Privacy Preserving Machine Learning

NIPS 2018 Workshop
Montréal, December 8

Palais des Congrès de Montréal
Room TBA


This one day workshop focuses on privacy preserving techniques for training, inference, and disclosure in large scale data analysis, both in the distributed and centralized settings. We have observed increasing interest of the ML community in leveraging cryptographic techniques such as Multi-Party Computation (MPC) and Homomorphic Encryption (HE) for privacy preserving training and inference, as well as Differential Privacy (DP) for disclosure. Simultaneously, the systems security and cryptography community has proposed various secure frameworks for ML. We encourage both theory and application-oriented submissions exploring a range of approaches, including:

  • secure multi-party computation techniques for ML
  • homomorphic encryption techniques for ML
  • hardware-based approaches to privacy preserving ML
  • centralized and decentralized protocols for learning on encrypted data
  • differential privacy: theory, applications, and implementations
  • statistical notions of privacy including relaxations of differential privacy
  • empirical and theoretical comparisons between different notions of privacy
  • trade-offs between privacy and utility

We think it will be very valuable to have a forum to unify different perspectives and start a discussion about the relative merits of each approach. The workshop will also serve as a venue for networking people from different communities interested in this problem, and hopefully foster fruitful long-term collaboration.

Call For Papers & Important Dates

Download Full CFP

Submission deadline: October 8 October 16, 2018 (11:59pm AoE)
Notification of acceptance: November 1, 2018
Workshop: December 8, 2018

Submission Instructions

Submissions in the form of extended abstracts must be at most 4 pages long (not including references and an unlimited number of pages for supplemental material, which reviewers are not required to take into account) and adhere to the NIPS format. We do accept submissions of work recently published or currently under review. Submissions should be anonymized. The workshop will not have formal proceedings, but authors of accepted abstracts can choose to have a link to arxiv or a pdf published on the workshop webpage.

If the new notification date causes issues with a potential visa application that depends specifically on the acceptance at this workshop, please contact us directly at

We can offer the opportunity to purchase a NIPS registration to one author of each accepted paper.

From the Workshop FAQ: the reserve tickets guarantee attendance to the workshops, and depending on availability, also to the main conference and tutorials. We expect most of the reserve tickets to allow registration for tutorials, conference and workshops, but again, only the workshops part is for certain.

Invited Speakers



Accepted Papers

Links to pdfs as well as abstracts will be added soon.

Hsin-Pai Cheng, Patrick Yu, Haojing Hu, Hai Li and Yiran Chen
LEASGD: an Efficient and Privacy-Preserving Decentralized Algorithm for Distributed Learning   
Cynthia Dwork and Vitaly Feldman
Privacy-preserving Prediction   
Bolin Ding, Janardhan Kulkarni and Sergey Yekhanin
A Distributed Algorithm For Differentially Private Heavy Hitters   
Yunhui Long, Tanmay Gangwani, Haris Mughees and Carl Gunter
Distributed and Secure Machine Learning using Self-tallying Multi-party Aggregation   
Joshua Allen, Bolin Ding, Janardhan Kulkarni, Harsha Nori, Olya Ohrimenko and Sergey Yekhanin
An Algorithmic Framework For Differentially Private Data Analysis on Trusted Processors   
Antoine Boutet, Théo Jourdan and Carole Frindel
Toward privacy in IoT mobile devices for activity recognition   
Roshan Dathathri, Olli Saarikivi, Hao Chen, Kim Laine, Kristin Lauter, Saeed Maleki, Madanlal Musuvathi and Todd Mytkowicz
CHET: Compiler and Runtime for Homomorphic Evaluation of Tensor Programs   
Martin Bertran, Natalia Martinez, Afroditi Papadaki, Qiang Qiu, Miguel Rodrigues and Guillermo Sapiro
Learning Representations for Utility and Privacy: An Information-Theoretic Based Approach   
Ashwin Machanavajjhala and Kamalika Chaudhuri
Capacity Bounded Differential Privacy   
Aurélien Bellet, Rachid Guerraoui and Hadrien Hendrikx
Who started this gossip? Differentially private rumor spreading   
Koen Lennart van der Veen, Ruben Seggers, Peter Bloem and Giorgio Patrini
Three Tools for Practical Differential Privacy   
Hao Chen, Ilaria Chillotti, Oxana Poburinnaya, Ilya Razenshteyn and M. Sadegh Riazi
Scaling Up Secure Nearest Neighbor Search   
Vitaly Feldman, Ilya Mironov, Kunal Talwar and Abhradeep Thakurta
Privacy Amplification by Iteration   
Yu-Xiang Wang, Borja Balle and Shiva Kasiviswanathan
Subsampled Renyi Differential Privacy and Analytical Moments Accountant   
Theo Ryffel, Andrew Trask, Morten Dahl, Bobby Wagner, Jason Mancuso, Daniel Rueckert and Jonathan Passerat-Palmbach
A generic framework for privacy preserving deep learning   
Valerie Chen, Valerio Pastro and Mariana Raykova
Secure Computation for Machine Learning With SPDZ   
Kareem Amin, Travis Dick, Alex Kulesza, Andres Medina and Sergei Vassilvitskii
Private Covariance Estimation via Iterative Eigenvector Sampling   
Alexandr Andoni, Tal Malkin and Negev Shekel Nosatzki
Secure Two Party Distribution Testing   
Phillipp Schoppmann, Adria Gascon, Mariana Raykova and Benny Pinkas
Make Some ROOM for the Zeros: Data Sparsity in Secure Distributed Machine Learning   
Judy Hoffman, Mehryar Mohri and Ningshan Zhang
Algorithms and Theory for Multiple-Source Adaptation   
Kareem Amin, Alex Kulesza, Andres Munoz Medina and Sergei Vassilvitskii
Bias Variance Trade-off in Differential Privacy   
Morten Dahl, Jason Mancuso, Yann Dupis, Ben DeCoste, Morgan Giraud, Ian Livingstone, Justin Patriquin and Gavin Uhma
Private Machine Learning in TensorFlow using Secure Computation   
Nicolas Loizou, Peter Richtarik, Filip Hanzely, Jakub Konecny and Dmitry Grishchenko
A Privacy Preserving Randomized Gossip Algorithm via Controlled Noise Insertion   
Yatharth Dubey and Aleksandra Korolova
The Power of The Hybrid Model for Mean Estimation   
Ulfar Erlingsson, Vitaly Feldman, Ilya Mironov, Ananth Raghunathan, Kunal Talwar and Abhradeep Thakurta
Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity   
Vasyl Pihur, Aleksandra Korolova, Frederick Liu, Subhash Sankuratripati, Moti Yung, Dachuan Huang and Ruogu Zeng
Differentially Private "Draw and Discard" Machine Learning   
Alexandra Schofield, Aaron Schein, Zhiwei Steven Wu and Hanna Wallach
A Variational Inference Approach for Locally Private Inference of Poisson Factorization Models   
Siddharth Garg, Zahra Ghodsi, Carmit Hazay, Yuval Ishai, Antonio Mercedone and Muthuramakrishnan Venkitasubramaniam
Oursourcing Private Machine Learning via Lightweight Secure Arithmetic Computation   
Frederik Harder, Jonas Köhler, Max Welling and Mijung Park
DP-MAC: The Differentially Private Method of Auxiliary Coordinates for Deep Learning   

