pith. sign in

arxiv: 2605.16812 · v2 · pith:PVEIWKIRnew · submitted 2026-05-16 · 💻 cs.LG · cs.CR

Jacobian-Guided Anisotropic Noise Reshaping for Enhancing Representation Utility under Local Differential Privacy

Youngmok Ha , Viktor Schlegel , Yidan Sun , Anil Anthony Bharath This is my paper

Pith reviewed 2026-05-21 07:51 UTC · model grok-4.3

classification 💻 cs.LG cs.CR
keywords local differential privacyanisotropic noiseJacobian matrixrepresentation utilitynoise reshapingdata utilityprivacy preservationmachine learning
0
0 comments X

The pith

Using the Jacobian of a public downstream model to reshape LDP noise anisotropically improves representation utility while preserving the per-dimension privacy budget.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper tries to establish that conventional local differential privacy adds the same noise in every direction and therefore destroys too much signal for any specific downstream task. Instead the authors use the Jacobian matrix of a known public model to locate the directions that matter most for that task and then reduce the effective noise impact only along those directions. The result is an anisotropic noise distribution that still meets the original local differential privacy guarantee because the privacy budget per coordinate remains uniform. A sympathetic reader would care because many real-world data-collection scenarios could then deliver more accurate models without demanding a larger privacy allowance or more data. The reported experiments on heavily corrupted CIFAR-10 images show roughly 20 percent utility gains for two existing mechanisms at a moderate privacy level.

Core claim

The central discovery is that task-critical subspaces can be identified via the Jacobian matrix of the public downstream model, noise can be selectively attenuated along those dimensions, and the resulting anisotropic distribution can replace the isotropic noise of standard LDP while the uniform per-dimension privacy budget is left unchanged, thereby substantially enhancing data utility for downstream objectives.

What carries the argument

The Jacobian matrix of the public downstream model, which locates task-critical subspaces and guides selective noise attenuation to produce an anisotropic distribution from an originally isotropic LDP mechanism.

If this is right

  • The method works for both linear and non-linear downstream models.
  • It integrates directly with existing LDP primitives such as PrivUnit2 and PrivUnitG.
  • It yields approximately 20 percent higher utility at epsilon equal to 7.5 on CIFAR-10-C under the strongest brightness corruption.
  • The per-dimension privacy budget remains exactly the same as in the original isotropic mechanism.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same Jacobian-guided idea could be tested in federated-learning pipelines where a public model is already available for the target task.
  • If the downstream model changes over time, the noise reshaping would need to be recomputed periodically, which may add modest communication cost.
  • The approach suggests that any privacy mechanism whose noise is currently isotropic could be improved by an analogous task-aware reweighting step.

Load-bearing premise

The Jacobian of the public downstream model reliably identifies the directions that are most important for the downstream task, and the anisotropic reshaping leaves the original local differential privacy guarantee intact without extra assumptions on the data distribution or model linearity.

What would settle it

A direct check would be to measure whether the claimed privacy guarantee still holds after the Jacobian-guided reshaping on a dataset where the Jacobian directions are known to be uncorrelated with task performance; if utility gains disappear or the privacy bound is violated, the central claim is falsified.

Figures

Figures reproduced from arXiv: 2605.16812 by Anil Anthony Bharath, Viktor Schlegel, Yidan Sun, Youngmok Ha.

