pith. sign in

arxiv: 2603.15842 · v2 · pith:EFACMIXKnew · submitted 2026-03-16 · 💻 cs.LG · cs.AI· cs.IT· math.IT

Informationally Compressive Anonymization: Non-Degrading Sensitive Input Protection for Privacy-Preserving Supervised Machine Learning

Jeremy J Samuelson This is my paper

Pith reviewed 2026-05-21 10:17 UTC · model grok-4.3

classification 💻 cs.LG cs.AIcs.ITmath.IT
keywords informationally compressive anonymizationprivacy-preserving machine learningnon-invertible encodingssupervised encodertopological privacyconditional entropysensitive data protectionVEIL architecture
0
0 comments X

The pith

A supervised multi-objective encoder maps sensitive data to low-dimensional vectors that cannot be inverted back to the originals while retaining full predictive utility.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper introduces Informationally Compressive Anonymization to let organizations run supervised machine learning on sensitive inputs without exposing the raw data. Inside a trusted environment, a multi-objective encoder compresses inputs into compact task-aligned representations that are then exported for training and inference. Topological and information-theoretic arguments are offered to show that these representations are structurally non-invertible, so that reconstruction is logically impossible under ideal attacker knowledge and becomes probability zero in practice because conditional entropy diverges. This would eliminate the accuracy penalties of noise injection and the overhead of encryption while still satisfying privacy requirements by design.

Core claim

The encodings produced by the supervised multi-objective encoder are structurally non-invertible. Topological and information-theoretic arguments establish that inversion is logically impossible even under idealized attacker assumptions. In realistic deployments the attacker's conditional entropy over the original data diverges, which drives reconstruction probability to zero. Predictive utility for the downstream task remains undiminished because representation learning is aligned with the supervised objective rather than relying on noise or cryptographic transformation.

What carries the argument

The supervised multi-objective encoder inside the VEIL architecture, which learns low-dimensional latent representations aligned with the prediction task while enforcing topological non-invertibility.

If this is right

  • Supervised models can be trained and run at full accuracy using only the exported vectors, without noise budgets, gradient clipping, or encryption at inference time.
  • Only irreversibly anonymized vectors leave the trusted source environment, enforcing strict separation between trusted and untrusted compute regions.
  • The resulting representations align naturally with privacy-by-design regulatory requirements without additional compliance layers.
  • Protection holds against post-quantum threats because the guarantees rest on architectural and topological properties rather than cryptographic hardness assumptions.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same non-invertibility approach could be explored for unsupervised or self-supervised objectives if suitable multi-objective training can be defined.
  • Centralized training on such anonymized representations might reduce reliance on federated learning for certain privacy-sensitive distributed settings.
  • Multi-region deployment patterns could simplify consistent privacy enforcement across different regulatory jurisdictions.

Load-bearing premise

A supervised multi-objective encoder can be trained to produce low-dimensional representations that simultaneously preserve high predictive utility for the downstream task and satisfy topological non-invertibility sufficient to make reconstruction impossible.

What would settle it

An explicit reconstruction procedure that recovers original inputs from the exported encodings with non-negligible probability, or a direct measurement showing that attacker conditional entropy does not diverge, would falsify the non-invertibility claim.

Figures

Figures reproduced from arXiv: 2603.15842 by Jeremy J Samuelson.

