Private Two-Terminal Hypothesis Testing Varun Narayanan TIFR, - PowerPoint PPT Presentation

Private Two-Terminal Hypothesis Testing Varun Narayanan TIFR, Mumbai Joint work with Manoj Mishra (NISER, Bhubaneswar), Vinod Prabhakaran (TIFR, Mumbai) ISIT 2020

Two-Terminal Hypothesis Testing X Y Alice Bob ˆ ˆ H A H B H = 0 : ( X , Y ) ∼ P 0 XY H = 1 : ( X , Y ) ∼ P 1 XY

Two-Terminal Hypothesis Testing X Y Alice Bob ˆ ˆ H A H B H = 0 : ( X , Y ) ∼ P 0 XY H = 1 : ( X , Y ) ∼ P 1 XY

Privacy Motivated by the notion of security in multi-party function computation from cryptography Privacy is against an honest-but-curious user Emulates an ideal setting where users learn only their inputs and true hypothesis

y x H = 0 Alice Bob

y x H = 0 Alice Bob Ideal Setting Alice learns Input : x True hypothesis : H = 0 Alice’s knowledge of Bob’s input p( y | X = x , H = 0)

y x H = 0 Alice Bob Ideal Setting Real Setting Alice learns Alice learns Input : x Input : x True hypothesis : H = 0 True hypothesis : H = 0 Alice’s ‘view’ : V A = v A Alice’s knowledge of Bob’s input Alice’s knowledge... p( y | X = x , H = 0 , V A = v A ) p( y | X = x , H = 0)

y x H = 0 Alice Bob Ideal Setting Real Setting Alice learns Alice learns Input : x Input : x True hypothesis : H = 0 True hypothesis : H = 0 Alice’s ‘view’ : V A = v A Alice’s knowledge of Bob’s input Alice’s knowledge... p( y | X = x , H = 0 , V A = v A ) p( y | X = x , H = 0) δ -privacy against Alice: �� � � � p( y | x , H = 0 , V A ) − p( y | x , H = 0) � Pr TV ≥ δ � x , H = 0 ≤ δ � �

( ǫ, δ )-Private Two-Terminal Hypothesis Testing X Y Alice Bob ˆ ˆ H A H B

( ǫ, δ )-Private Two-Terminal Hypothesis Testing X Y Alice Bob ˆ ˆ H A H B ǫ -Correctness @Alice: For θ ∈ { 0 , 1 } , � � ˆ Pr H A � = θ | H = θ ≤ ǫ δ -Privacy @Alice: For θ ∈ { 0 , 1 } and all x such that P θ X ( x ) > 0, �� � � � p( y | x , H = θ, V A ) − p( y | x , H = θ ) � Pr TV ≥ δ � x , H = θ ≤ δ � �

Related Work Hypothesis testing: Pearson, 1900; Fisher, 1925; Neyman and Pearson, 1933 Multi-terminal hypothesis testing: Ahlswede and Csizar, 1986; Han, 1987; Tsitsiklis, 1993; Han and Amari, 1998 Recently: Xiang and Kim, ‘12, ‘13; Rahman and Wagner, ‘12; Zhang et. al. , ‘13; Sreekumar and Gunduz, ‘17; Salehkalaibar et. al., ‘18; Han et. al., ‘18; Diakonikolas et. al., ‘19 Privacy in multi-terminal detection: Duchi et. al. , ‘13; Sheffet, ‘18; Acharya et. al. , ‘19 Privacy in two-terminal detection: Sreekumar et. al., ‘18; Andoni et. al., ‘18; Gilani et. al, ‘19

Can we drive both correctness and privacy error to zero simultaneously using more and more samples?

Theorem 1 ( 1 12 , 1 12 )-private multi-terminal independence testing is impossible using private/common randomness and error-free communication

Theorem 1 ( 1 12 , 1 12 )-private multi-terminal independence testing is impossible using private/common randomness and error-free communication X Y Alice Bob ˆ ˆ H A H B H = 0 : X = Y | H = 1 : X = Y

Theorem 1 ( 1 12 , 1 12 )-private multi-terminal independence testing is impossible using private/common randomness and error-free communication X Y Alice Bob ˆ ˆ H A H B H = 0 : X = Y | H = 1 : X = Y Private Distributed Independence Testing = ⇒ Statistically secure computation of AND (impossible)

Using Correlations... ( R , S ) ∼ Φ X Y R S Alice Bob ( R , S ) ( X , Y ) = | ˆ ˆ H A H B When Φ is any non-trivial correlation*, Correctness and privacy error can be made arbitrarily small using more and more samples In fact, we characterize the optimal correctness-privacy error exponent [*] correlations that do not ‘seperate’ into common and private components