Figure 1
Figure 1. Figure 1: Motivating Example. Linear binary classifier and noise processing. C(z) is a linear classifier with normal vector w orthogonal to the decision boundary (C(z) = 0). z is the repre￾sentation, and ur and un are basis vectors for the row and null spaces, respectively. Dotted arrows denote perturbations around z. The red and blue dashed lines describe the shape of the Laplace noise. Notably, perturbations along… view at source ↗
Figure 2
Figure 2. Figure 2: Overview of the proposed approach. Our approach comprises a pre-processing function f : Z → Z¯, where Z¯ is an intermediate bounded space in R m, and a post-processing function g : R m → R m. A randomization mechanism M 4 [PITH_FULL_IMAGE:figures/full_fig_p004_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: An illustrative example of the pre-processing ( [PITH_FULL_IMAGE:figures/full_fig_p018_3.png] view at source ↗
Figure 3
Figure 3. Figure 3: An illustrative example of the pre-processing ( [PITH_FULL_IMAGE:figures/full_fig_p019_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: London Smart Meters Dataset Splitting Scheme for Evaluation with Regression [PITH_FULL_IMAGE:figures/full_fig_p021_4.png] view at source ↗
Figure 4
Figure 4. Figure 4: London Smart Meters Dataset Splitting Scheme for Evaluation with Regression [PITH_FULL_IMAGE:figures/full_fig_p022_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Image Dataset Splitting Scheme for Evaluation with Classification using MNIST and [PITH_FULL_IMAGE:figures/full_fig_p022_5.png] view at source ↗
Figure 5
Figure 5. Figure 5: Image Dataset Splitting Scheme for Evaluation with Classification using MNIST and [PITH_FULL_IMAGE:figures/full_fig_p023_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: Evaluation Protocol for Classification. obtained from the pre-trained feature extractor, to 10 class logits. Under this standard pre-training, the model achieves an accuracy over 90% on the CIFAR-10 validation set. Since the classifier relies on a single linear layer mapping to 10 output classes, the Jacobian matrix of its outputs with respect to the input representations has a rank of at most 10. This res… view at source ↗
Figure 6
Figure 6. Figure 6: Evaluation Protocol for Classification. obtained from the pre-trained feature extractor, to 10 class logits. Under this standard pre-training, the model achieves an accuracy over 90% on the CIFAR-10 validation set. Since the classifier relies on a single linear layer mapping to 10 output classes, the Jacobian matrix of its outputs with respect to the input representations has a rank of at most 10. This res… view at source ↗
Figure 7
Figure 7. Figure 7: Test accuracy of five mechanisms on MNIST under [PITH_FULL_IMAGE:figures/full_fig_p025_7.png] view at source ↗
Figure 7
Figure 7. Figure 7: Test accuracy of five mechanisms on MNIST under [PITH_FULL_IMAGE:figures/full_fig_p026_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: Ablation Study on Clipping Threshold. 26 [PITH_FULL_IMAGE:figures/full_fig_p026_8.png] view at source ↗
Figure 8
Figure 8. Figure 8: Ablation Study on Clipping Threshold. 27 [PITH_FULL_IMAGE:figures/full_fig_p027_8.png] view at source ↗
Figure 9
Figure 9. Figure 9: Recovery Ratio of PA across corruption types, severity levels, and privacy budgets. Recovery Ratio is defined as (Acc(Baseline+PA) − Acc(Baseline))/(Acc(No Randomization) − Acc(Baseline)). Results are shown for Laplace, PrivUnit2, and PrivUnitG baselines (rows) on four CIFAR-10-C corruption types (columns) at severity levels 1–5, with ϵ ∈ 1.0, 3.0, 5.0, 7.5. A higher Recovery Ratio indicates that PA restor… view at source ↗
Figure 9
Figure 9. Figure 9: Recovery Ratio of PA across corruption types, severity levels, and privacy budgets. Recovery Ratio is defined as (Acc(Baseline+PA) − Acc(Baseline))/(Acc(No Randomization) − Acc(Baseline)). Results are shown for Laplace, PrivUnit2, and PrivUnitG baselines (rows) on four CIFAR-10-C corruption types (columns) at severity levels 1–5, with ϵ ∈ 1.0, 3.0, 5.0, 7.5. A higher Recovery Ratio indicates that PA restor… view at source ↗
read the original abstract

