InstaHide: Instance-hiding Schemes for Private Distributed Learning

• URL: http://arxiv.org/abs/2010.02772v2
• Date: Wed, 24 Feb 2021 18:54:19 GMT
• Title: InstaHide: Instance-hiding Schemes for Private Distributed Learning
• Authors: Yangsibo Huang, Zhao Song, Kai Li, Sanjeev Arora
• Abstract summary: InstaHide is a simple encryption of training images, which can be plugged into existing distributed deep learning pipelines. InstaHide encrypts each training image with a "one-time secret key" which consists of mixing a number of randomly chosen images.
• Score: 45.26955355159282
• License: http://creativecommons.org/licenses/by-sa/4.0/
• Abstract: How can multiple distributed entities collaboratively train a shared deep net on their private data while preserving privacy? This paper introduces InstaHide, a simple encryption of training images, which can be plugged into existing distributed deep learning pipelines. The encryption is efficient and applying it during training has minor effect on test accuracy. InstaHide encrypts each training image with a "one-time secret key" which consists of mixing a number of randomly chosen images and applying a random pixel-wise mask. Other contributions of this paper include: (a) Using a large public dataset (e.g. ImageNet) for mixing during its encryption, which improves security. (b) Experimental results to show effectiveness in preserving privacy against known attacks with only minor effects on accuracy. (c) Theoretical analysis showing that successfully attacking privacy requires attackers to solve a difficult computational problem. (d) Demonstrating that use of the pixel-wise mask is important for security, since Mixup alone is shown to be insecure to some some efficient attacks. (e) Release of a challenge dataset https://github.com/Hazelsuko07/InstaHide_Challenge Our code is available at https://github.com/Hazelsuko07/InstaHide

Related papers

• Shielding Latent Face Representations From Privacy Attacks [8.251076234961632]
  We introduce a multi-layer protection framework for embeddings.<n>It consists of a sequence of operations: (a) embeddings using Fully Homomorphic Encryption (FHE), and (b) hashing them using irreversible feature manifold hashing.<n>Unlike conventional encryption methods, FHE enables computations directly on encrypted data, allowing downstream analytics while maintaining strong privacy guarantees.
  arXiv  Detail & Related papers  (2025-05-19T04:23:16Z)
• Clean Image May be Dangerous: Data Poisoning Attacks Against Deep Hashing [71.30876587855867]
  We show that even clean query images can be dangerous, inducing malicious target retrieval results, like undesired or illegal images. Specifically, we first train a surrogate model to simulate the behavior of the target deep hashing model. Then, a strict gradient matching strategy is proposed to generate the poisoned images.
  arXiv  Detail & Related papers  (2025-03-27T07:54:27Z)
• Activity Recognition on Avatar-Anonymized Datasets with Masked Differential Privacy [64.32494202656801]
  Privacy-preserving computer vision is an important emerging problem in machine learning and artificial intelligence. We present anonymization pipeline that replaces sensitive human subjects in video datasets with synthetic avatars within context. We also proposeMaskDP to protect non-anonymized but privacy sensitive background information.
  arXiv  Detail & Related papers  (2024-10-22T15:22:53Z)
• I can't see it but I can Fine-tune it: On Encrypted Fine-tuning of Transformers using Fully Homomorphic Encryption [5.12893315783096]
  We introduce BlindTuner, a privacy-preserving fine-tuning system that enables transformer training exclusively on homomorphically encrypted data for image classification. Our findings highlight a substantial speed enhancement of 1.5x to 600x over previous work in this domain.
  arXiv  Detail & Related papers  (2024-02-14T10:15:43Z)
• PPIDSG: A Privacy-Preserving Image Distribution Sharing Scheme with GAN in Federated Learning [2.0507547735926424]
  Federated learning (FL) has attracted growing attention since it allows for privacy-preserving collaborative training on decentralized clients. Recent works have revealed that it still has the risk of exposing private data to adversaries. We propose a privacy-preserving image distribution sharing scheme with GAN (PPIDSG)
  arXiv  Detail & Related papers  (2023-12-16T08:32:29Z)
• Human-imperceptible, Machine-recognizable Images [76.01951148048603]
  A major conflict is exposed relating to software engineers between better developing AI systems and distancing from the sensitive training data. This paper proposes an efficient privacy-preserving learning paradigm, where images are encrypted to become human-imperceptible, machine-recognizable'' We show that the proposed paradigm can ensure the encrypted images have become human-imperceptible while preserving machine-recognizable information.
  arXiv  Detail & Related papers  (2023-06-06T13:41:37Z)
• Attribute-Guided Encryption with Facial Texture Masking [64.77548539959501]
  We propose Attribute Guided Encryption with Facial Texture Masking to protect users from unauthorized facial recognition systems. Our proposed method produces more natural-looking encrypted images than state-of-the-art methods.
  arXiv  Detail & Related papers  (2023-05-22T23:50:43Z)
• When approximate design for fast homomorphic computation provides differential privacy guarantees [0.08399688944263842]
  Differential privacy (DP) and cryptographic primitives are popular countermeasures against privacy attacks. In this paper, we design SHIELD, a probabilistic approximation algorithm for the argmax operator. Even if SHIELD could have other applications, we here focus on one setting and seamlessly integrate it in the SPEED collaborative training framework.
  arXiv  Detail & Related papers  (2023-04-06T09:38:01Z)
• OPOM: Customized Invisible Cloak towards Face Privacy Protection [58.07786010689529]
  We investigate the face privacy protection from a technology standpoint based on a new type of customized cloak. We propose a new method, named one person one mask (OPOM), to generate person-specific (class-wise) universal masks. The effectiveness of the proposed method is evaluated on both common and celebrity datasets.
  arXiv  Detail & Related papers  (2022-05-24T11:29:37Z)
• Syfer: Neural Obfuscation for Private Data Release [58.490998583666276]
  We develop Syfer, a neural obfuscation method to protect against re-identification attacks. Syfer composes trained layers with random neural networks to encode the original data. It maintains the ability to predict diagnoses from the encoded data.
  arXiv  Detail & Related papers  (2022-01-28T20:32:04Z)
• A Fusion-Denoising Attack on InstaHide with Data Augmentation [22.841904122807488]
  InstaHide is a mechanism for protecting private training images in collaborative learning. In recent work, Carlini et al. show that it is possible to reconstruct private images from the encrypted dataset generated by InstaHide. This paper presents an attack for recovering private images from the outputs of InstaHide even when data augmentation is present.
  arXiv  Detail & Related papers  (2021-05-17T11:58:16Z)
• InstaHide's Sample Complexity When Mixing Two Private Images [14.861717977097417]
  InstaHide is a scheme to protect training data privacy with only minor effects on test accuracy. We study recent attacks on InstaHide and present a unified framework to understand and analyze these attacks. Our results demonstrate that InstaHide is not information-theoretically secure but computationally secure in the worst case.
  arXiv  Detail & Related papers  (2020-11-24T03:41:03Z)
• InfoScrub: Towards Attribute Privacy by Targeted Obfuscation [77.49428268918703]
  We study techniques that allow individuals to limit the private information leaked in visual data. We tackle this problem in a novel image obfuscation framework. We find our approach generates obfuscated images faithful to the original input images, and additionally increase uncertainty by 6.2$times$ (or up to 0.85 bits) over the non-obfuscated counterparts.
  arXiv  Detail & Related papers  (2020-05-20T19:48:04Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.