Order-Revealing Encryption and the Hardness of Private Learning

TL;DR

This paper demonstrates how order-revealing encryption can be used to show that some concept classes are efficiently PAC learnable but not privately learnable, answering a longstanding open question.

Contribution

It introduces a novel connection between order-revealing encryption and the separation of PAC learning and differentially private learning, providing a new technique for such separations.

Findings

Constructed a concept class efficiently PAC learnable but not differentially private learnable.

Developed a generic transformation from order-revealing encryption to strongly correct comparison encryption.

Answered an open question by Kasiviswanathan et al. about the separation of learning models.

Abstract

An order-revealing encryption scheme gives a public procedure by which two ciphertexts can be compared to reveal the ordering of their underlying plaintexts. We show how to use order-revealing encryption to separate computationally efficient PAC learning from efficient $(\epsilon, \delta)$-differentially private PAC learning. That is, we construct a concept class that is efficiently PAC learnable, but for which every efficient learner fails to be differentially private. This answers a question of Kasiviswanathan et al. (FOCS '08, SIAM J. Comput. '11). To prove our result, we give a generic transformation from an order-revealing encryption scheme into one with strongly correct comparison, which enables the consistent comparison of ciphertexts that are not obtained as the valid encryption of any message. We believe this construction may be of independent interest.