While Local Differential Privacy (LDP) serves as a foundational primitive for distributed data collection, its stringent noise injection requirement often leads to severe degradation in data utility. This degradation stems from the task-agnostic nature of conventional LDP mechanisms, which inject noise uniformly across all dimensions regardless of their relative importance to the downstream objective. To address this issue, we propose a novel approach that mitigates noise in task-relevant subspaces of the data representation. Our method identifies task-critical subspaces via the Jacobian matrix of the public downstream model, selectively attenuates noise along those dimensions, and reshapes the isotropic noise of standard LDP into an anisotropic distribution. This method preserves the uniform per-dimension privacy budget while heterogeneously modulating noise impact across dimensions, thereby substantially enhancing data utility. Furthermore, our approach generalizes to both linear and non-linear models and integrates seamlessly with existing mechanisms. Extensive experiments on CIFAR-10-C (Brightness corruption at the highest severity level 5) demonstrate that integrating our approach improves the utility of PrivUnit2 and PrivUnitG by approximately 20\% at $\epsilon=7.5$. The source code is available at https://github.com/ymha/jacobian-anr-ldp.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 1 minor

Summary. The paper proposes Jacobian-Guided Anisotropic Noise Reshaping (ANR) for Local Differential Privacy (LDP). It identifies task-critical subspaces via the Jacobian matrix of a public downstream model, selectively attenuates noise along those dimensions, and reshapes isotropic LDP noise into an anisotropic distribution while preserving the uniform per-dimension privacy budget. The method is claimed to generalize to linear and non-linear models and to integrate with existing mechanisms such as PrivUnit2 and PrivUnitG. Experiments on CIFAR-10-C (Brightness corruption, severity 5) report an approximately 20% utility improvement at ε=7.5.

Significance. If the privacy guarantees can be rigorously established for the data-dependent case and the utility gains prove robust across models and datasets, the approach could meaningfully improve practical LDP deployments in representation learning. The public release of source code at https://github.com/ymha/jacobian-anr-ldp is a clear strength that supports reproducibility. However, the current evidence consists of a single reported number without error bars or ablations, limiting the assessed impact.

major comments (2)
  1. [Abstract] Abstract: the claim that the method 'generalizes to both linear and non-linear models' and 'preserves the uniform per-dimension privacy budget' is load-bearing for the central contribution. For non-linear models the Jacobian must be evaluated at the private input x, rendering the reshaping matrix data-dependent. Standard LDP analyses for mechanisms such as PrivUnit assume a fixed noise distribution; no Lipschitz bound on the Jacobian map or explicit privacy-loss analysis for the input-dependent case is supplied. This directly affects whether the original LDP guarantee is maintained.
  2. [Experiments] Experiments (CIFAR-10-C results): the reported ~20% utility lift for PrivUnit2 and PrivUnitG at ε=7.5 is presented without error bars, ablation details on Jacobian computation, or comparison across multiple corruption levels or model architectures. This single-point result is insufficient to support the generalization claim.
minor comments (1)
  1. Notation for the reshaping matrix and its relation to the per-dimension privacy budget should be defined more explicitly, ideally with a small illustrative example for the linear case.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive and detailed feedback on our manuscript. We address each major comment point-by-point below and outline the revisions we will make to strengthen the privacy analysis and experimental evidence.

read point-by-point responses

  1. Referee: [Abstract] Abstract: the claim that the method 'generalizes to both linear and non-linear models' and 'preserves the uniform per-dimension privacy budget' is load-bearing for the central contribution. For non-linear models the Jacobian must be evaluated at the private input x, rendering the reshaping matrix data-dependent. Standard LDP analyses for mechanisms such as PrivUnit assume a fixed noise distribution; no Lipschitz bound on the Jacobian map or explicit privacy-loss analysis for the input-dependent case is supplied. This directly affects whether the original LDP guarantee is maintained.

