Covert Learning: How to Learn with an Untrusted Intermediary

Ran Canetti, Ari Karchmer*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

7 Scopus citations

Abstract

We consider the task of learning a function via oracle queries, where the queries and responses are monitored (and perhaps also modified) by an untrusted intermediary. Our goal is twofold: First, we would like to prevent the intermediary from gaining any information about either the function or the learner’s intentions (e.g. the particular hypothesis class the learner is considering). Second, we would like to curb the intermediary’s ability to meaningfully interfere with the learning process, even when it can modify the oracles’ responses. Inspired by the works of Ishai et al. (Crypto 2019) and Goldwasser et al. (ITCS 2021), we formalize two new learning models, called Covert Learning and Covert Verifiable Learning, that capture these goals. Then, assuming hardness of the Learning Parity with Noise (LPN) problem, we show: Covert Learning algorithms in the agnostic setting for parity functions and decision trees, where a polynomial time eavesdropping adversary that observes all queries and responses learns nothing about either the function, or the learned hypothesis.Covert Verifiable Learning algorithms that provide similar learning and privacy guarantees, even in the presence of a polynomial-time adversarial intermediary that can modify all oracle responses. Here the learner is granted additional random examples and is allowed to abort whenever the oracles responses are modified. Aside theoretical interest, our study is motivated by applications to the secure outsourcing of automated scientific discovery in drug design and molecular biology. It also uncovers limitations of current techniques for defending against model extraction attacks.

Original languageEnglish
Title of host publicationTheory of Cryptography - 19th International Conference, TCC 2021, Proceedings
EditorsKobbi Nissim, Brent Waters, Brent Waters
PublisherSpringer Science and Business Media Deutschland GmbH
Pages1-31
Number of pages31
ISBN (Print)9783030904555
DOIs
StatePublished - 2021
Externally publishedYes
Event19th International Conference on Theory of Cryptography, TCC 2021 - Raleigh, United States
Duration: 8 Nov 202111 Nov 2021

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume13044 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference19th International Conference on Theory of Cryptography, TCC 2021
Country/TerritoryUnited States
CityRaleigh
Period8/11/2111/11/21

Funding

FundersFunder number
Defense Advanced Research Projects AgencyHR00112020021, HR00112020020

    Fingerprint

    Dive into the research topics of 'Covert Learning: How to Learn with an Untrusted Intermediary'. Together they form a unique fingerprint.

    Cite this