Private inference refers to a two-party setting in which one has a model (e.g., a linear classifier), the other has data, and the model is to be applied over the data while safeguarding the privacy of both parties. In particular, models in which the weights are quantized (e.g., to 1 or -1) gained increasing attention lately, due to their benefits in efficient, private, or robust computations. Traditionally, private inference has been studied from a cryptographic standpoint, which suffers from high complexity and degraded accuracy. More recently, Raviv et al. showed that in quantized models, an information theoretic tradeoff exists between the privacy of the parties, and a scheme based on a combination of Boolean and real-valued algebra was presented which attains that tradeoff. Both the scheme and the respective bound required the computation to be done exactly. In this work we show that by relaxing the requirement for exact computation, one can break the information theoretic privacy barrier of Raviv et al., and provide better privacy at the same communication costs. We provide a scheme for such approximate computation, bound its error, show its improved privacy, and devise a respective lower bound for some parameter regimes.

翻译：私有推理指一种两方设定：一方拥有模型（如线性分类器），另一方拥有数据，且需在保护双方隐私的同时对数据应用该模型。近年来，权重被量化（如量化为1或-1）的模型因其在高效、隐私或鲁棒计算中的优势而日益受到关注。传统上，私有推理一直从密码学角度进行研究，但这会导致高复杂度和精度下降。近期，Raviv等人证明，在量化模型中，各方隐私之间存在信息论权衡，并提出了一种基于布尔代数和实值代数相结合的方案来实现该权衡。该方案及相应的界限均要求精确执行计算。本文证明，通过放宽精确计算的要求，可以突破Raviv等人提出的信息论隐私壁垒，在相同通信代价下实现更优的隐私保护。我们提出了一种近似计算的方案，给出了其误差界限，证明了其隐私性能的提升，并在某些参数区间内推导了相应的下界。