Figure 2
Figure 2. Figure 2: An AutoEncoder yielding an overcomplete repre [PITH_FULL_IMAGE:figures/full_fig_p002_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: The latent representation of an AutoEncoder can [PITH_FULL_IMAGE:figures/full_fig_p002_3.png] view at source ↗
Figure 1
Figure 1. Figure 1: A typical “bottleneck” AutoEncoder, yielding an [PITH_FULL_IMAGE:figures/full_fig_p002_1.png] view at source ↗
Figure 4
Figure 4. Figure 4: 2-D latent representation without the Center loss [PITH_FULL_IMAGE:figures/full_fig_p004_4.png] view at source ↗
Figure 6
Figure 6. Figure 6: Multi-Level, Multi-Objective SCRAE architecture [PITH_FULL_IMAGE:figures/full_fig_p004_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: Spearman rank correlation, ρ, vs. training epochs [PITH_FULL_IMAGE:figures/full_fig_p007_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: 5-fold CV R2 k-NN vs. training epochs [PITH_FULL_IMAGE:figures/full_fig_p007_8.png] view at source ↗
Figure 10
Figure 10. Figure 10: Observed vs. Predicted Means Another useful training diagnostic that verifies the encoder is behaving as intended involves checking for regressor calibra￾tion in the downstream model trained on the encoding. A calibrated regressor should have the property that, for any predicted value, ˆy, the average true target value among all cases with predictions near ˆy is approximately ˆy. More com￾pactly, the diag… view at source ↗
Figure 11
Figure 11. Figure 11: Illustration of the Source Environment Encodings are transmitted from the trusted environment to the cloud using mutually authenticated channels (TLS 1.3 or better), customer-controlled API keys or IAM roles, op￾tional VPN or private link peering, or transport-level integrity checks. While no sensitive or identifiable information is ever transmitted, these additional measures are required to pre￾vent othe… view at source ↗
Figure 13
Figure 13. Figure 13: Illustration of the Application/Inference Environ [PITH_FULL_IMAGE:figures/full_fig_p010_13.png] view at source ↗
Figure 14
Figure 14. Figure 14: Illustration of duplicated ML pipelines in [PITH_FULL_IMAGE:figures/full_fig_p010_14.png] view at source ↗
Figure 15
Figure 15. Figure 15: Illustration of a simplified, multi-regional ML de [PITH_FULL_IMAGE:figures/full_fig_p011_15.png] view at source ↗
read the original abstract

Modern machine learning systems increasingly rely on sensitive data, creating significant privacy, security, and regulatory risks that existing privacy-preserving machine learning (ppML) techniques, such as Differential Privacy (DP) and Homomorphic Encryption (HE), address only at the cost of degraded performance, increased complexity, or prohibitive computational overhead. This paper introduces Informationally Compressive Anonymization (ICA) and the VEIL architecture, a privacy-preserving ML framework that achieves strong privacy guarantees through architectural and mathematical design rather than noise injection or cryptography. ICA embeds a supervised, multi-objective encoder within a trusted Source Environment to transform raw inputs into low-dimensional, task-aligned latent representations, ensuring that only irreversibly anonymized vectors are exported to untrusted training and inference environments. The paper rigorously proves that these encodings are structurally non-invertible using topological and information-theoretic arguments, showing that inversion is logically impossible, even under idealized attacker assumptions, and that, in realistic deployments, the attacker conditional entropy over the original data diverges, driving reconstruction probability to zero. Unlike prior autoencoder-based ppML approaches, ICA preserves predictive utility by aligning representation learning with downstream supervised objectives, enabling low-latency, high-performance ML without gradient clipping, noise budgets, or encryption at inference time. The VEIL architecture enforces strict trust boundaries, supports scalable multi-region deployment, and naturally aligns with privacy-by-design regulatory frameworks, establishing a new foundation for enterprise ML that is secure, performant, and safe by construction, even in the face of post-quantum threats.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 2 minor

Summary. The manuscript introduces Informationally Compressive Anonymization (ICA) and the VEIL architecture, which embed a supervised multi-objective encoder in a trusted source environment to map raw inputs to low-dimensional, task-aligned latent representations. These representations are exported to untrusted environments; the paper claims to prove via topological and information-theoretic arguments that the encodings are structurally non-invertible (inversion is logically impossible even for idealized attackers) and that attacker conditional entropy over the original data diverges, driving reconstruction probability to zero, all while preserving downstream predictive utility without noise, clipping, or encryption.

Significance. If the central claims hold, the approach would offer a performance-preserving, architecture-level alternative to differential privacy and homomorphic encryption for supervised ML, with built-in alignment to privacy-by-design regulations and potential post-quantum resilience.

major comments (3)
  1. [Abstract / central claims] Abstract and central claims section: the assertion that encodings are 'structurally non-invertible' and that 'inversion is logically impossible' is presented as following directly from the ICA encoder definition and training; this risks circularity because no independent external benchmark, falsifiable prediction, or comparison against reconstruction attacks is supplied to show the property is not true by construction.
  2. [Training objective / VEIL architecture] Training objective description: the claim that a single gradient-based multi-objective encoder can simultaneously achieve high downstream utility (via supervised loss) and topological non-invertibility sufficient to make reconstruction impossible is load-bearing, yet no analysis, convergence argument, or ablation is given demonstrating that the two objectives are compatible rather than antagonistic.
  3. [Proofs / information-theoretic arguments] Proof strategy: the abstract states that 'rigorous proofs' of logical impossibility and diverging conditional entropy are provided using topological and information-theoretic arguments, but the manuscript supplies no lemmas, theorems, equations, or experimental validation of these arguments, preventing evaluation of whether the dimension reduction actually forces the claimed entropy divergence while retaining label mutual information.
minor comments (2)
  1. [Notation / methods] Clarify notation for the multi-objective loss function and how the topological regularizer is formulated relative to the supervised term.
  2. [Related work] Add explicit comparison table or discussion distinguishing ICA from prior autoencoder-based privacy-preserving ML methods mentioned in the abstract.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for their constructive and detailed review of our manuscript on Informationally Compressive Anonymization (ICA) and the VEIL architecture. We address each major comment below and will revise the manuscript accordingly to improve clarity and substantiation of the theoretical claims.

