Paper 2021/201

DAUnTLeSS: Data Augmentation and Uniform Transformation for Learning with Scalability and Security

Hanshen Xiao and Srinivas Devadas


We revisit private optimization and learning from an information processing view. The main contribution of this paper is twofold. First, different from the classic cryptographic framework of operation-by-operation obfuscation, a novel private learning and inference framework via either random or data-dependent transformation on the sample domain is proposed. Second, we propose a novel security analysis framework, termed probably approximately correct (PAC) inference resistance, which bridges the information loss in data processing and prior knowledge. Using the entropy of private data, we develop an information theoretical security amplifier with a foundation of PAC security. We study the applications of such a framework from generalized linear regression models to modern learning techniques, such as deep learning. On the information theoretical privacy side, we compare three privacy interpretations: ambiguity, statistical indistinguishability (Differential Privacy) and PAC inference resistance, and precisely describe the information leakage of our framework. We show the advantages of this new random transform approach with respect to underlying privacy guarantees, computational efficiency and utility for fully-connected neural networks.

Available format(s)
Publication info
Preprint. MINOR revision.
Information-theoretical securityPrivate machine learningProbably approximately correct inferenceDifferential Privacy
Contact author(s)
hsxiao @ mit edu
devadas @ mit edu
2021-05-25: revised
2021-02-24: received
See all versions
Short URL
Creative Commons Attribution


      author = {Hanshen Xiao and Srinivas Devadas},
      title = {DAUnTLeSS: Data Augmentation and Uniform Transformation for Learning with Scalability and Security},
      howpublished = {Cryptology ePrint Archive, Paper 2021/201},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.