What Can We Learn Privately?

TL;DR

This paper explores the capabilities and limitations of private learning algorithms, demonstrating that many concept classes can be learned privately with minimal sample sizes, and characterizing local private learning.

Contribution

It proves that any concept class learnable non-privately with polynomial complexity can be learned privately with similar efficiency, and characterizes local private learning algorithms as equivalent to the SQ model.

Findings

Private agnostic learning is possible with logarithmic sample size in concept class size.

A polynomial-time private PAC learner is provided for parity functions.

A separation between interactive and noninteractive local learning algorithms is established.

Abstract

Learning problems form an important category of computational tasks that generalizes many of the computations researchers apply to large real-life data sets. We ask: what concept classes can be learned privately, namely, by an algorithm whose output does not depend too heavily on any one input or specific training example? More precisely, we investigate learning algorithms that satisfy differential privacy, a notion that provides strong confidentiality guarantees in contexts where aggregate information is released about a database containing sensitive information about individuals. We demonstrate that, ignoring computational constraints, it is possible to privately agnostically learn any concept class using a sample size approximately logarithmic in the cardinality of the concept class. Therefore, almost anything learnable is learnable privately: specifically, if a concept class is learnable by a (non-private) algorithm with polynomial sample complexity and output size, then it can be learned privately using a polynomial number of samples. We also present a computationally efficient private PAC learner for the class of parity functions. Local (or randomized response) algorithms are a practical class of private algorithms that have received extensive investigation. We provide a precise characterization of local private learning algorithms. We show that a concept class is learnable by a local algorithm if and only if it is learnable in the statistical query (SQ) model. Finally, we present a separation between the power of interactive and noninteractive local learning algorithms.