Results 71 - 80 of 23736
Statistical evaluation aims to estimate the generalization performance of a model using held-out i.i.d. test data sampled from the ground-truth distribution. In supervised learning settings such as classification, performance metrics such as error rate are well-defined, and test error reliably approximates population error given sufficiently large datasets. In contrast, evaluation is more challenging for generative models due to their open-ended nature: it is unclear which metrics are appropriate and whether such metrics can be reliably evaluated from finite samples. In this work, we introduce a theoretical framework for evaluating generative models and establish evaluability results for commonly used metrics.
Collaborative learning techniques can help train machine learning models that are superior to models trained on a single entity’s data. However, in many cases, potential participants in such collaborative schemes are competitors on a downstream task, such as different LLM providers. This can incentivize dishonest updates that damage other participants’ models and undermine the benefits of collaboration. In this talk, I will present a payment-based peer prediction mechanism that incentivizes participants to honestly report updates.
We investigate the robustness of multi-agent learning with bandit feedback. While previous research has developed learning algorithms that achieve strong convergence to equilibrium, we demonstrate that all such algorithms are vulnerable to adversaries capable of poisoning even a single agent’s utility observations with sublinear attack budget. To further understand the inherent robustness of multi-agent learning algorithms, we characterize the fundamental trade-off between their convergence speed and the maximum tolerable total utility corruptions for two example algorithms, including the state-of-the-art one. Our theoretical and empirical results reveal an intrinsic efficiency-robustness trade-off: the faster an algorithm converges, the more vulnerable it becomes to utility poisoning attacks.
Diffusion models produce high-fidelity samples and have recently become the de facto approach for synthetic image generation. However, prior work shows that these models exhibit strong vulnerability to privacy attacks, including reconstruction and membership inference (e.g., Carlini et al.), which makes adoption difficult in sensitive domains such as healthcare. Unfortunately, existing approaches that apply differential privacy during training often fail to preserve the high fidelity that makes diffusion models effective. In this talk I will present a new approach for training diffusion models in the federated setting, where clients hold non-IID data and seek formal privacy guarantees. The key idea in our approach is personalization, which helps alleviate the tension between privacy and utility in federated learning. Our method exploits the coarse-to-fine refinement structure that characterizes diffusion models: a shared diffusion model learns the coarse structure that appears across clients, while client-specific models perform the finer refinements that encode client-level information. This design lets clients benefit from collaboration while preventing the shared model from reproducing any individual client’s data, since it only observes noisy privatized versions of each client’s data. The method provides formal local differential privacy guarantees for each client while empirically preserving the high fidelity of diffusion models, which allows each client to release their personalized model publicly without compromising the privacy of other clients. We also show in a toy Gaussian mixture model that collaboration in this framework improves sample quality relative to private non-collaborative training. Extensive experiments on CIFAR-10, Colorized MNIST, and CelebA support these results: the framework generates high-fidelity samples, improves performance on minority and underrepresented classes, and maintains strong protection against membership inference, memorization, and reconstruction attacks.
The talk is based on joint work with Bingqing Jiang, A F M Mahfuzul Kabir, Weitong Zhang, Difan Zou, Lingxiao Wang and will appear in CVPR 2026.
In this talk, I will discuss differentially private algorithms for computing the geometric median, a basic and robust estimation problem. Standard private optimization methods, such as DP gradient descent, require an a priori bound on a ball of radius R containing the data, and their error scales linearly with this worst-case radius. For the geometric median, this can be overly pessimistic: a small number of outliers may make R very large even when most datapoints lie in a much smaller region. I will show how to go beyond this worst-case dependence by designing private algorithms whose error depends instead on the effective diameter of most of the data.
Local differential privacy is a powerful method for privacy-preserving data collection. In this paper, we develop a framework for training Generative Adversarial Networks (GANs) on differentially privatized data. We show that entropic regularization of optimal transport - a popular regularization method in the literature that has often been leveraged for its computational benefits - enables the generator to learn the raw (unprivatized) data distribution even though it only has access to privatized samples. We prove that at the same time this leads to fast statistical convergence at the parametric rate. This shows that entropic regularization of optimal transport uniquely enables the mitigation of both the effects of privatization noise and the curse of dimensionality in statistical convergence. We provide experimental evidence to support the efficacy of our framework in practice.
Pan-privacy was proposed by Dwork et al. as an approach to designing a private analytics system that retains its privacy properties in the face of intrusions that expose the system's internal state. Motivated by federated telemetry applications, in this talk we will define local pan-privacy, where privacy should be retained under repeated unannounced intrusions on the local state. We will consider the problem of monitoring the count of an event in a federated system, where event occurrences on a local device should be hidden even from an intruder on that device. We’ll show that under reasonable constraints, the goal of providing information-theoretic differential privacy under intrusion is incompatible with collecting telemetry information. Finally we’ll discuss how this problem can be solved in a scalable way using standard cryptographic primitives. Joint work with Vitaly Feldman, Guy Rothblum and Kunal Talwar.
Collaboration is crucial for reaching collective goals. However, its effectiveness is often undermined by the strategic behavior of individual agents---a fact that is captured by a high Price of Stability (PoS) in recent literature. Implicit in the traditional PoS analysis is the assumption that agents have full knowledge of how their tasks relate to one another. We offer a new perspective on bringing about efficient collaboration among strategic agents using information design. Inspired by the growing importance of collaboration in machine learning (such as platforms for collaborative federated learning and data cooperatives), we propose a framework where the platform has more information about how the agents' tasks relate to each other. We characterize how and to what degree such platforms can leverage this information advantage to steer strategic agents toward efficient collaboration.
Concretely, we consider collaboration networks where each node is a task type held by one agent, and each task benefits from contributions made in their inclusive neighborhood of tasks. This network structure is known to the agents and the platform, but only the platform knows each agent's real location. We design two families of persuasive signaling schemes that the platform can use to ensure a small total workload when agents follow the signal. The first family aims to achieve the minmax optimal approximation ratio compared to the optimal collaboration. The second family ensures per-instance strict improvement compared to full information disclosure.