read point-by-point responses

  1. Referee: [Abstract / central claims] Abstract and central claims section: the assertion that encodings are 'structurally non-invertible' and that 'inversion is logically impossible' is presented as following directly from the ICA encoder definition and training; this risks circularity because no independent external benchmark, falsifiable prediction, or comparison against reconstruction attacks is supplied to show the property is not true by construction.

    Authors: The non-invertibility claim is grounded in the topological property that a continuous encoder from a higher-dimensional input space to a strictly lower-dimensional latent space cannot be injective (by the invariance of dimension theorem), independent of the specific training dynamics. We agree that explicit validation strengthens the argument. In the revision we will add a dedicated subsection containing a formal topological statement, a falsifiable prediction on reconstruction error bounds, and direct comparisons against standard reconstruction attacks to demonstrate the property holds beyond the training procedure itself. revision: yes

  2. Referee: [Training objective / VEIL architecture] Training objective description: the claim that a single gradient-based multi-objective encoder can simultaneously achieve high downstream utility (via supervised loss) and topological non-invertibility sufficient to make reconstruction impossible is load-bearing, yet no analysis, convergence argument, or ablation is given demonstrating that the two objectives are compatible rather than antagonistic.

    Authors: The multi-objective loss is constructed so that the supervised term preserves mutual information with the target labels while the compressive term enforces dimension reduction that reduces input mutual information. We acknowledge the absence of explicit compatibility analysis in the current draft. The revised manuscript will include a convergence argument based on the smoothness of the combined loss and an ablation study that varies the weighting between the supervised and compressive terms, showing that predictive utility can be maintained while reconstruction probability is driven toward zero. revision: yes

  3. Referee: [Proofs / information-theoretic arguments] Proof strategy: the abstract states that 'rigorous proofs' of logical impossibility and diverging conditional entropy are provided using topological and information-theoretic arguments, but the manuscript supplies no lemmas, theorems, equations, or experimental validation of these arguments, preventing evaluation of whether the dimension reduction actually forces the claimed entropy divergence while retaining label mutual information.

    Authors: We recognize that the theoretical arguments would benefit from more explicit and self-contained presentation. The topological component establishes non-injectivity via dimension reduction, while the information-theoretic component shows divergence of conditional entropy H(X|Z) as latent dimension falls below a threshold determined by the data manifold, with label mutual information I(Z;Y) preserved by the supervised objective. In the revision we will insert explicit lemmas, a main theorem with proof, the supporting equations, and experimental validation of the entropy bounds to enable direct evaluation. revision: yes

Circularity Check

1 steps flagged

Non-invertibility guarantee reduces to ICA encoder construction by definition

specific steps
  1. self definitional [Abstract]
    "ICA embeds a supervised, multi-objective encoder within a trusted Source Environment to transform raw inputs into low-dimensional, task-aligned latent representations, ensuring that only irreversibly anonymized vectors are exported to untrusted training and inference environments. The paper rigorously proves that these encodings are structurally non-invertible using topological and information-theoretic arguments, showing that inversion is logically impossible, even under idealized attacker assumptions, and that, in realistic deployments, the attacker conditional entropy over the original data"

    The non-invertibility is presented as a direct consequence of embedding the encoder to produce irreversibly anonymized vectors; the topological/information-theoretic proof is therefore equivalent to the definitional choice of the multi-objective training objective rather than an independent derivation from external premises.

full rationale

The paper's core derivation asserts that the VEIL/ICA encoder produces structurally non-invertible encodings via its supervised multi-objective training and topological arguments. This property is introduced as following directly from the encoder's design goal of creating irreversibly anonymized vectors, with the proof strategy relying on the same architectural choices that define the model. No independent external benchmark or falsifiable prediction outside the training objective is exhibited in the provided text, causing the claimed logical impossibility of inversion to reduce to the input assumptions about the encoder.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 2 invented entities