    Authors: We agree that a rigorous treatment of the data-dependent case for non-linear models is essential. Although the per-dimension privacy budget remains uniform by construction (the base mechanism allocates equal epsilon to each coordinate before reshaping), the input-dependent Jacobian requires additional analysis. In the revised manuscript we will add a dedicated privacy section that (i) assumes Lipschitz continuity of the Jacobian map with respect to the input under standard bounded-norm assumptions on the model weights, (ii) derives an explicit privacy-loss bound via the composition of the base LDP mechanism with the bounded post-processing step, and (iii) shows that the overall guarantee remains epsilon-LDP. We believe this addresses the concern without altering the core contribution. revision: yes

  2. Referee: [Experiments] Experiments (CIFAR-10-C results): the reported ~20% utility lift for PrivUnit2 and PrivUnitG at ε=7.5 is presented without error bars, ablation details on Jacobian computation, or comparison across multiple corruption levels or model architectures. This single-point result is insufficient to support the generalization claim.

    Authors: We acknowledge that the current experimental presentation is limited. In the revision we will (i) report mean and standard deviation over at least five independent runs with error bars, (ii) include ablations on Jacobian computation (different layers, finite-difference vs. automatic differentiation, and sensitivity to public model choice), and (iii) extend results to additional corruption types and severities in CIFAR-10-C as well as at least one other dataset and model architecture. These additions will provide stronger support for the generalization statements. revision: yes

Circularity Check

0 steps flagged

No circularity: new algorithmic construction evaluated on external benchmarks

full rationale

The paper introduces a Jacobian-guided anisotropic noise reshaping mechanism as a novel algorithmic construction that identifies task-critical subspaces from a public downstream model and modulates noise accordingly. This is presented as an independent design choice that integrates with existing LDP mechanisms like PrivUnit2, with utility gains demonstrated through empirical evaluation on CIFAR-10-C rather than any reduction to fitted parameters, self-definitions, or self-citation chains. The privacy preservation argument rests on the per-dimension budget invariance of the reshaping rule, which is a stated design property rather than a derived equivalence to the input data or model outputs. No load-bearing step collapses to a tautology or prior self-referential result; the derivation chain remains self-contained against external benchmarks and code.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The claim rests on the domain assumption that a publicly computed Jacobian supplies a faithful importance ordering for noise allocation; no free parameters or new entities are introduced beyond standard LDP primitives.

axioms (1)
  • domain assumption The Jacobian matrix of the public downstream model identifies task-critical subspaces without access to private data.
    Invoked to decide which dimensions receive attenuated noise.

pith-pipeline@v0.9.0 · 5756 in / 1282 out tokens · 51202 ms · 2026-05-21T07:51:59.238944+00:00 · methodology

Review history (2 revisions) →

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

78 extracted references · 78 canonical work pages · 1 internal anchor

  1. [1]

    Theory of Cryptography Conference (TCC) , pages =

    Dwork, Cynthia and McSherry, Frank and Nissim, Kobbi and Smith, Adam , title =. Theory of Cryptography Conference (TCC) , pages =. 2006 , organization =

    work page 2006

  2. [2]

    SIAM Journal on Computing , volume =

    Kasiviswanathan, Shiva Prasad and Lee, Homin K and Nissim, Kobbi and Raskhodnikova, Sofya and Smith, Adam , title =. SIAM Journal on Computing , volume =

    work page

  3. [3]

    Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS) , pages =

    Erlingsson,. Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS) , pages =

    work page

  4. [4]

    Advances in Neural Information Processing Systems (NIPS) , pages =

    Ding, Bolin and Kulkarni, Janardhan and Yekhanin, Sergey , title =. Advances in Neural Information Processing Systems (NIPS) , pages =

    work page

  5. [5]

    ICML Workshop on Federated Learning and Analytics in Practice , year =

    Chadha, Karan and Chen, Junye and Duchi, John and Feldman, Vitaly and Hashemi, Hanieh and Javidbakht, Omid and McMillan, Audra and Talwar, Kunal , title =. ICML Workshop on Federated Learning and Analytics in Practice , year =

    work page

  6. [6]

    arXiv preprint arXiv:2404.11607 , year =

    Sun, Ziteng and Ghazi, Badih and Kairouz, Peter and Kumar, Ravi and Manurangsi, Pasin , title =. arXiv preprint arXiv:2404.11607 , year =

    work page arXiv

  7. [7]

