Online Seminar #5: Quantum-inspired solutions for privacy leaks in machine learning

Alejandro Pozas-Kerstjens (ICMAT)

Vast amounts of data are routinely processed in machine learning pipelines, every time covering
more aspects of our interactions with the world. However, the quest for performance is leaving
other important aspects, such as privacy, on the side. For example, when the models processing
the data are made public, is the safety of the data used for training it guaranteed? This is a
question of utmost importance especially when processing sensitive data such as medical
records.
In this talk, I will argue and practically illustrate that insights in quantum information, concretely
coming from the tensor network representations of quantum many-body states, can help in
devising better privacy-preserving machine learning algorithms. In the first part, I will show that
standard neural networks are vulnerable to a type of privacy leak that involves global properties
of the data used for training, thus being a priori resistant to standard protection mechanisms. In
the second, I will show that tensor networks, when used as machine learning architectures, are
invulnerable to this vulnerability. The proof of the resilience is based on the existence of
canonical forms for such architectures. Given the growing expertise in training tensor networks
and the recent interest in tensor-based reformulations of popular machine learning architectures,
these results imply that one may not have to be forced to make a choice between accuracy in
prediction and ensuring the privacy of the information processed when using machine learning
on sensitive data.