Review limited to abstract; the central claims rest on unstated assumptions about simultaneous utility and non-invertibility that are not broken down into explicit free parameters or background axioms.

axioms (1)
  • domain assumption A supervised multi-objective encoder can be trained to produce low-dimensional representations that are both task-aligned for high utility and topologically non-invertible for privacy.
    Invoked to guarantee no performance degradation while achieving structural non-invertibility.
invented entities (2)
  • Informationally Compressive Anonymization (ICA) no independent evidence
    purpose: Transform raw sensitive inputs into non-invertible yet task-useful latent vectors.
    Newly introduced framework whose properties are asserted in the abstract.
  • VEIL architecture no independent evidence
    purpose: Enforce strict trust boundaries and support scalable deployment of ICA.
    New architectural proposal introduced to operationalize the ICA method.

pith-pipeline@v0.9.0 · 5811 in / 1431 out tokens · 69587 ms · 2026-05-21T10:17:31.026162+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

58 extracted references · 58 canonical work pages · 6 internal anchors

  1. [1]

    Membership inference attacks against machine learning models,

    Reza Shokri et al. “Membership Inference Attacks Against Machine Learning Models”. In:2017 IEEE Symposium on Security and Privacy (SP). 2017, pp. 3–18.doi:10.1109/SP.2017.41

    work page doi:10.1109/sp.2017.41 2017

  2. [2]

    Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures

    Matt Fredrikson, Somesh Jha, and Thomas Ristenpart. “Model Inversion Attacks That Exploit Confidence Information and Basic Countermeasures”. In:Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communica- tions Security. CCS ’15. Denver, Colorado, USA: Association for Computing Machinery, 2015, pp. 1322–1333.isbn: 9781450338325.doi:10.1145/281...

    work page doi:10.1145/2810103.2813677.url:https://doi.org/10.1145/2810103.2813677 2015

  3. [3]

    A Survey of Privacy Attacks in Machine Learning

    Maria Rigaki and Sebastian Garcia. “A Survey of Privacy Attacks in Machine Learning”. In:ACM Comput. Surv.56.4 (Nov. 2023).issn: 0360-0300.doi:10.1145/3624010.url:https://doi.org/10.1145/3624010

    work page doi:10.1145/3624010.url:https://doi.org/10.1145/3624010 2023

  4. [4]

    Florian Tram` er et al.Stealing Machine Learning Models via Prediction APIs. 2016. arXiv:1609.02943 [cs.CR].url: https://arxiv.org/abs/1609.02943

    work page internal anchor Pith review Pith/arXiv arXiv 2016

  5. [5]

    Sheng Liu et al.Data Reconstruction Attacks and Defenses: A Systematic Evaluation. 2025. arXiv:2402.09478 [cs.CR]. url:https://arxiv.org/abs/2402.09478

    work page arXiv 2025

  6. [6]

    Abusing MLOps Platforms to Compromise ML Models and Enterprise Data Lakes

    IBM X-Force Threat Intelligence. “Abusing MLOps Platforms to Compromise ML Models and Enterprise Data Lakes”. In: (July 2024). IBM X-Force Research Blog.url:https : / / www . ibm . com / think / x - force / abusing - mlops - platforms-to-compromise-ml-models-enterprise-data-lakes

    work page 2024

  7. [7]

    Master’s Thesis

    Andrea Siposova.Data Exfiltration Attacks and Defenses in Neural Networks. Master’s Thesis. Thesis submitted to the Faculty of Informatics, TU Wien. Vienna, Austria: Technische Universit¨ at Wien, 2023.url:https://repositum. tuwien.at/bitstream/20.500.12708/187491/1/Siposova%20Andrea%20-%202023%20-%20Data%20Exfiltration% 20Attacks%20and%20Defenses%20in%20...

    work page 2023

  8. [8]

    A Comprehensive Survey of Privacy-Preserving Federated Learning: A Taxonomy, Review, and Future Directions

    Xuefei Yin, Yanming Zhu, and Jiankun Hu. “A Comprehensive Survey of Privacy-Preserving Federated Learning: A Taxonomy, Review, and Future Directions”. In:ACM Comput. Surv.54.6 (2022).issn: 0360-0300.doi:10 . 1145 / 3460427.url:https://doi.org/10.1145/3460427

    work page doi:10.1145/3460427 2022

  9. [9]

