Skip to main content

Learning Privacy and Private Learning – Automatic Privacy Proof of Black-box Processing

ECE Seminar

Location: EER 3.646
Hanshen Xiao
Massachusetts Institute of Technology

Can we automatically and provably quantify the information leakage from a black-box processing? In this talk, a new framework, termed PAC Privacy, will be introduced to “learn" semantic privacy parameters with high-level confidence. I will unveil a set of new information-theoretical tools to transform abstract adversarial inference challenges into quantifiable measures, allowing for provable estimations by end-to-end black-box evaluations. I will establish a more holistic statistical view through PAC Privacy to provide a cohesive interpretation for various classic privacy-preserving technologies, encompassing input-independent indistinguishability, such as Differential Privacy (DP), and empirical verification and auditing, as seen in Membership Inference Attack (MIA). On the practice side, I will demonstrate the strength of PAC Privacy both in tight utility-privacy tradeoffs and wide applicability, including how to determine the optimal noise in PAC Privacy to avoid the curse of dimensionality and make private high-dimensional data processing practical. In addition, via black-box analysis, I will show how to apply PAC Privacy to produce formal privacy proofs for a wide range of algorithms varying from long-standing heuristic data obfuscations to deep learning.


Hanshen Xiao is a final-year PhD student in MIT, advised by Srini Devadas. His research interests lie at the intersection of the fundamentals of information security and privacy, robust statistics and applied cryptography. He received the B.S. degree in Mathematics from Tsinghua University and is the recipient of several awards, including Mathwork Fellowship (2021-2023) and Tsinghua Future Scholar Fellowship (2015-2017). His work is also supported by DSTA Singapore, Capital One and Cisco.