Current browse context:
cs
Change to browse by:
References & Citations
Computer Science > Machine Learning
Title: InstaHide's Sample Complexity When Mixing Two Private Images
(Submitted on 24 Nov 2020 (v1), last revised 6 Feb 2024 (this version, v2))
Abstract: Training neural networks usually require large numbers of sensitive training data, and how to protect the privacy of training data has thus become a critical topic in deep learning research. InstaHide is a state-of-the-art scheme to protect training data privacy with only minor effects on test accuracy, and its security has become a salient question. In this paper, we systematically study recent attacks on InstaHide and present a unified framework to understand and analyze these attacks. We find that existing attacks either do not have a provable guarantee or can only recover a single private image. On the current InstaHide challenge setup, where each InstaHide image is a mixture of two private images, we present a new algorithm to recover all the private images with a provable guarantee and optimal sample complexity. In addition, we also provide a computational hardness result on retrieving all InstaHide images. Our results demonstrate that InstaHide is not information-theoretically secure but computationally secure in the worst case, even when mixing two private images.
Submission history
From: Ruizhe Zhang [view email][v1] Tue, 24 Nov 2020 03:41:03 GMT (251kb,D)
[v2] Tue, 6 Feb 2024 03:14:09 GMT (267kb,D)
Link back to: arXiv, form interface, contact.