Travel Grants

Thanks to our generous sponsors, we are able to provide a limited number of travel grants of up to $800 to help partially cover the expenses of authors of accepted papers who have not received other travel support from NIPS this year. To apply, please send an email to with the subject “PPML18 Travel Grant Application” including your resume and a half-page statement of purpose mentioning the title and the authors of your accepted paper and a summary of anticipated travel expenses. If you are an undergraduate or graduate student, we ask for a half-page recommendation letter supporting your application to be sent to us by the deadline. The deadline for applications is November 11, 2018 (11:59pm AoE). The notifications will be sent by November 16. Please feel free to send us an email if you have any questions.


Workshop organizers

  • Aurélien Bellet (Inria)
  • Adrià Gascón (Alan Turing Institute & Warwick)
  • Niki Kilbertus (MPI for Intelligent Systems & Cambridge)
  • Olya Ohrimenko (Microsoft Research)
  • Mariana Raykova (Yale)
  • Adrian Weller (Alan Turing Institute & Cambridge)

Program Committee

  • Pauline Anthonysamy (Google)
  • Borja de Balle Pigem (Amazon)
  • James Bell (University of Cambridge)
  • Battista Biggio (University of Cagliari)
  • Keith Bonawitz (Google)
  • Graham Cormode (University of Warwick)
  • Morten Dahl (Dropout Labs)
  • Emiliano de Cristofaro (University College London)
  • Christos Dimitrakakis
  • David Evans (University of Virginia)
  • Joseph Geumlek (UCSD)
  • Irene Giacomelli (Wisconsin University)
  • Stephen Hardy (Data61)
  • Stratis Ioannidis (Northeastern University)
  • Peter Kairouz (Stanford)
  • Nadin Kokciyan (King's College London)
  • Aleksandra Korolova (USC)
  • Kim Laine (Microsoft Research)
  • Ashwin Machanavajjhala (Duke University)
  • Payman Mohassel (Visa Research)
  • Catuscia Palamidessi (École Polytechnique & INRIA)
  • Mijung Park (Max Planck Institute for Intelligent Systems)
  • Giorgio Patrini (University of Amsterdam)
  • Benjamin Rubinstein (University of Melbourne)
  • Anand Sarwate (Rutgers University)
  • Phillipp Schoppmann (HU Berlin)
  • Nigel Smart (KU Leuven)
  • Carmela Troncoso (EPFL)
  • Yu-Xiang Wang (UCSB)
  • Pinar Yolum (Utrecht University)
  • Samee Zahur (Google)