Our findings reveal that even small collectives (controlling less than 0.01% of the training data) can achieve up to

MF mechanism consistently performs at least as well as the best prior methods.

Earlier research highlighted DMs' vulnerability todatapoisoning attacks, butthese studies placed stricter requirements than conventional methods like'BadNets' inimage classification.

Our tight mechanism-specific bounds outperform tight mechanism-agnostic bounds and classic group privacy results.

A fundamental result in differential privacy states that the privacy guarantees of a mechanism are preserved by any post-processing of its output. In this paper we investigate under what conditions stochastic post-processing can amplify the privacy of a mechanism. By interpreting post-processing as the application of a Markov operator, we first give a series of amplification results in terms of uniform mixing properties of the Markov process defined by said operator. Next we provide amplification bounds in terms of coupling arguments which can be applied in cases where uniform mixing is not available. Finally, we introduce a new family of mechanisms based on diffusion processes which are closed under post-processing, and analyze their privacy via a novel heat flow argument. On the applied side, we generalize the analysis of "privacy amplification by iteration" in Noisy SGD and show it admits an exponential improvement in the strongly convex case, and study a mechanism based on the Ornstein-Uhlenbeck diffusion process which contains the Gaussian mechanism with optimal post-processing on bounded inputs as a special case.

Even moderate volume settings led to blunt, distorted, and often painful amplification. App is clunky at best. "Delight" is a bold choice of name for any type of tech product, but it's especially ambitious in the world of hearing aids, where "begrudgingly tolerate" is the highest praise typically offered. Undaunted, Elehear's latest over-the-counter release aims to raise the bar on user satisfaction, featuring a major design change and leveraging a new AI algorithm (naturally) to improve noise reduction and reduce feedback. Designed as in-the-ear devices with discretion in mind, the Delight cuts a much different profile than the more traditional, behind-the-ear Beyond Pro and Beyond hearing aids. The big question: Can they perform as well as BTE offerings?

Differential privacy comes equipped with multiple analytical tools for the design of private data analyses. One important tool is the so-called "privacy amplification by subsampling" principle, which ensures that a differentially private mechanism run on a random subsample of a population provides higher privacy guarantees than when run on the entire population. Several instances of this principle have been studied for different random subsampling methods, each with an ad-hoc analysis. In this paper we present a general method that recovers and improves prior analyses, yields lower bounds and derives new instances of privacy amplification by subsampling. Our method leverages a characterization of differential privacy as a divergence which emerged in the program verification community. Furthermore, it introduces new tools, including advanced joint convexity and privacy profiles, which might be of independent interest.

Trusted execution environments (TEEs) canbeused to protect the content of the data during query computation, while supporting differential-private (DP) queries in TEEs provides record privacy when query output isrevealed.

Collaborative inference leverages diverse features provided by different agents (e.g.,sensors)formoreaccurateinference. Acommonsetupiswhereeachagent sends its embedded features instead of the raw data to the Fusion Center (FC) for joint prediction. In this setting, we consider inference phase attacks when asmall fraction of agents is compromised.