Privacypreserving machine learning with tensor networks
Abstract
Tensor networks, widely used for providing efficient representations of lowenergy states of local quantum manybody systems, have been recently proposed as machine learning architectures which could present advantages with respect to traditional ones. In this work we show that tensor network architectures have especially prospective properties for privacypreserving machine learning, which is important in tasks such as the processing of medical records. First, we describe a new privacy vulnerability that is present in feedforward neural networks, illustrating it in synthetic and realworld datasets. Then, we develop welldefined conditions to guarantee robustness to such vulnerability, which involve the characterization of models equivalent under gauge symmetry. We rigorously prove that such conditions are satisfied by tensornetwork architectures. In doing so, we define a novel canonical form for matrix product states, which has a high degree of regularity and fixes the residual gauge that is left in the canonical forms based on singular value decompositions. We supplement the analytical findings with practical examples where matrix product states are trained on datasets of medical records, which show large reductions on the probability of an attacker extracting information about the training dataset from the model's parameters. Given the growing expertise in training tensornetwork architectures, these results imply that one may not have to be forced to make a choice between accuracy in prediction and ensuring the privacy of the information processed.
 Publication:

arXiv eprints
 Pub Date:
 February 2022
 DOI:
 10.48550/arXiv.2202.12319
 arXiv:
 arXiv:2202.12319
 Bibcode:
 2022arXiv220212319P
 Keywords:

 Computer Science  Cryptography and Security;
 Condensed Matter  Statistical Mechanics;
 Computer Science  Artificial Intelligence;
 Computer Science  Machine Learning;
 Quantum Physics
 EPrint:
 16 pages, 2 figures. Quantumarticle 6.1. The computational appendix is available at https://www.github.com/apozas/privatetn V2: Updated results with new canonical forms, new title, extended discussion and bibliography