    A Hybrid Approach to Privacy-Preserving Federated Learning

    Stacey Truex et al. “A Hybrid Approach to Privacy-Preserving Federated Learning”. In:CoRRabs/1812.03224 (2018). arXiv:1812.03224.url:http://arxiv.org/abs/1812.03224

    work page arXiv 2018

  10. [10]

    A Survey of Machine and Deep Learning Methods for Privacy Protection in the Internet of Things

    Eva Rodr´ ıguez, Beatriz Otero, and Ramon Canal. “A Survey of Machine and Deep Learning Methods for Privacy Protection in the Internet of Things”. In:Sensors23.3 (2023).issn: 1424-8220.doi:10 . 3390 / s23031252.url: https://www.mdpi.com/1424-8220/23/3/1252

    work page 2023

  11. [11]

    Privacy- preserving machine learning with fully homomorphic encryption for deep neural network.IEEE Access, 10:30039–30054, 2022

    Joon-Woo Lee et al. “Privacy-Preserving Machine Learning With Fully Homomorphic Encryption for Deep Neural Networks”. In:IEEE Access10 (2022), pp. 30039–30054.doi:10.1109/ACCESS.2022.3159694

    work page doi:10.1109/access.2022.3159694 2022

  12. [12]

    The MIT Press, 2016, pp

    Ian Goodfellow, Yoshua Bengio, and Aaron Courville.Deep Learning. The MIT Press, 2016, pp. 4, 345, 493.isbn: 9780262035613

    work page 2016

  13. [13]

    Vigas Sagar and Krishan Kumar.Autoencoder Artificial Neural Network Public Key Cryptography in Unsecure Public Channel Communication. Sept. 2019.doi:10.35940/ijitee.K1456.0981119

    work page doi:10.35940/ijitee.k1456.0981119 2019

  14. [14]

    Ana Mar´ ıa Quintero-Ossa et al.Privacy-Preserving Machine Learning for Collaborative Data Sharing via Auto-encoder Latent Space Embeddings. 2022. arXiv:2211.05717 [cs.LG]

    work page arXiv 2022

  15. [15]

    Naftali Tishby and Noga Zaslavsky.Deep Learning and the Information Bottleneck Principle. 2015. arXiv:1503.02406 [cs.LG].url:https://arxiv.org/abs/1503.02406

    work page internal anchor Pith review Pith/arXiv arXiv 2015

  16. [16]

    Sofiane Ouaari et al.Robust Representation Learning for Privacy-Preserving Machine Learning: A Multi-Objective Autoencoder Approach. 2023. arXiv:2309.04427 [cs.LG]

    work page arXiv 2023

  17. [17]

    Bishop.Pattern Recognition and Machine Learning

    Christopher M. Bishop.Pattern Recognition and Machine Learning. Springer, 2009, p. 592.isbn: 9780387310732

    work page 2009

  18. [18]

    Murphy.Probabilistic Machine Learning, An Introduction

    Kevin P. Murphy.Probabilistic Machine Learning, An Introduction. The MIT Press, 2022, p. 674.isbn: 9780262046824

    work page 2022

  19. [19]

    Neural Networks and Principal Component Analysis: Learning from Examples without Local Minima

    Pierre Baldi and Kurt Hornik. “Neural Networks and Principal Component Analysis: Learning from Examples without Local Minima”. In:Neural Networks2.1 (1989), pp. 53–58.issn: 0893-6080.doi:https://doi.org/10.1016/0893- 6080(89)90014-2.url:https://www.sciencedirect.com/science/article/pii/0893608089900142

    work page doi:10.1016/0893- 1989

  20. [20]

    Hornik, M

    Juha Karhunen and Jyrki Joutsensalo. “Generalizations of Principal Component Analysis, Optimization Problems, and Neural Networks”. In:Neural Networks8.4 (1995), pp. 549–562.issn: 0893-6080.doi:https://doi.org/10.1016/ 0893-6080(94)00098-7.url:https://www.sciencedirect.com/science/article/pii/0893608094000987

    work page arXiv 1995

  21. [21]

    Jolliffe.Principal Component Analysis, Second Edition

    I.T. Jolliffe.Principal Component Analysis, Second Edition. Springer, 2002, pp. 20, 21, 34–37, 61, 140–141, 393, 399. isbn: 9780387954424

    work page 2002

  22. [22]