    Proceedings of the ACM Symposium on Theory of Computing (STOC) , pages =

    Bassily, Raef and Smith, Adam , title =. Proceedings of the ACM Symposium on Theory of Computing (STOC) , pages =

    work page

  8. [8]

    IEEE Transactions on Knowledge and Data Engineering , year =

    Wang, Tianhao and others , title =. IEEE Transactions on Knowledge and Data Engineering , year =

    work page

  9. [9]

    arXiv preprint , year =

    Zhao and others , title =. arXiv preprint , year =

    work page

  10. [10]

    and Jordan, Michael I

    Duchi, John C. and Jordan, Michael I. and Wainwright, Martin J. , title =. Proceedings of the 54th Annual IEEE Symposium on Foundations of Computer Science (FOCS) , pages =

    work page

  11. [11]

    Collecting and Analyzing Data from Smart Device Users with Local Differential Privacy

    Nguy. arXiv preprint arXiv:1606.05053 , year =

    work page internal anchor Pith review Pith/arXiv arXiv

  12. [12]

    and Jordan, Michael I

    Duchi, John C. and Jordan, Michael I. and Wainwright, Martin J. , title =. Journal of the American Statistical Association , volume =

    work page

  13. [13]

    2019 , volume =

    Acharya, Jayadev and Sun, Ziteng and Zhang, Huanyu , booktitle =. 2019 , volume =

    work page 2019

  14. [14]

    and Freudiger, Julien and Kapoor, Gaurav and Rogers, Ryan , journal =

    Bhowmick, Abhishek and Duchi, John C. and Freudiger, Julien and Kapoor, Gaurav and Rogers, Ryan , journal =

    work page

  15. [15]

    2019 , publisher =

    Wang, Ning and Xiao, Xiaokui and Yang, Yin and Zhao, Jun and Hui, Siu Cheung and Shin, Hyejin and Shin, Junbum and Yu, Ge , booktitle =. 2019 , publisher =

    work page 2019

  16. [16]

    Advances in Neural Information Processing Systems (NeurIPS) , volume =

    Chen, Wei-Ning and Kairouz, Peter and. Advances in Neural Information Processing Systems (NeurIPS) , volume =

    work page

  17. [17]

    2021 , volume =

    Girgis, Antonious and Data, Deepesh and Diggavi, Suhas and Kairouz, Peter and Theertha Suresh, Ananda , booktitle =. 2021 , volume =

    work page 2021

  18. [18]

    Asi, Hilal and Feldman, Vitaly and Koren, Tomer and Talwar, Kunal , booktitle =

    work page

  19. [19]

    Proceedings on Privacy Enhancing Technologies , volume =

    Aum. Proceedings on Privacy Enhancing Technologies , volume =. 2024 , doi =

    work page 2024

  20. [20]

    and Yang, Xuelin and Zakynthinou, Lydia and Zhivotovskiy, Nikita , booktitle =

    Dagan, Yuval and Jordan, Michael I. and Yang, Xuelin and Zakynthinou, Lydia and Zhivotovskiy, Nikita , booktitle =

    work page

  21. [21]

    Proceedings of the 30th Annual ACM-SIAM Symposium on Discrete Algorithms (SODA) , pages =

    Erlingsson,. Proceedings of the 30th Annual ACM-SIAM Symposium on Discrete Algorithms (SODA) , pages =

    work page

  22. [22]

    Advances in Cryptology -- EUROCRYPT , pages =

    Cheu, Albert and Smith, Adam and Ullman, Jonathan and Zeber, David and Zhilyaev, Maxim , title =. Advances in Cryptology -- EUROCRYPT , pages =

    work page

  23. [23]

    Proceedings of the 62nd Annual IEEE Symposium on Foundations of Computer Science (FOCS) , pages =