Correctness-Privacy Error Exponent A sequence of ( n , ǫ n , δ n )-private hypothesis testing protocols 1 achieve correctness-privacy error exponent ( α, β ) if: n →∞ − 1 n →∞ − 1 lim sup n log ǫ n ≥ α and lim sup n log δ n ≥ β 1 ( n , ǫ n , δ n )-private protocol uses n samples, and is ( ǫ, δ )-private

Correctness-Privacy Error Exponent A sequence of ( n , ǫ n , δ n )-private hypothesis testing protocols 1 achieve correctness-privacy error exponent ( α, β ) if: n →∞ − 1 n →∞ − 1 lim sup n log ǫ n ≥ α and lim sup n log δ n ≥ β We characterize the correctness-privacy error exponent region of private testing 1 ( n , ǫ n , δ n )-private protocol uses n samples, and is ( ǫ, δ )-private

Theorem 2 Private detection with correctness-privacy error exponent ( α, β ) is possible @Alice if and only if there exist no Q XY such that one of the following is satisfied: 1 D ( Q XY � P 0 XY ) ≤ α and D ( Q XY � P 1 XY ) ≤ α 2 D ( Q X � P θ X ) ≤ α and D ( Q Y | X � P θ Y | X ) ≤ β for θ = 0 , 1 XY ) ≤ α , D ( Q X � P 1 − θ 3 D ( Q XY � P θ ) ≤ α , and X D ( Q Y | X � P 1 − θ Y | X ) ≤ β for θ = 0 or 1

Tradeoff between Privacy and Correctness β 0.7 0.6 0.5 0.4 0.3 0.2 0.1 α 0.1 0.2 0.3 0.4 0.5 0.6 H = 0 H = 1 X = 0 X = 1 X = 0 X = 1 1 1 2 Y = 0 Y = 0 0 3 3 3 1 1 Y = 1 0 Y = 1 0 3 3

Overview of the Proof Reduce the problem to secure computation of decision function Find the optimal decision function

Secure Multi-Party Computation (MPC) X Y ( R , S ) ∼ Φ R S Alice Bob ( R , S ) ( X , Y ) = | f A ( X , Y ) f B ( X , Y ) Privacy: Y ↔ ( X , f A ( X , Y )) ↔ View A X ↔ ( Y , f B ( X , Y )) ↔ View B Any functions can be computed securely using any non-trivial correlation Φ

Simplyifying ( ǫ, δ )-Private Detection using MPC y x ( R , S ) ∼ Φ R S Alice Bob ( R , S ) ( X , Y ) = | f A ( x , y ) f B ( x , y ) �� � � � p( y | x , θ, V A ) − p( y | x , θ ) � Pr TV ≥ δ ≤ δ � x , θ � � ⇔ �� � � � Pr � p( y | x , θ, f A ( x , Y )) − p( y | x , θ ) TV ≥ δ ≤ δ � x , θ �

Error exponent ( α, β ) is not achievable @Alice if: Scenario 1 P 0 P 1 XY XY α α Q XY ∃ Q XY : D ( Q XY � P 0 XY ) ≤ α and D ( Q XY � P 1 XY ) ≤ α

Error exponent ( α, β ) is not achievable @Alice if: Scenario 2 Q XY Q X P 0 Q X P 1 Y | X Y | X β β P 0 P 1 XY XY α α D ( Q X � P θ X ) ≤ α and D ( Q Y | X � P θ Y | X ) ≤ α for θ = 0 , 1

Error exponent ( α, β ) is not achievable @Alice if: Scenario 3 Q X P 1 Q XY Y | X β P 0 P 1 XY XY α α XY ) ≤ α , D ( Q X � P 1 − θ D ( Q XY � P θ ) ≤ α and X D ( Q Y | X � P 1 − θ Y | X ) ≤ α for θ = 0 or 1

Optimal Decision Functions for Alice For sample size n , when the type of input ( x n , y n ) is Q XY : Q X P 1 Y | X Q X P 0 Y | X P 0 P 1 XY XY α α output H = 0

Optimal Decision Functions for Alice For sample size n , when the type of input ( x n , y n ) is Q XY : Q XY Q X P 1 Y | X P 0 P 1 XY XY α α output H = 1

Optimal Decision Functions for Alice For sample size n , when the type of input ( x n , y n ) is Q XY : Q X P 0 Q X P 1 Y | X Y | X P 0 P 1 XY XY α α output H = 0

Optimal Decision Functions for Alice For sample size n , when the type of input ( x n , y n ) is Q XY : Q XY Q X P 0 Q X P 1 Y | X Y | X β P 0 P 1 XY XY α α output H = 0

Optimal Decision Functions for Alice For sample size n , when the type of input ( x n , y n ) is Q XY : Q XY Q X P 0 Q X P 1 Y | X Y | X β P 0 P 1 XY XY α α output H = 1

Conclusion An intuitive notion of privacy for distributed testing Generally impossible using only private/common randomness and noise free communication Feasible when users share non-trivial correlations (or channels with non-trivial noise) The correctness-privacy error exponent can be characterized