The paper introduces an optimal black-box auditing framework using Donsker-Varadhan estimators to estimate Rényi differential privacy (RDP) guarantees for machine learning algorithms.

The paper introduces a differentially private manifold denoising framework that allows noisy, non-private query points to be corrected using sensitive reference data while providing formal $(\varepsil…

This paper corrects the theoretical analysis of DP-SGD by identifying that common implementations, which use batch averaging, result in weaker privacy guarantees than previously reported.

This paper introduces an attack, PRIVX, demonstrating that even differentially private (DP) Graph Neural Network (GNN) explanations leak enough structural information to allow an adversary to accurate…

The paper proposes a Jacobian-guided anisotropic noise reshaping technique to selectively attenuate noise in task-relevant subspaces, significantly enhancing data utility while maintaining Local Diffe…

This paper proposes two post-processing techniques, random selection and linear combination, to construct a model that satisfies any desired differential privacy level without retraining, given a set…

The paper develops a general framework to exactly characterize the composition of mechanisms satisfying multiple differential privacy constraints, extending known results to arbitrary numbers of const…

The paper introduces Metric-Normalized Posterior Leakage (mPL), an attacker-aligned measure that provides a practical, certifiable privacy guarantee for machine learning systems consumed under joint o…

The paper proposes the first general defense framework to make all union-preserving Differential Privacy (DP) protocols, specifically those based on shuffle-DP, resilient against poisoning attacks.

The paper introduces a Gaussian Differential Privacy (GDP)-based auditing framework to provide the first tight audits of privacy guarantees for state-of-the-art synthetic data generators like MST and…

The paper proposes IntraShuffler, a novel privacy-preserving middleware defense that enables gradient shuffling in Heterogeneous Differential Privacy Federated Learning (HDP-FL) systems, significantly…

The paper proposes IntraShuffler, a novel privacy-preserving middleware defense that enables gradient shuffling in Heterogeneous Differential Privacy Federated Learning (HDP-FL) while maintaining the…

The paper proposes a novel framework using the primal-dual perspective of differential privacy to provide a unified, modular, and end-to-end robustness certification for complex machine learning model…

The paper proposes Byz-Clip21-SGD2M, a novel algorithm that achieves high-probability convergence guarantees for Federated Learning by integrating robust aggregation, double momentum, and clipping, re…

The paper proves that platform-deterministic inference is a necessary and sufficient condition for trustworthy AI, establishing that AI trust fundamentally relies on consistent arithmetic.

The paper introduces a novel, efficient mechanism based on permute-and-flip for applying differential privacy to symbolic state trajectories, significantly reducing the computational overhead compared…

The paper proposes a Quantitative Information Flow (QIF) framework to systematically and rigorously compare Local Differential Privacy (LDP) frequency estimation protocols, moving beyond simple $\vare…

The paper introduces SMA-DP-SGD, a Spectral Memory-Aware Differential Privacy method that enhances standard DP-SGD by incorporating a memory branch derived from past noisy updates, improving model uti…

TAPAS introduces an efficient, asymmetric two-server private aggregation scheme that significantly reduces computational and communication costs for large-scale federated learning compared to existing…

The paper develops a unified theoretical framework to systematically characterize the optimal privacy-utility trade-off (PUT) and optimal Local Differential Privacy (LDP) channels for general statisti…