    Feldman, Vitaly and McMillan, Audra and Talwar, Kunal , title =. Proceedings of the 62nd Annual IEEE Symposium on Foundations of Computer Science (FOCS) , pages =

    work page

  24. [24]

    Proceedings of the 34th Annual ACM-SIAM Symposium on Discrete Algorithms (SODA) , pages =

    Feldman, Vitaly and McMillan, Audra and Talwar, Kunal , title =. Proceedings of the 34th Annual ACM-SIAM Symposium on Discrete Algorithms (SODA) , pages =

    work page

  25. [25]

    Proceedings of the 46th IEEE Symposium on Security and Privacy (S&P) , year =

    Murakami, Takao and Sei, Yuichi and Eriguchi, Reo and others , title =. Proceedings of the 46th IEEE Symposium on Security and Privacy (S&P) , year =

    work page

  26. [26]

    Advances in Neural Information Processing Systems (NeurIPS) , year =

    Chua, Lynn and others , title =. Advances in Neural Information Processing Systems (NeurIPS) , year =

    work page

  27. [27]

    Proceedings of the 31st IEEE Computer Security Foundations Symposium (CSF) , pages =

    Alvim, M. Proceedings of the 31st IEEE Computer Security Foundations Symposium (CSF) , pages =

    work page

  28. [28]

    Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS) , year =

    Imola, Jacob and Murakami, Takao and Chaudhuri, Kamalika , title =. Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS) , year =

    work page

  29. [29]

    Findings of the Association for Computational Linguistics (ACL) , year =

    Chen, Sai and others , title =. Findings of the Association for Computational Linguistics (ACL) , year =

    work page

  30. [30]

    Proceedings of the 2025 Annual Conference of the North American Chapter of the Association for Computational Linguistics (NAACL) , year =

    Awon, Ahmed Musa and others , title =. Proceedings of the 2025 Annual Conference of the North American Chapter of the Association for Computational Linguistics (NAACL) , year =

    work page 2025

  31. [31]

    Proceedings of the 38th IEEE Symposium on Security and Privacy (S&P) , pages =

    Smith, Adam and Suresh, Ananda Theertha and Talwar, Kunal and Thakurta, Abhradeep , title =. Proceedings of the 38th IEEE Symposium on Security and Privacy (S&P) , pages =

    work page

  32. [32]

    Advances in Neural Information Processing Systems (NeurIPS) , pages =

    Wang, Di and Gaboardi, Marco and Xu, Jinhui , title =. Advances in Neural Information Processing Systems (NeurIPS) , pages =

    work page

  33. [33]

    Proceedings of the 35th IEEE International Conference on Data Engineering (ICDE) , pages =

    Wang, Ning and Xiao, Xiaokui and Yang, Yin and Zhao, Jun and Hui, Siu Cheung and Shin, Hyejin and Shin, Junbum and Yu, Ge , title =. Proceedings of the 35th IEEE International Conference on Data Engineering (ICDE) , pages =

    work page

  34. [34]

    Advances in Neural Information Processing Systems (NeurIPS) , pages =

    Bassily, Raef and Feldman, Vitaly and Talwar, Kunal and Thakurta, Abhradeep , title =. Advances in Neural Information Processing Systems (NeurIPS) , pages =

    work page

  35. [35]

    Advances in Neural Information Processing Systems (NeurIPS) , year =

    Bassily, Raef and Guzm. Advances in Neural Information Processing Systems (NeurIPS) , year =

    work page

  36. [36]

    Theoretical Computer Science , volume =

    Wang, Di and Xu, Jinhui , title =. Theoretical Computer Science , volume =

    work page

  37. [37]

    , title =

    Asi, Hilal and Duchi, John C. , title =. Advances in Neural Information Processing Systems (NeurIPS) , pages =

    work page

  38. [38]

    Advances in Neural Information Processing Systems (NeurIPS) , year =

    Huang, Ziyue and Liang, Yuting and Yi, Ke , title =. Advances in Neural Information Processing Systems (NeurIPS) , year =

    work page

  39. [39]

