| Adversarial Examples Are Not Bugs, They Are Features | Andrew Ilyas · Shibani Santurkar · Dimitris Tsipras · Logan Engstrom · Brandon Tran · Aleksander Madry |
| Average-Case Averages: Private Algorithms for Smooth Sensitivity and Mean Estimation | Mark Bun · Thomas Steinke |
| Capacity Bounded Differential Privacy | Kamalika Chaudhuri · Jacob Imola · Ashwin Machanavajjhala |
| Differentially Private Anonymized Histograms | Ananda Theertha Suresh |
| Differentially Private Bagging: Improved utility and cheaper privacy than subsample-and-aggregate | James Jordon · Jinsung Yoon · Mihaela van der Schaar |
| Differentially Private Bayesian Linear Regression | Garrett Bernstein · Daniel Sheldon |
| Efficiently Estimating Erdos-Renyi Graphs with Node Differential Privacy | Jonathan Ullman · Adam Sealfon |
| Locally Private Gaussian Estimation | Matthew Joseph · Janardhan Kulkarni · Jieming Mao · Steven Wu |
| Minimax Optimal Estimation of Approximate Differential Privacy on Neighboring Databases | Xiyang Liu · Sewoong Oh |
| Differentially Private Algorithms for Learning Mixtures of Separated Gaussians | Gautam Kamath · Or Sheffet · Vikrant Singhal · Jonathan Ullman |
| Partially Encrypted Deep Learning using Functional Encryption | Théo Ryffel · David Pointcheval · Francis Bach · Edouard Dufour-Sans · Romain Gay |
| Privacy-Preserving Classification of Personal Text Messages with Secure Multi-Party Computation | Devin Reich · Ariel Todoki · Rafael Dowsley · Martine De Cock · anderson nascimento |
| Adversarial Training and Robustness for Multiple Perturbations | Florian Tramer · Dan Boneh |
| Devign: Effective Vulnerability Identification by Learning Comprehensive Program Semantics via Graph Neural Networks | Yaqin Zhou · Shangqing Liu · Jingkai Siow · Xiaoning Du · Yang Liu |
| Differentially Private Distributed Data Summarization under Covariate Shift | Kanthi Sarpatwar · Karthikeyan Shanmugam · Venkata Sitaramagiridharganesh Ganapavarapu · Ashish Jagmohan · Roman Vaculin |
| Private Hypothesis Selection | Mark Bun · Gautam Kamath · Thomas Steinke · Steven Wu |
| Facility Location Problem in Differential Privacy Model Revisited | Yunus Esencayi · Marco Gaboardi · Shi Li · Di Wang |
| KNG: The K-Norm Gradient Mechanism | Matthew Reimherr · Jordan Awan |
| Locally Private Learning without Interaction Requires Separation | Amit Daniely · Vitaly Feldman |
| Lower Bounds on Adversarial Robustness from Optimal Transport | Arjun Nitin Bhagoji · Daniel Cullina · Prateek Mittal |
| On Differentially Private Graph Sparsification and Applications | Raman Arora · Jalaj Upadhyay |
| Privacy-Preserving Q-Learning with Functional Noise in Continuous Spaces | Baoxiang Wang · Nidhi Hegde |
| REM: From Structural Entropy to Community Structure Deception | Yiwei Liu · Jiamou Liu · Zijian Zhang · Liehuang Zhu · Angsheng Li |
| Rethinking Deep Neural Network Ownership Verification: Embedding Passports to Defeat Ambiguity Attacks | Lixin Fan · Kam Woh Ng · Chee Seng Chan |
| SHE: A Fast and Accurate Deep Neural Network for Encrypted Data | Qian Lou · Lei Jiang |
| Theoretical evidence for adversarial robustness through randomization | Rafael Pinot · Laurent Meunier · Alexandre Araujo · Hisashi Kashima · Florian Yger · Cedric Gouy-Pailler · Jamal Atif |
| A Convex Relaxation Barrier to Tight Robustness Verification of Neural Networks | Hadi Salman · Greg Yang · Huan Zhang · Cho-Jui Hsieh · Pengchuan Zhang |
| An Algorithmic Framework For Differentially Private Data Analysis on Trusted Processors | Janardhan Kulkarni · Olga Ohrimenko · Bolin Ding · Sergey Yekhanin · Joshua Allen · Harsha Nori |
| Deep Leakage from Gradients | Ligeng Zhu · Zhijian Liu · Song Han |
| Defending Neural Backdoors via Generative Distribution Modeling | Ximing Qiao · Yukun Yang · Hai Li |
| Differential Privacy Has Disparate Impact on Model Accuracy | Eugene Bagdasaryan · Omid Poursaeed · Vitaly Shmatikov |
| Differentially Private Covariance Estimation | Kareem Amin · Travis Dick · Alex Kulesza · Andres Munoz · Sergei Vassilvitskii |
| Differentially Private Markov Chain Monte Carlo | Mikko Heikkilä · Joonas Jälkö · Onur Dikmen · Antti Honkela |
| Elliptical Perturbations for Differential Privacy | Matthew Reimherr · Jordan Awan |
| Oblivious Sampling Algorithms for Private Data Analysis | Olga Ohrimenko · Sajin Sasy |
| Practical Differentially Private Top-k Selection with Pay-what-you-get Composition | David Durfee · Ryan Rogers |
| Privacy Amplification by Mixing and Diffusion Mechanisms | Borja Balle · Gilles Barthe · Marco Gaboardi · Joseph Geumlek |
| Private Stochastic Convex Optimization with Optimal Rates | Raef Bassily · Vitaly Feldman · Kunal Talwar · Abhradeep Guha Thakurta |