Differentially Private Datastore Generation for Retrieval-Augmented Inference
This work addresses the need for privacy-preserving datastore sharing in on-device AI systems, offering a practical solution with minimal accuracy loss.
The paper introduces a hashing-based probability generation framework using locality-sensitive hashing and differential privacy to create and release private datastores for retrieval-augmented inference. At epsilon=5, the method achieves only a 2.6% average accuracy drop across seven datasets and reduces membership inference attack accuracy to 53.60%.
It is crucial for modern on-device AI systems that rely on retrieval-augmented inference to release and share datastores without compromising individual privacy. This can be achieved using Differential Privacy (DP), which provides a formal guarantee that ensures individual contributions remain indistinguishable, even under adversarial analysis. In this paper, we introduce a hashing-based probability generation framework designed to enable the creation and release of differentially private datastores. Our approach employs locality-sensitive hashing (LSH) to efficiently partition high-dimensional data into buckets. We then add calibrated DP noise to the accumulated vote for each bucket, generating a probability distribution across classes. Our method is broadly applicable to any pipeline requiring secure key,value datastore creation and release. We conducted experiments on seven datasets with varying sample sizes and class counts, ranging from 2 to 14. At epsilon=5, our released DP datastore achieves strong privacy protection with only an average 2.6% drop in accuracy. Finally, we benchmark DP datastore resilience to membership inference attacks, reducing attack accuracy to 53.60%.