    Proceedings of the ACM on Management of Data (PACMMOD) , year =

    Li, Xiaochen and Liu, Weiran and Lou, Jian and Hong, Yuan and Zhang, Lei and Qin, Zhan and Ren, Kui , title =. Proceedings of the ACM on Management of Data (PACMMOD) , year =

    work page

  40. [40]

    Computer Standards & Interfaces , volume =

    Cormode, Graham and Jha, Somesh and Kulkarni, Tejas and Li, Ninghui and Srivastava, Divesh and Wang, Tianhao , title =. Computer Standards & Interfaces , volume =

    work page

  41. [41]

    Journal of the American Statistical Association , volume =

    Warner, Stanley L , title =. Journal of the American Statistical Association , volume =

    work page

  42. [42]

    2014 , publisher =

    The Algorithmic Foundations of Differential Privacy , author =. 2014 , publisher =

    work page 2014

  43. [43]

    2014 , doi =

    Kifer, Daniel and Machanavajjhala, Ashwin , journal =. 2014 , doi =

    work page 2014

  44. [44]

    Journal of Privacy and Confidentiality , volume =

    Alaggan, Mohammad and Gambs, S. Journal of Privacy and Confidentiality , volume =. 2016 , doi =

    work page 2016

  45. [45]

    2025 , volume=

    Muthukrishnan, Gokularam and Kalyani, Sheetal , journal=. 2025 , volume=

    work page 2025

  46. [46]

    2022 , volume =

    Cheng, Jiangnan and Tang, Ao and Chinchali, Sandeep , booktitle =. 2022 , volume =

    work page 2022

  47. [47]

    Proceedings of the 17th IEEE International Conference on Data Mining (ICDM) , pages =

    NhatHai Phan and Xintao Wu and Han Hu and Dejing Dou , title =. Proceedings of the 17th IEEE International Conference on Data Mining (ICDM) , pages =. 2017 , publisher =

    work page 2017

  48. [48]

    2018 , editor =

    Balle, Borja and Wang, Yu-Xiang , booktitle =. 2018 , editor =

    work page 2018

  49. [49]

    2010 , publisher =

    Hay, Michael and Rastogi, Vibhor and Miklau, Gerome and Suciu, Dan , journal =. 2010 , publisher =

    work page 2010

  50. [50]

    2017 , month = aug, address =

    Wang, Tianhao and Blocki, Jeremiah and Li, Ninghui and Jha, Somesh , booktitle =. 2017 , month = aug, address =

    work page 2017

  51. [51]

    Proceedings of the IEEE International Conference on Computer Communications (INFOCOM) , pages =

    Jia, Jinyuan and Gong, Neil Zhenqiang , title =. Proceedings of the IEEE International Conference on Computer Communications (INFOCOM) , pages =. 2019 , publisher =

    work page 2019

  52. [52]

    2019 , doi =

    Cormode, Graham and Kulkarni, Tejas and Srivastava, Divesh , journal =. 2019 , doi =

    work page 2019

  53. [53]

    Proceedings of the 27th Network and Distributed System Security Symposium (NDSS) , year =

    Wang, Tianhao and Lopuha. Proceedings of the 27th Network and Distributed System Security Symposium (NDSS) , year =

    work page

  54. [54]

    Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS) , pages =

    Sajadmanesh, Sina and Gatica. Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS) , pages =

    work page

  55. [55]

    Proceedings of the VLDB Endowment , volume =

    Cormode, Graham and Maddock, Samuel and Maple, Carsten , title =. Proceedings of the VLDB Endowment , volume =. 2021 , publisher =

    work page 2021

  56. [56]

    Advances in Neural Information Processing Systems (NeurIPS) , year =

    Ma, Yuheng and Zhang, Han and Cai, Yuchao and Yang, Hanfang , title =. Advances in Neural Information Processing Systems (NeurIPS) , year =

    work page

  57. [57]

