tensorflow_privacy/research/instahide_attack_2020/README.md
2020-12-05 01:20:49 +00:00

51 lines
2.1 KiB
Markdown

Implementation of our reconstruction attack on InstaHide.
An Attack on InstaHide: Is Private Learning Possible with Instance Encoding?
Nicholas Carlini, Samuel Deng, Sanjam Garg, Somesh Jha, Saeed Mahloujifar, Mohammad Mahmoody, Shuang Song, Abhradeep Thakurta, Florian Tramer
https://arxiv.org/abs/2011.05315
## Overview
InstaHide is a recent privacy-preserving machine learning framework.
It takes a (sensitive) dataset and generates encoded images that are privacy-preserving.
Our attack breaks InstaHide and shows it does not offer meaningful privacy.
Given the encoded dataset, we can recover a near-identical copy of the original images.
This repository implements the attack described in our paper. It consists of a number of
steps that shoul be run sequentially. It assumes access to pre-trained neural network
classifiers that should be downloaded following the steps below.
### Requirements
* Python, version ≥ 3.5
* jax
* jaxlib
* objax (https://github.com/google/objax)
* PIL
* sklearn
### Running the attack
To reproduce our results and run the attack, each of the files should be run in turn.
0. Download the necessary dependency files:
- (encryption.npy)[https://www.dropbox.com/sh/8zdsr1sjftia4of/AAA-60TOjGKtGEZrRmbawwqGa?dl=0] and (labels.npy)[https://www.dropbox.com/sh/8zdsr1sjftia4of/AAA-60TOjGKtGEZrRmbawwqGa?dl=0] from the (InstaHide Challenge)[https://github.com/Hazelsuko07/InstaHide_Challenge]
- The (saved models)[https://drive.google.com/file/d/1YfKzGRfnnzKfUKpLjIRXRto8iD4FdwGw/view?usp=sharing] used to run the attack
- Set up all the requirements as above
1. Run `step_1_create_graph.py`. Produce the similarity graph to pair together encoded images that share an original image.
2. Run `step_2_color_graph.py`. Color the graph to find 50 dense cliques.
3. Run `step_3_second_graph.py`. Create a new bipartite similarity graph.
4. Run `step_4_final_graph.py`. Solve the matching problem to assign encoded images to original images.
5. Run `step_5_reconstruct.py`. Reconstruct the original images.
6. Run `step_6_adjust_color.py`. Adjust the color curves to match.
7. Run `step_7_visualize.py`. Show the final resulting images.