Robust and Private Learning of Halfspaces
This work addresses the fundamental challenge of simultaneously ensuring data privacy and model robustness for machine learning practitioners, particularly in sensitive applications.
This paper investigates the interplay between differential privacy and adversarial robustness for learning halfspaces, establishing nearly tight sample complexity bounds. Their findings indicate that achieving both robustness and privacy simultaneously is more challenging than pursuing either goal individually.
In this work, we study the trade-off between differential privacy and adversarial robustness under L2-perturbations in the context of learning halfspaces. We prove nearly tight bounds on the sample complexity of robust private learning of halfspaces for a large regime of parameters. A highlight of our results is that robust and private learning is harder than robust or private learning alone. We complement our theoretical analysis with experimental results on the MNIST and USPS datasets, for a learning algorithm that is both differentially private and adversarially robust.