How can multiple distributed entities collaboratively train a shared deep net on their private data while preserving privacy? This paper introduces InstaHide, a simple encryption of training images, which can be plugged into existing distributed deep learning pipelines. The encryption is efficient and applying it during training has minor effect on test accuracy. InstaHide encrypts each training image with a "one-time secret key" which consists of mixing a number of randomly chosen images and applying a random pixel-wise mask. Other contributions of this paper include: (a) Using a large public dataset (e.g. ImageNet) for mixing during its encryption, which improves security. (b) Experimental results to show effectiveness in preserving privacy against known attacks with only minor effects on accuracy. (c) Theoretical analysis showing that successfully attacking privacy requires attackers to solve a difficult computational problem. (d) Demonstrating that use of the pixel-wise mask is important for security, since Mixup alone is shown to be insecure to some some efficient attacks. (e) Release of a challenge dataset https://github.com/Hazelsuko07/InstaHide_Challenge Our code is available at https://github.com/Hazelsuko07/InstaHide

翻译：多个分布式实体如何在保护隐私的同时合作训练一个私密数据共享深网? 本文介绍InstaHide, 这是一种简单的培训图像加密, 可以插入现有的分布式深层学习管道。 加密效率高, 培训期间应用对测试准确性影响很小。 InstaHide 加密了每个培训图像, 使用“ 一次性秘密密钥”, 包括混合随机选择的图像, 并使用随机像素掩码。 本文的其他贡献包括:(a) 使用大型公共数据集( 如图像网) 进行加密, 进行加密, 用于在加密期间进行混合, 从而改进安全性。 (b) 实验结果显示保护隐私的有效性, 防止已知袭击, 仅对准确性有轻微影响。 (c) 理论分析显示, 成功攻击隐私需要攻击者解决一个困难的计算问题。 (d) 证明使用像素掩码对于安全非常重要, 因为仅使用象素掩码对一些有效的攻击来说不安全。 (e) 释放一个挑战数据集 https://github.com/ Hazelsuskou/Hezoub/ Instaveard_ coom07/ Instaveard codestrol is is sol.