A new framework is introduced for end-to-end provable robustness against backdoor attacks by composing randomized smoothing with differentially private training via privacy profiles.
hub
Opacus: User-friendly differential privacy library in pytorch
21 Pith papers cite this work. Polarity classification is still indexing.
hub tools
citation-role summary
citation-polarity summary
representative citing papers
FML-Bench shows a simple greedy hill-climber nearly matches tree search on dense-opportunity tasks while an adaptive agent that broadens search on stagnation outperforms six baselines across 18 tasks.
PACZero achieves zero mutual information privacy in LLM fine-tuning via sign-quantized subset-aggregated ZO gradients, delivering near non-private accuracy on SST-2 at I=0.
AS-LoRA adaptively chooses which LoRA factor to update per layer and round using a curvature-aware second-order score, eliminating reconstruction error floors and improving performance in DP federated learning.
FiBeR adds a closed-form filter-aware correction A(ω)σ_w² to the second-moment term for temporally filtered DP gradients, improving adaptive optimization performance.
DP-GCL improves differentially private contrastive learning by bounding group-level contributions through batch partitioning and intra-group augmentation, delivering 5.6% higher image classification accuracy and 20.1% higher retrieval accuracy than existing approaches.
DPrivBench is a new benchmark for evaluating LLMs on differential privacy reasoning, with results showing good performance on textbook mechanisms but substantial failures on advanced algorithms.
DPQuant uses epoch-wise probabilistic layer rotation and DP loss sensitivity to quantize only a changing subset of layers, reducing accuracy degradation from quantization noise in DP-SGD and delivering up to 2.21x throughput gains with under 2% accuracy drop.
Identifies output label space as a privacy side-channel in DP continual learning, formalizes DP for CL, and demonstrates two mitigation methods yielding higher accuracy than prior work.
CE-FedGNN enables federated GNN training on coupled distributed graphs via infrequent aggregated representation exchange, moving-average estimation for staleness, and metric-DP, with O(1/sqrt(T)) convergence and O(T^{3/4}) communication.
DP-SGD-RC applies Hutchinson and Hutch++ estimators to approximate per-sample gradient norms for clipping in DP-SGD, claiming competitive privacy noise multipliers and utility on Llama 3.2-1B with reduced memory.
A differentially private fine-tuning method that constructs a quadratic utility function to allow exact sampling from a multivariate normal distribution while providing theoretical privacy guarantees.
A stabilized DP training and offline distillation protocol prevents collapse to single-class predictors in private speech classification under strong privacy while releasing only an audio-only model.
A differentially private pipeline using node-level DP summaries to fit ERGMs or SBMs, generate synthetic networks, and simulate SIS disease spread on ARTNet sexual contact data produces incidence, prevalence, and intervention effect sizes close to non-private versions.
Shuffled DP-SGD requires σ ≥ 1/√(2 ln M) or κ ≥ (1/√8)(1 - 1/√(4π ln M)) to limit adversarial advantage, preventing strong privacy and high utility simultaneously.
FedVideoMAE combines VideoMAE pretraining, LoRA adaptation, client DP-SGD and secure aggregation to cut federated communication 28x while reaching 65-66% accuracy under strong privacy on RWF-2000 with 40 clients.
Add/remove adjacency in DP overstates attribute privacy relative to substitute adjacency; new auditing attacks confirm inconsistency with add/remove reports but consistency with substitute accounting.
CA-ADP adjusts differential privacy noise per mini-batch class composition to improve F-scores by 3.3-8.5% over standard DP on three fall-detection datasets while claiming formal (ε,δ) guarantees.
Post-processing via random selection or linear combination of differentially private models allows meeting arbitrary target privacy parameters without additional training.
Three optimized MPC protocols for privacy-preserving vertical federated learning that support global and global-local updates while reducing computation versus naive full-MPC delegation.
Empirical study of DP transfer learning reveals that larger clipping bounds outperform under tight privacy and cumulative DP noise explains batch-size effects better than existing heuristics.
citing papers explorer
-
FedVideoMAE: Efficient Privacy-Preserving Federated Video Moderation
FedVideoMAE combines VideoMAE pretraining, LoRA adaptation, client DP-SGD and secure aggregation to cut federated communication 28x while reaching 65-66% accuracy under strong privacy on RWF-2000 with 40 clients.