    2023 IEEE Symposium on Security and Privacy (SP) , pages =

    Fang, Huiyu and Chen, Liquan and Liu, Yali and Gao, Yuan , title =. 2023 IEEE Symposium on Security and Privacy (SP) , pages =. 2023 , publisher =

    work page 2023

  58. [58]

    Network and Distributed System Security Symposium (NDSS) , year =

    Ye, Yutong and Wang, Tianhao and Zhang, Min and Feng, Dengguo , title =. Network and Distributed System Security Symposium (NDSS) , year =

    work page

  59. [59]

    and Balioglu, B

    Khodaie, A. and Balioglu, B. K. and Gursoy, M. E. , title =. Proceedings of the 40th International Conference on ICT Systems Security and Privacy Protection (IFIP SEC) , year =

    work page

  60. [60]

    and Dow, Eric and Wang, Qiqi , journal =

    Constantine, Paul G. and Dow, Eric and Wang, Qiqi , journal =. 2014 , doi =

    work page 2014

  61. [61]

    and Van Loan, Charles F

    Golub, Gene H. and Van Loan, Charles F. , year =

    work page

  62. [62]

    2013 , doi =

    Bengio, Yoshua and Courville, Aaron and Vincent, Pascal , journal =. 2013 , doi =

    work page 2013

  63. [63]

    2010 , institution =

    Narayanan, Hariharan and Mitter, Sanjoy , booktitle =. 2010 , institution =

    work page 2010

  64. [64]

    Journal of the American Mathematical Society , volume =

    Testing the Manifold Hypothesis , author =. Journal of the American Mathematical Society , volume =. 2016 , doi =

    work page 2016

  65. [65]

    Li, Chunyuan and Farkhoor, Heerad and Liu, Rosanne and Yosinski, Jason , booktitle =

    work page

  66. [66]

    2021 , doi =

    Aghajanyan, Armen and Zettlemoyer, Luke and Gupta, Sonal , booktitle =. 2021 , doi =

    work page 2021

  67. [67]

    , title =

    Jean-Michel D. , title =. 2019 , publisher =

    work page 2019

  68. [68]

    , journal =

    LeCun, Yann and Cortes, Corinna and Burges, Christopher J.C. , journal =. 1998 , url =

    work page 1998

  69. [69]

    Krizhevsky, Alex , institution =

    work page

  70. [70]

    Kurakin, Alexey and Song, Shuang and Chien, Steve and Geambasu, Roxana and Terzis, Andreas and Thakurta, Abhradeep , journal =

    work page

  71. [71]

    2023 , volume =

    Nasr, Milad and Mahloujifar, Saeed and Tang, Xinyu and Mittal, Prateek and Houmansadr, Amir , booktitle =. 2023 , volume =

    work page 2023

  72. [72]

    2024 , volume =

    Hou, Charlie and Shrivastava, Akshat and Zhan, Hongyuan and Conway, Rylan and Le, Trang and Sagar, Adithya and Fanti, Giulia and Lazar, Daniel , booktitle =. 2024 , volume =

    work page 2024

  73. [73]

    Kingma, Diederik P and Welling, Max , journal=

    work page

  74. [74]

    He, Kaiming and Zhang, Xiangyu and Ren, Shaoqing and Sun, Jian , booktitle=

    work page

  75. [75]

    Qin, Caihong and Bai, Yang , journal=

    work page

  76. [76]

    2016 , volume =

    Kairouz, Peter and Oh, Sewoong and Viswanath, Pramod , booktitle =. 2016 , volume =

    work page 2016

  77. [77]

    2022 IEEE 38th International Conference on Data Engineering (ICDE) , year=

    Duan, Jiawei and Ye, Qingqing and Hu, Haibo , title=. 2022 IEEE 38th International Conference on Data Engineering (ICDE) , year=

    work page 2022

  78. [78]

    2019 , url=

    Dan Hendrycks and Thomas Dietterich , booktitle=. 2019 , url=

    work page 2019