Convex optimization with feedback is a framework where a learner relies on iterative queries and feedback to arrive at the minimizer of a convex function. It has gained considerable popularity thanks to its scalability in large-scale optimization and machine learning. The repeated interactions, however, expose the learner to privacy risks from eavesdropping adversaries that observe the submitted queries. In this paper, we study how to optimally obfuscate the learner's queries in convex optimization with first-order feedback, so that their learned optimal value is provably difficult to estimate for an eavesdropping adversary. We consider two formulations of learner privacy: a Bayesian formulation in which the convex function is drawn randomly, and a minimax formulation in which the function is fixed and the adversary's probability of error is measured with respect to a minimax criterion. Suppose that the learner wishes to ensure the adversary cannot estimate accurately with probability greater than $1/L$ for some $L>0$. Our main results show that the query complexity overhead is additive in $L$ in the minimax formulation, but multiplicative in $L$ in the Bayesian formulation. Compared to existing learner-private sequential learning models with binary feedback, our results apply to the significantly richer family of general convex functions with full-gradient feedback. Our proofs learn on tools from the theory of Dirichlet processes, as well as a novel strategy designed for measuring information leakage under a full-gradient oracle.
翻译:与反馈相匹配的优化是一个框架, 学习者依靠反复的查询和反馈来达到最小化的曲线函数。 由于在大规模优化和机器学习中可以缩放, 学习者依靠它获得了相当的受欢迎程度。 然而, 反复的交互作用使学习者暴露在隐私风险中, 由监听对手监听提交的询问。 在本文中, 我们研究如何以最佳方式用第一阶反馈来混淆学习者的询问, 这样他们学到的最佳价值就很难估计一个偷看的对手。 我们考虑了两种学习者隐私的公式: 一种是贝伊斯式的配方, 该配方是随机绘制的, 该功能是固定的, 对手的误差概率是用一个小负标准来衡量的。 假设学习者希望确保对手的准确性, 其概率大于1/L$, 大约是0.0美元。 我们的主要结果显示, 比较复杂的间接费用是用美元来测量一个精细的模型的基数, 并且将我们现有的连续学习工具应用一个基级的模型。