{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2019:WE5776AOLYJ4E5Z7VQUD3QRBHA","short_pith_number":"pith:WE5776AO","canonical_record":{"source":{"id":"1903.09860","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.LG","submitted_at":"2019-03-23T18:20:47Z","cross_cats_sorted":["cs.CR"],"title_canon_sha256":"935fcd45b72b32d8aa9985b1c0533f56d11e98ff6f6588995b74ee54ffb11ec5","abstract_canon_sha256":"f73f675384f66b2fd3127fcd79b177f7ed62fbe28f8a93be20e428484ed229ab"},"schema_version":"1.0"},"canonical_sha256":"b13bfff80e5e13c2773fac283dc221381f2b9ae00ca15e17a2b31aecfae093f4","source":{"kind":"arxiv","id":"1903.09860","version":2},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1903.09860","created_at":"2026-05-17T23:41:24Z"},{"alias_kind":"arxiv_version","alias_value":"1903.09860v2","created_at":"2026-05-17T23:41:24Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1903.09860","created_at":"2026-05-17T23:41:24Z"},{"alias_kind":"pith_short_12","alias_value":"WE5776AOLYJ4","created_at":"2026-05-18T12:33:30Z"},{"alias_kind":"pith_short_16","alias_value":"WE5776AOLYJ4E5Z7","created_at":"2026-05-18T12:33:30Z"},{"alias_kind":"pith_short_8","alias_value":"WE5776AO","created_at":"2026-05-18T12:33:30Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2019:WE5776AOLYJ4E5Z7VQUD3QRBHA","target":"record","payload":{"canonical_record":{"source":{"id":"1903.09860","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.LG","submitted_at":"2019-03-23T18:20:47Z","cross_cats_sorted":["cs.CR"],"title_canon_sha256":"935fcd45b72b32d8aa9985b1c0533f56d11e98ff6f6588995b74ee54ffb11ec5","abstract_canon_sha256":"f73f675384f66b2fd3127fcd79b177f7ed62fbe28f8a93be20e428484ed229ab"},"schema_version":"1.0"},"canonical_sha256":"b13bfff80e5e13c2773fac283dc221381f2b9ae00ca15e17a2b31aecfae093f4","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-17T23:41:24.514651Z","signature_b64":"zGeO7/jIT44YaQ7mK0MTW+yi++J2/uITKMde7JIOGZfxy73JiWwQ4wGeD7VY2n+16sFZcgcVDk373YtYNi3WCg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"b13bfff80e5e13c2773fac283dc221381f2b9ae00ca15e17a2b31aecfae093f4","last_reissued_at":"2026-05-17T23:41:24.514035Z","signature_status":"signed_v1","first_computed_at":"2026-05-17T23:41:24.514035Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1903.09860","source_version":2,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:41:24Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"QxS4qnq6PHiSPj2PHOwAzT0uUtEYqtxXNe+zWikNeHoGHK9IKgazuxRsbzcrVPHSVqtO4lyQkclzBz0cu684AA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-01T12:46:04.169093Z"},"content_sha256":"3c6213d3fef3ac7cad548744c174db66e7783b29a5c1bddb72a4822058380bb3","schema_version":"1.0","event_id":"sha256:3c6213d3fef3ac7cad548744c174db66e7783b29a5c1bddb72a4822058380bb3"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2019:WE5776AOLYJ4E5Z7VQUD3QRBHA","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Data Poisoning against Differentially-Private Learners: Attacks and Defenses","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.CR"],"primary_cat":"cs.LG","authors_text":"Justin Hsu, Xiaojin Zhu, Yuzhe Ma","submitted_at":"2019-03-23T18:20:47Z","abstract_excerpt":"Data poisoning attacks aim to manipulate the model produced by a learning algorithm by adversarially modifying the training set. We consider differential privacy as a defensive measure against this type of attack. We show that such learners are resistant to data poisoning attacks when the adversary is only able to poison a small number of items. However, this protection degrades as the adversary poisons more data. To illustrate, we design attack algorithms targeting objective and output perturbation learners, two standard approaches to differentially-private machine learning. Experiments show "},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1903.09860","kind":"arxiv","version":2},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:41:24Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"T7mBPa4wepV5CAUk4vFeOkY6l0j2ZKD4YtuV5Uni3PZp454qUMFcqr9Aj7n0gMgIjgqO+j/WEJBXTWQmvRfhBA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-01T12:46:04.169741Z"},"content_sha256":"60d55ffa81b46ad3939177d6485c8e6b836206b9749869fd113afb4f7e09abfd","schema_version":"1.0","event_id":"sha256:60d55ffa81b46ad3939177d6485c8e6b836206b9749869fd113afb4f7e09abfd"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/WE5776AOLYJ4E5Z7VQUD3QRBHA/bundle.json","state_url":"https://pith.science/pith/WE5776AOLYJ4E5Z7VQUD3QRBHA/