031 Madrid, Spain

Abstract

Tensor networks, widely used for providing efficient representations of low-energy states of local quantum many-body systems, have been recently proposed as machine learning architectures which could present advantages with respect to traditional ones. In this work we show that tensor-network architectures have especially prospective properties for privacy-preserving machine learning, which is important in tasks such as the processing of medical records. First, we describe a new privacy vulnerability that is present in feedforward neural networks, illustrating it in synthetic and real-world datasets. Then, we develop well-defined conditions to guarantee robustness to such vulnerability, which involve the characterization of models equivalent under gauge symmetry. We rigorously prove that such conditions are satisfied by tensor-network architectures. In doing so, we define a novel canonical form for matrix product states, which has a high degree of regularity and fixes the residual gauge that is left in the canonical forms based on singular value decompositions. We supplement the analytical findings with practical examples where matrix product states are trained on datasets of medical records, which show large reductions on the probability of an attacker extracting information about the training dataset from the model's parameters. Given the growing expertise in training tensor-network architectures, these results imply that one may not have to be forced to make a choice between accuracy in prediction and ensuring the privacy of the information processed.

Funder

European Union

European Regional Development Fund

Spanish Ministry of Science and Innovation

Ministry of Economy, Industry and Competitiveness

Ministry of Universities of Spain

Community of Madrid

Spanish National Research Council

Publisher

Verein zur Forderung des Open Access Publizierens in den Quantenwissenschaften

Reference53 articles.

1. Apple. ``Differential privacy overview''. https://www.apple.com/privacy/docs/Differential_Privacy_Overview.pdf (2021). Accessed: 2021-12-02.

2. Google. ``How we’re helping developers with differential privacy''. https://developers.googleblog.com/2021/01/how-were-helping-developers-with-differential-privacy.html (2021). Accessed: 2021-12-02.

3. Cynthia Dwork, Frank McSherry, Kobbi Nissim, and Adam Smith. ``Calibrating noise to sensitivity in private data analysis''. J. Priv. Confid. 7, 17––51 (2017).

4. Stanley L. Warner. ``Randomized response: A survey technique for eliminating evasive answer bias''. J. Am. Stat. Assoc. 60, 63–69 (1965).

5. Cynthia Dwork and Aaron Roth. ``The algorithmic foundations of differential privacy''. Found. Trends Theor. Comput. Sci. 9, 211–407 (2014).

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3