InstaHide's Sample Complexity When Mixing Two Private Images

Training neural networks usually require large numbers of sensitive training data, and how to protect the privacy of training data has thus become a critical topic in deep learning research. InstaHide is a state-of-the-art scheme to protect training data privacy with only minor effects on test accuracy, and its security has become a salient question. In this paper, we systematically study recent attacks on InstaHide and present a unified framework to understand and analyze these attacks. We find that existing …

accuracy art complexity critical cs.cc cs.cr cs.ds cs.lg data data privacy deep learning images large networks neural networks numbers privacy private protect research sample security sensitive state stat.ml test topic training training data