Title: Creating Differentially Private Datastores for Retrieval-Augmented Inference

Abstract

For contemporary on-device AI systems that depend on retrieval-augmented inference, it is essential to share and publish datastores while safeguarding individual privacy. Differential Privacy (DP) offers a rigorous mathematical guarantee that individual data contributions remain indistinguishable, even when subjected to adversarial scrutiny, thereby enabling this secure sharing. This study presents a novel framework based on hashing to generate and release differentially private datastores. The proposed method utilizes locality-sensitive hashing (LSH) to efficiently cluster high-dimensional data into specific buckets. Subsequently, calibrated DP noise is introduced into the cumulative votes for each bucket, resulting in a class-wise probability distribution. This technique is versatile and can be applied to any workflow necessitating the secure creation and dissemination of key-value datastores. To validate the approach, we performed experiments across seven datasets featuring varying numbers of classes (between 2 and 14) and differing sample sizes. The results indicate that at an epsilon value of 5, the released DP datastore maintains robust privacy standards while incurring an average accuracy reduction of just 2.6%. Furthermore, we evaluated the datastore’s resistance to membership inference attacks, demonstrating that the attack accuracy was successfully lowered to 53.60%.

Source: arXiv Generated at: 2026-06-02 00:00:00 UTC