    Nonlinear Autoassociation Is Not Equivalent to PCA

    Nathalie Japkowicz, Stephen Jos´ e Hanson, and Mark A. Gluck. “Nonlinear Autoassociation Is Not Equivalent to PCA”. In:Neural Computation12.3 (Mar. 2000), pp. 531–545.issn: 0899-7667.doi:10.1162/089976600300015691. eprint:https://direct.mit.edu/neco/article- pdf/12/3/531/814389/089976600300015691.pdf.url:https: //doi.org/10.1162/089976600300015691. 23

    work page doi:10.1162/089976600300015691 2000

  23. [23]

    Murphy.Probabilistic Machine Learning, Advanced Topics

    Kevin P. Murphy.Probabilistic Machine Learning, Advanced Topics. The MIT Press, 2023, pp. 634, 1038.isbn: 9780262048439

    work page 2023

  24. [24]

    A Study on the Clusterability of Latent Representations in Image Pipelines

    Adrian Wheeldon and Alexander Serb. “A Study on the Clusterability of Latent Representations in Image Pipelines”. In:Frontiers in Neuroinformatics17 (2023).issn: 1662-5196.doi:10 . 3389 / fninf . 2023 . 1074653.url:https : //www.frontiersin.org/articles/10.3389/fninf.2023.1074653

    work page doi:10.3389/fninf.2023.1074653 2023

  25. [25]

    Multi-level convolutional autoencoder networks for parametric prediction of spatio-temporal dynamics

    Jiayang Xu and Karthik Duraisamy. “Multi-level convolutional autoencoder networks for parametric prediction of spatio-temporal dynamics”. In:Computer Methods in Applied Mechanics and Engineering372 (Dec. 2020), p. 113379. issn: 0045-7825.doi:10.1016/j.cma.2020.113379.url:http://dx.doi.org/10.1016/j.cma.2020.113379

    work page doi:10.1016/j.cma.2020.113379.url:http://dx.doi.org/10.1016/j.cma.2020.113379 2020

  26. [26]

    A Discriminative Feature Learning Approach for Deep Face Recognition

    Yandong Wen et al. “A Discriminative Feature Learning Approach for Deep Face Recognition”. In:Computer Vision – ECCV 2016. Ed. by Bastian Leibe et al. Cham: Springer International Publishing, 2016, pp. 499–515.isbn: 978-3- 319-46478-7

    work page 2016

  27. [27]

    Discriminative and Geometry-Preserving Adaptive Graph Embedding for dimensionality reduc- tion

    Jianping Gou et al. “Discriminative and Geometry-Preserving Adaptive Graph Embedding for dimensionality reduc- tion”. In:Neural Networks157 (2023), pp. 364–376.issn: 0893-6080.doi:https://doi.org/10.1016/j.neunet. 2022.10.024.url:https://www.sciencedirect.com/science/article/pii/S0893608022004208

    work page doi:10.1016/j.neunet 2023

  28. [28]

    Asymptotic Behavior of Expected Sample Size in Certain One Sided Tests,

    Peter J. Huber. “Robust Estimation of a Location Parameter”. In:The Annals of Mathematical Statistics35.1 (1964), pp. 73–101.doi:10.1214/aoms/1177703732.url:https://doi.org/10.1214/aoms/1177703732

    work page doi:10.1214/aoms/1177703732.url:https://doi.org/10.1214/aoms/1177703732 1964

  29. [29]

    Meyer.An Alternative Probabilistic Interpretation of the Huber Loss

    Gregory P. Meyer.An Alternative Probabilistic Interpretation of the Huber Loss. 2020. arXiv:1911.02088 [stat.ML]. url:https://arxiv.org/abs/1911.02088

    work page arXiv 2020

  30. [30]

    Kaixiong Zhou et al.Dirichlet Energy Constrained Learning for Deep Graph Neural Networks. 2021. arXiv:2107.02392 [cs.LG].url:https://arxiv.org/abs/2107.02392

    work page arXiv 2021

  31. [31]

    Choi.Geometric Machine Learning on EEG Signals

    Benjamin J. Choi.Geometric Machine Learning on EEG Signals. 2025. arXiv:2502 . 05334 [cs.LG].url:https : //arxiv.org/abs/2502.05334

    work page arXiv 2025

  32. [32]

    Aaron van den Oord, Yazhe Li, and Oriol Vinyals.Representation Learning with Contrastive Predictive Coding. 2019. arXiv:1807.03748 [cs.LG].url:https://arxiv.org/abs/1807.03748

    work page internal anchor Pith review Pith/arXiv arXiv 2019

  33. [33]

