Tensor networks, widely used for providing efficient representations of low-energy states of local quantum many-body systems, have been recently proposed as machine learning architectures which could present advantages with respect to traditional ones. In this work we show that tensor-network architectures have especially prospective properties for privacy-preserving machine learning, which is important in tasks such as the processing of medical records. First, we describe a new privacy vulnerability that is present in feedforward neural networks, illustrating it in synthetic and real-world datasets. Then, we develop well-defined conditions to guarantee robustness to such vulnerability, which involve the characterization of models equivalent under gauge symmetry. We rigorously prove that such conditions are satisfied by tensor-network architectures. In doing so, we define a novel canonical form for matrix product states, which has a high degree of regularity and fixes the residual gauge that is left in the canonical forms based on singular value decompositions. We supplement the analytical findings with practical examples where matrix product states are trained on datasets of medical records, which show large reductions on the probability of an attacker extracting information about the training dataset from the model's parameters. Given the growing expertise in training tensor-network architectures, these results imply that one may not have to be forced to make a choice between accuracy in prediction and ensuring the privacy of the information processed.

中文翻译：

---

使用张量网络保护隐私的机器学习


张量网络广泛用于提供局部量子多体系统低能态的有效表示，最近被提出作为机器学习架构，相对于传统架构具有优势。在这项工作中，我们证明张量网络架构对于隐私保护机器学习具有特别有前景的特性，这对于医疗记录处理等任务非常重要。首先，我们描述了前馈神经网络中存在的新隐私漏洞，并在合成数据集和现实数据集中进行了说明。然后，我们开发明确的条件来保证对此类漏洞的鲁棒性，其中涉及规范对称下等效模型的表征。我们严格证明张量网络架构满足这些条件。在此过程中，我们为矩阵乘积状态定义了一种新颖的规范形式，它具有高度的规律性，并修复了基于奇异值分解的规范形式中留下的残差规范。我们用实际例子来补充分析结果，其中矩阵乘积状态是在医疗记录数据集上进行训练的，这表明攻击者从模型参数中提取有关训练数据集的信息的概率大大降低。鉴于训练张量网络架构方面的专业知识不断增长，这些结果意味着人们可能不必被迫在预测准确性和确保处理信息的隐私之间做出选择。