Privacy

Foundational paper introducing ε-differential privacy, Laplace mechanism, and noise calibration to sensitivity.

The definitive textbook covering DP techniques, composition, mechanism design, and ML applications.

Google's practical local DP system deployed in Chrome with longitudinal privacy guarantees.

Introduces DP-SGD algorithm and moments accountant for training neural networks with formal DP guarantees.

Proves optimal composition bounds for differential privacy; essential for privacy budget management.

Defines RDP using Rényi divergence; cleaner composition analysis used in TensorFlow Privacy.

Proves shuffle model bridges local/central DP gap; deployed in Apple and Google systems.

Unified framework for subsampling privacy amplification; essential for DP-SGD analysis.

f-DP and GDP with lossless composition via CLT; modern privacy accounting foundation.

Seminal paper introducing Federated Learning and FedAvg algorithm; enables ML without raw data collection.

Cryptographic protocol for aggregating model updates without seeing individual contributions.

Introduces structured updates and sketching to reduce communication costs in federated settings.

Control variates for client drift under heterogeneity; tight convergence guarantees for non-IID data.

User-level DP for federated learning; production deployment in Gboard next-word prediction.

Personalized FL addressing fairness and robustness via local regularization toward global model.

Definitive 210-page survey defining cross-device/cross-silo taxonomy and 50+ open problems.

Foundation for privacy-preserving telemetry with local DP guarantees for aggregate statistics.

Scaled PATE framework with GNMax aggregation; achieves strong privacy (ε < 1) while maintaining utility.

Private Aggregation of Teacher Ensembles; enables privacy-preserving ML via knowledge transfer.

MPC + DP protocol for cross-site attribution without user tracking; W3C Privacy CG proposal by Meta/Mozilla.

Encrypted conversion measurement and oblivious real-time bidding using MPC and secret sharing.

State-of-the-art GAN for synthetic tabular data; handles mixed types with mode-specific normalization.

PATE enables training on synthetic/unlabeled data with DP guarantees transferred from teacher ensemble.

Combines PATE framework with GANs for DP synthetic data generation.

Bayesian network approach to DP synthesis; widely deployed baseline for synthetic data.

MST/Private-PGM marginal-based synthesis that won NIST DP synthetic data competition.

Foundational paper introducing k-anonymity; each record indistinguishable from k-1 others on quasi-identifiers.

Landmark attack demonstrating re-identification of Netflix users; showed k-anonymity fails on high-dimensional data.

Extends k-anonymity by requiring diversity in sensitive attributes; defends against homogeneity attacks.

Requires sensitive attribute distribution in each equivalence class be close to overall distribution.

Shows 60% of European-descent Americans re-identifiable via genetic genealogy databases like GEDmatch.

Garbled circuits for secure two-party computation; foundational 2PC technique enabling oblivious computation.

GMW protocol proving completeness of secure MPC with honest majority; any function computable securely.

BGW protocol for information-theoretic MPC; 2023 Dijkstra Prize winner for seminal distributed computing paper.

First FHE construction enabling arbitrary computation on encrypted data; breakthrough cryptographic result.

Practical multi-party PSI using OPPRF; deployed for privacy-preserving ad matching and contact discovery.

EU privacy directive reduced ad effectiveness by 65%; first major empirical study of privacy regulation impact.

GDPR reduced EU tech venture investment by ~26%; rigorous diff-in-diff analysis of regulation effects.

State privacy laws reduced EMR adoption by 24%; pioneering regulation-innovation tradeoff study.

Foundational paper introducing shadow model-based membership inference; spawned entire research area.

Demonstrated recovery of training faces from facial recognition confidence scores; motivates output privacy.

First demonstration of verbatim training data extraction from GPT-2 including PII; motivated LLM safety research.

Gradient inversion reconstructs pixel-perfect training images from gradients; motivated secure aggregation.

Property inference attacks on federated learning; passive and active variants extract sensitive attributes.

Foundational PIR paper; proves single-server IT-PIR impossible sub-linearly, introduces multi-server PIR.

Introduces mix networks; first practical solution to traffic analysis enabling anonymous communication.

Design of Tor with perfect forward secrecy, directory servers, hidden services; deployed to millions.

Byzantine-robust multi-server PIR; first practical open-source PIR implementation (Percy++).

First practical MPC-based neural network training system; enables ML on private data from multiple parties.

Efficient DNN execution in Intel SGX with cryptographic verification of correct computation.

22× faster secure inference via ML-crypto co-design; hybrid HE + garbled circuits approach.

First efficient 2PC framework for BERT/GPT inference; specialized protocols for Softmax and GELU.