    Ahsan Ayub and Subhabrata Majumdar.Embedding-based classifiers can detect prompt injection attacks

    Md. Ahsan Ayub and Subhabrata Majumdar.Embedding-based classifiers can detect prompt injection attacks. 2024. arXiv:2410.22284 [cs.CR].url:https://arxiv.org/abs/2410.22284

    work page arXiv 2024

  34. [34]

    Hanxi Guo et al.Poisoning with A Pill: Circumventing Detection in Federated Learning. 2024. arXiv:2407 . 15389 [cs.LG].url:https://arxiv.org/abs/2407.15389

    work page internal anchor Pith review Pith/arXiv arXiv 2024

  35. [35]

    Ligeng Zhu, Zhijian Liu, and Song Han.Deep Leakage from Gradients. 2019. arXiv:1906.08935 [cs.LG].url:https: //arxiv.org/abs/1906.08935

    work page arXiv 2019

  36. [36]

    Developing more generalizable prediction models from pooled studies and large clustered data sets

    Valentijn M. T. de Jong et al. “Developing more generalizable prediction models from pooled studies and large clustered data sets”. In:Statistics in Medicine40.15 (2021), pp. 3533–3559.doi:https://doi.org/10.1002/sim.8981. eprint: https://onlinelibrary.wiley.com/doi/pdf/10.1002/sim.8981.url:https://onlinelibrary.wiley.com/doi/ abs/10.1002/sim.8981

    work page doi:10.1002/sim.8981 2021

  37. [37]

    Yamagishi, N

    Michiel Schinkel et al. “Embracing cohort heterogeneity in clinical machine learning development: a step toward gen- eralizable models”. In:Scientific Reports13.1 (2023), p. 8363.doi:10.1038/s41598- 023- 35557- y.url:https: //doi.org/10.1038/s41598-023-35557-y

    work page doi:10.1038/s41598- 2023

  38. [38]

    Brown and Sharon E

    Katherine E Brown and Sharon E Davis. “Gaps in artificial intelligence research for rural health in the United States: a scoping review”. In:Journal of the American Medical Informatics Association33.2 (Nov. 2025), pp. 509–520.issn: 1527-974X.doi:10.1093/jamia/ocaf206. eprint:https://academic.oup.com/jamia/article- pdf/33/2/509/ 65492860/ocaf206.pdf.url:ht...

    work page doi:10.1093/jamia/ocaf206 2025

  39. [39]

    Hospital Artificial Intelligence/Machine Learning Adoption by Neighborhood Depri- vation

    Jie Chen and Alice Shijia Yan. “Hospital Artificial Intelligence/Machine Learning Adoption by Neighborhood Depri- vation”. In:Medical Care63.3 (2025), pp. 227–233.doi:10.1097/MLR.0000000000002110.url:https://doi.org/ 10.1097/MLR.0000000000002110

    work page doi:10.1097/mlr.0000000000002110.url:https://doi.org/ 2025

  40. [40]

    Bredon.Topology and Geometry

    Glen E. Bredon.Topology and Geometry. Vol. 139. Graduate Texts in Mathematics. New York: Springer, 1993.isbn: 9780387979269.doi:10.1007/978-1-4757-6843-5

    work page doi:10.1007/978-1-4757-6843-5 1993

  41. [41]

    Siwoo Park.Investigating the Invertibility of Multimodal Latent Spaces: Limitations of Optimization-Based Methods

    work page

  42. [42]

    arXiv:2507.23010 [cs.LG].url:https://arxiv.org/abs/2507.23010

    work page arXiv

  43. [43]

    Cambridge University Press, 2008.isbn: 9780521727884

    David Applebaum.Probability and Information, Second Edition. Cambridge University Press, 2008.isbn: 9780521727884

    work page 2008

  44. [44]

    Reza.An Introductio to Information Theory

    Fazlollah M. Reza.An Introductio to Information Theory. Dover Publications, 2016.isbn: 9780486682105

    work page 2016

  45. [45]

    Khinchin.Mathematical Foundations of Information Theory

    A.I. Khinchin.Mathematical Foundations of Information Theory. Dover Publications, 1957.isbn: 9780486604343

    work page 1957

  46. [46]

    Jonathan Scarlett and Volkan Cevher.An Introductory Guide to Fano’s Inequality with Applications in Statistical Estimation. 2019. arXiv:1901.00555 [cs.IT].url:https://arxiv.org/abs/1901.00555. 24

    work page arXiv 2019

  47. [47]

