Xi'an's Og

robust privacy

Posted in Books, Statistics, University life with tags #ERCSyG, Annals of Statistics, consistency, differential privacy, gradient descent, JASA, M-estimation, Newton-Raphson algorithm, Ocean, privacy, robustness, score function, stochastic gradient descent on May 14, 2024 by xi'an

During a recent working session, some Oceanerc (incl. me) went reading Privacy-Preserving Parametric Inference: A Case for Robust Statistics by Marco Avella-Medina (JASA, 2022), where robust criteria are advanced as efficient statistical tools in private settings. In this paper, robustness means using M-estimators T—as function of the empirical cdf—with basis score functions Ψ, defined as

$\sum_{i=1}^n\Psi(x_i,T(\hat F_n))=0,$

where Ψ is bounded. A construction further requiring that one can assess the sensitivity (in Dwork et al, 2006, sense) of a queried function, sensitivity itself linked with a measure of differential privacy. Because standard robustness approaches à la Huber allow for a portion of the sample to issue from an outlying (arbitrary) distribution, as in ε-contaminations, it makes perfect sense that robustness emerges within the differential framework. However, this common sense perception does not seem good enough for achieving differential privacy and the paper introduces a further randomization with noise scaled by (n,ε,δ) in the following way

$T(\hat F_n)+\gamma(T,\hat F_n)5\sqrt{2\log(n)\log(2/\delta)/\epsilon_n}Z$

that also applies to test statistics. This scaling seems to constitute the central result of the paper, which establishes asymptotically validity in the sense of statistical consistency (with the sample size n). But I am left wondering whether this outcome counts as supporting differential privacy as a sensible notion…

“…our proofs for the convergence of noisy gradient descent and noisy Newton’s method rely on showing that with high probability, the noise introduced to the gradients and Hessians has a negligible effect on the convergence of the iterates (up to the order of the statistical error of the non-noisy versions of the algorithms).” Avella-Medina, Bradshaw, & Loh

As a sequel I then read a more recent publication of Avella-Medina, Differentially private inference via noisy optimization, written with Casey Bradshaw & Po-Ling Loh, which appeared in the Annals of Statistics (2023). Again considering privatised estimation and inference for M-estimators, obtained by using noisy optimization procedures (noisy gradient descent, noisy Newton’s method) and constructing noisy confidence regions, that output differentially private avatars of standard M-estimators. Here the noisification goes through a randomisation of the gradient step like

$\theta^{(k+1)}=\theta^{(k)}-\frac{\eta}{n}\sum_i\Psi(x_i,\theta^{(k)})+\frac{\eta B\sqrt K}{n}Z_k$

where B is an upper bound on the gradient Ψ, η is a discretization step, and K is the total number of iterations (thus fixed in advance). The above stochastic gradient sequence converges with high probability to the actual M-estimator in n and not in K, since the upper bound on the distance scales in √K/n. Where does the attached privacy guarantee come from? It proceeds by an argument of a composition of a sequence of differentially private outputs, all based on the same dataset.

“…the larger the number [K] of data (gradient) queries of the algorithm, the more prone it will be to privacy leakage.”

The Newton method version is a variation on the above stochastic gradient descent. Except it seems to converge faster, as illustrated above.

Leave a comment »

Privacy-preserving Computing [book review]

Posted in Books, Statistics with tags AI, big data, book review, Cambridge University Press, CHANCE, cryptography, cup, data encryption, differential privacy, distributed computing, federated learning, machine learning, neural network, privacy, wikipedia on May 13, 2024 by xi'an

Privacy-preserving Computing for Big Data Analytics and AI, by Kai Chen and Qiang Yang, is a rather short 2024 CUP book translated from the 2022 Chinese version (by the authors). It covers secret sharing, homomorphic encryption, oblivious transfer, garbled circuit, differential privacy, trusted execution environment, federated learning, privacy-preserving computing platforms, and case studies. The style is survey-like, meaning it often is too light for my liking, with too many lists of versions and extensions, and more importantly lacking in detail to rely (solely) on it for a course. At several times standing closer to a Wikipedia level introduction to a topic. For instance, the chapter on homomorphic encryption [Chap.5] does not connect with the (presumably narrow) picture I have of this method. And the chapter on differential privacy [Chap.6] does not get much further than Laplace and Gaussian randomization, as in eg the stochastic gradient perturbation of Abadi et al. (2016) the privacy requirement is hardly discussed. The chapter on federated leaning [Chap.8] is longer if not much more detailed, being based on a entire book on Federated learning whose Qiang Yang is the primary author. (With all figures in that chapter being reproduced from said book.) The next chapter [Chap.9] describes to some extent several computing platforms that can be used for privacy purposes, such as FATE, CryptDB, MesaTEE, Conclave, and PrivPy, while the final one goes through case studies from different areas, but without enough depth to be truly formative for neophyte readers and students. Overall, too light for my liking.

[Disclaimer about potential self-plagiarism: this post or an edited version will eventually appear in my Books Review section in CHANCE.]

Leave a comment »

off to Edinburgh [and SMC 2024]

Posted in Books, Mountains, pictures, Statistics, Travel, University life with tags Scotland, Edinburgh, ICMS, University of Edinburgh, Arthur's Seat, Bayes Centre, weather forecasting, SMC 2024 on May 12, 2024 by xi'an

Today I am off to Edinburgh for the SMC 2024 workshop run by the ICMS. Looking forward meeting with long time friends and new ones, and learning about novel directions in the field. And returning to Edinburgh I last visited in 2019 for the opening of the Bayes Centre. Hoping to enjoy the nearby Arthur’s Seat volcano and maybe farther away Munroes, depending on the program, train schedules, and…weather forecasts!

Leave a comment »

maths as catchy background [and no further future for humanity]

Posted in Books, pictures, University life with tags AI, artificial intelligence, book reviews, dystopia, mathematical formula, neural networks and learning machines, Nick Bostrom, Philosophy of Science, poor maths, superintelligence, The Guardian, University of Oxford on May 11, 2024 by xi'an

Leave a comment »

Aubrac solitaire [jatp]

Posted in Mountains, Running, Travel, pictures with tags Aubrac, Auvergne, Betteridge's law of headlines, jatp, landscape, moor, Parc Naturel Regional de l'Aubrac, plateau, Refuge des Rajas, Signal de Mailhebiau, winter light on May 10, 2024 by xi'an

Leave a comment »

	xi'an on new arXiv rendering
	David Firth on new arXiv rendering
	Coin Flipping Conund… on joint fiddlin
	Art Owen on Jerome Spanier (1930-2024)
	xi'an on the flawed genius of William P…

Xi'an's Og

robust privacy

Privacy-preserving Computing [book review]

off to Edinburgh [and SMC 2024]

maths as catchy background [and no further future for humanity]

Aubrac solitaire [jatp]

blogs & links

Recent entries

Latest comments

Og\’s RSS

Xi'an's Og

robust privacy

Share:

Privacy-preserving Computing [book review]

Share:

off to Edinburgh [and SMC 2024]

Share:

maths as catchy background [and no further future for humanity]

Share:

Aubrac solitaire [jatp]

Share:

blogs & links

Recent entries

Latest comments

Og\’s RSS