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/WE5776AOLYJ4E5Z7VQUD3QRBHA/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-01T12:46:04Z","links":{"resolver":"https://pith.science/pith/WE5776AOLYJ4E5Z7VQUD3QRBHA","bundle":"https://pith.science/pith/WE5776AOLYJ4E5Z7VQUD3QRBHA/bundle.json","state":"https://pith.science/pith/WE5776AOLYJ4E5Z7VQUD3QRBHA/state.json","well_known_bundle":"https://pith.science/.well-known/pith/WE5776AOLYJ4E5Z7VQUD3QRBHA/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2019:WE5776AOLYJ4E5Z7VQUD3QRBHA","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"f73f675384f66b2fd3127fcd79b177f7ed62fbe28f8a93be20e428484ed229ab","cross_cats_sorted":["cs.CR"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.LG","submitted_at":"2019-03-23T18:20:47Z","title_canon_sha256":"935fcd45b72b32d8aa9985b1c0533f56d11e98ff6f6588995b74ee54ffb11ec5"},"schema_version":"1.0","source":{"id":"1903.09860","kind":"arxiv","version":2}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1903.09860","created_at":"2026-05-17T23:41:24Z"},{"alias_kind":"arxiv_version","alias_value":"1903.09860v2","created_at":"2026-05-17T23:41:24Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1903.09860","created_at":"2026-05-17T23:41:24Z"},{"alias_kind":"pith_short_12","alias_value":"WE5776AOLYJ4","created_at":"2026-05-18T12:33:30Z"},{"alias_kind":"pith_short_16","alias_value":"WE5776AOLYJ4E5Z7","created_at":"2026-05-18T12:33:30Z"},{"alias_kind":"pith_short_8","alias_value":"WE5776AO","created_at":"2026-05-18T12:33:30Z"}],"graph_snapshots":[{"event_id":"sha256:60d55ffa81b46ad3939177d6485c8e6b836206b9749869fd113afb4f7e09abfd","target":"graph","created_at":"2026-05-17T23:41:24Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Data poisoning attacks aim to manipulate the model produced by a learning algorithm by adversarially modifying the training set. We consider differential privacy as a defensive measure against this type of attack. We show that such learners are resistant to data poisoning attacks when the adversary is only able to poison a small number of items. However, this protection degrades as the adversary poisons more data. To illustrate, we design attack algorithms targeting objective and output perturbation learners, two standard approaches to differentially-private machine learning. Experiments show ","authors_text":"Justin Hsu, Xiaojin Zhu, Yuzhe Ma","cross_cats":["cs.CR"],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.LG","submitted_at":"2019-03-23T18:20:47Z","title":"Data Poisoning against Differentially-Private Learners: Attacks and Defenses"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1903.09860","kind":"arxiv","version":2},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:3c6213d3fef3ac7cad548744c174db66e7783b29a5c1bddb72a4822058380bb3","target":"record","created_at":"2026-05-17T23:41:24Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"f73f675384f66b2fd3127fcd79b177f7ed62fbe28f8a93be20e428484ed229ab","cross_cats_sorted":["cs.CR"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.LG","submitted_at":"2019-03-23T18:20:47Z","title_canon_sha256":"935fcd45b72b32d8aa9985b1c0533f56d11e98ff6f6588995b74ee54ffb11ec5"},"schema_version":"1.0","source":{"id":"1903.09860","kind":"arxiv","version":2}},"canonical_sha256":"b13bfff80e5e13c2773fac283dc221381f2b9ae00ca15e17a2b31aecfae093f4","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"b13bfff80e5e13c2773fac283dc221381f2b9ae00ca15e17a2b31aecfae093f4","first_computed_at":"2026-05-17T23:41:24.514035Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-17T23:41:24.514035Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"zGeO7/jIT44YaQ7mK0MTW+yi++J2/uITKMde7JIOGZfxy73JiWwQ4wGeD7VY2n+16sFZcgcVDk373YtYNi3WCg==","signature_status":"signed_v1","signed_at":"2026-05-17T23:41:24.514651Z","signed_message":"canonical_sha256_bytes"},"source_id":"1903.09860","source_kind":"arxiv","source_version":2}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:3c6213d3fef3ac7cad548744c174db66e7783b29a5c1bddb72a4822058380bb3","sha256:60d55ffa81b46ad3939177d6485c8e6b836206b9749869fd113afb4f7e09abfd"],"state_sha256":"2a413f0dfeede828aca9de5ec31d8280309883f5656f9d94aab690c672ead0ad"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"T9jUtdxhg2YRd8n6kVcZnW6t5U7zGBWAMq+Muv4t9/fqKLi3VG7S51s7JpkS8fhRSndnrZemr54qjHm7yHLuDQ==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-01T12:46:04.172731Z","bundle_sha256":"3d14d58e7a2bfe36e017b018071d84f3887ebb0dd5d9b8783a71943da9fe7c37"}}