    Sebastien Gerchinovitz, Pierre M´ enard, and Gilles Stoltz.Fano’s inequality for random variables. 2019. arXiv:1702. 05985 [math.ST].url:https://arxiv.org/abs/1702.05985

    work page internal anchor Pith review Pith/arXiv arXiv 2019

  48. [48]

    Principe.Information Theoretic Learning: Renyi’s Entropy and Kernel Perspectives

    Jose C. Principe.Information Theoretic Learning: Renyi’s Entropy and Kernel Perspectives. Springer, 2010.isbn: 9781441915696.doi:10.1007/978-1-4419-1570-2

    work page doi:10.1007/978-1-4419-1570-2 2010

  49. [49]

    Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures

    Matt Fredrikson, Somesh Jha, and Thomas Ristenpart. “Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures”. In:Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. CCS ’15. Denver, Colorado, USA: Association for Computing Machinery, 2015, pp. 1322–1333.doi:10.1145/ 2810103.2813677.url:http...

    work page doi:10.1145/2810103.2813677 2015

  50. [50]

    Joint Link Prediction and Attribute Inference Using a Social-Attribute Network

    Neil Zhenqiang Gong et al. “Joint Link Prediction and Attribute Inference Using a Social-Attribute Network”. In: ACM Transactions on Intelligent Systems and Technology5.2 (2014), 27:1–27:20.doi:10.1145/2594455.url:https: //doi.org/10.1145/2594455

    work page doi:10.1145/2594455.url:https: 2014

  51. [51]

    Membership Inference Attacks Against Machine Learning Models

    Reza Shokri et al. “Membership Inference Attacks Against Machine Learning Models”. In:2017 IEEE Symposium on Security and Privacy (SP). IEEE, 2017, pp. 3–18.doi:10.1109/SP.2017.41.url:https://doi.org/10.1109/SP. 2017.41

    work page doi:10.1109/sp.2017.41.url:https://doi.org/10.1109/sp 2017

  52. [52]

    Privacy Risk in Machine Learning: Analyzing the Connection to Overfitting

    Samuel Yeom et al. “Privacy Risk in Machine Learning: Analyzing the Connection to Overfitting”. In:2018 IEEE 31st Computer Security Foundations Symposium (CSF). IEEE Computer Society, 2018, pp. 268–282.doi:10.1109/CSF. 2018.00027.url:https://doi.org/10.1109/CSF.2018.00027

    work page doi:10.1109/csf 2018

  53. [53]

    ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models

    Ahmed Salem et al. “ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models”. In:Network and Distributed System Security Symposium (NDSS). Internet Society, 2019.doi: 10.14722/ndss.2019.23119.url:https://doi.org/10.14722/ndss.2019.23119

    work page doi:10.14722/ndss.2019.23119.url:https://doi.org/10.14722/ndss.2019.23119 2019

  54. [54]

    Packt Publishing, 2021.isbn: 9781800204492

    Claudio Stamile, Aldo Marzullo, and Enrico Deusebio.Graph Machine Learning. Packt Publishing, 2021.isbn: 9781800204492

    work page 2021

  55. [55]

    Kolaczyk.Statistical Analysis of Network Data: Methods and Models

    Eric D. Kolaczyk.Statistical Analysis of Network Data: Methods and Models. Springer, 2009.isbn: 9780387881454.doi: 10.1007/978-0-387-88146-1

    work page doi:10.1007/978-0-387-88146-1 2009

  56. [56]

    Morris et al.Text Embeddings Reveal (Almost) As Much As Text

    John X. Morris et al.Text Embeddings Reveal (Almost) As Much As Text. 2023. arXiv:2310.06816 [cs.CL]

    work page arXiv 2023

  57. [57]

    A Unified Approach to Interpreting Model Predictions

    Scott M. Lundberg and Su-In Lee. “A Unified Approach to Interpreting Model Predictions”. In:CoRRabs/1705.07874 (2017). arXiv:1705.07874.url:https://arxiv.org/abs/1705.07874

    work page internal anchor Pith review Pith/arXiv arXiv 2017

  58. [58]

    From Local Explanations to Global Understanding with Explainable AI for Trees

    Scott M. Lundberg et al. “From Local Explanations to Global Understanding with Explainable AI for Trees”. In:Nature Machine Intelligence2.1 (2020), pp. 56–67.doi:10.1038/s42256- 019- 0138- 9.url:https://doi.org/10.1038/ s42256-019-0138-9. 25

    work page doi:10.1038/s42256- 2020