In this work we examine the security of InstaHide, a recently proposed scheme for distributed learning (Huang et al.). A number of recent works have given reconstruction attacks for InstaHide in various regimes by leveraging an intriguing connection to the following matrix factorization problem: given the Gram matrix of a collection of m random k-sparse Boolean vectors in {0,1}^r, recover the vectors (up to the trivial symmetries). Equivalently, this can be thought of as a sparse, symmetric variant of the well-studied problem of Boolean factor analysis, or as an average-case version of the classic problem of recovering a k-uniform hypergraph from its line graph. As previous algorithms either required m to be exponentially large in k or only applied to k = 2, they left open the question of whether InstaHide possesses some form of "fine-grained security" against reconstruction attacks for moderately large k. In this work, we answer this in the negative by giving a simple O(m^{\omega + 1}) time algorithm for the above matrix factorization problem. Our algorithm, based on tensor decomposition, only requires m to be at least quasi-linear in r. We complement this result with a quasipolynomial-time algorithm for a worst-case setting of the problem where the collection of k-sparse vectors is chosen arbitrarily.
翻译:在这项工作中,我们检查了InstaHide(最近提出的分布式学习计划)的安全性(Huang等人)。最近的一些工程通过利用与以下矩阵因子化问题的有趣联系,使InstaHide在各种制度中受到重建攻击:鉴于在 { 0,1 ⁇ r 中收集的 m 随机 ksparse Boolean 矢量的Gram 矩阵, 恢复矢量( 直至微小的对称性) 的问题。 等量而言, 这可以被认为是研究周密的布林系数分析问题的一种稀少的对称变体,或者作为从线形图中恢复 k- uniforforma 高光学的典型问题的普通情况版本。由于以前的算法要求 k 或仅适用于 k= 2, InstaHide 是否拥有某种形式的“ 异质安全性安全性”, 以对付最差的 k。 在这项工作中,我们给出一个简单的 O( omega + 1} ) 等量级的运算法, 也就是我们在 数质质变法 的排序中,, 需要一种基于 AR 质 质 质 质 质 问题 的 的 质 的 。
相关内容
微信扫码咨询专知VIP会员