wifi-densepose/docs/research/sota-2026-05-22
rUv 28d97e8f6a
adr-106: differential privacy + biometric primitive isolation for federation (#718)
Direct extension of ADR-105. Closes both items deferred from ADR-105:
(1) member-inference defence, (2) biometric primitive isolation
enforcement.

Three-layer defence:
1. PRIMITIVE ISOLATION (R15 binding) -- API-level tagging of on-device-
   only tensors. Compile-time error when  tagged tensors are passed
   to submit_delta().
2. GRADIENT CLIPPING (Abadi 2016) -- per-sample L2 norm <= C (default
   C=1.0) before delta computation.
3. GAUSSIAN NOISE (DP-SGD) -- N(0, sigma^2*C^2*I) added to aggregated
   LoRA delta before transmission.

Privacy budget via Moments Accountant (delta=1e-5):
- Conservative (medical-grade): sigma=1.5, 50 rounds, epsilon=2.0
- Standard (typical RuView):    sigma=1.0, 100 rounds, epsilon=5.0
- Lenient:                      sigma=0.5, 100 rounds, epsilon=8.0

On-device-only primitive list (R15-binding):
- Raw CSI window
- Gait stride frequency
- Breathing rate (per-subject)
- HRV rate signature
- RCS frequency response curve
- Limb timing vector
- Per-subject embedding centroid

Implementation budget: +300 LOC on top of ADR-105's 500 LOC = total
~800 LOC ruview-fed crate. 3-week effort estimate.

Composes:
- R3: Layer 1 blocks per-subject embedding centroid transmission
- R7: mincut compatible with DP-noised deltas (operates on noised graph)
- R12/R13 negative results: informed the noise-vs-structure-detection
  design choice (treat adversarial deltas as outliers from noisy
  distribution, not structural-detection problem)
- R14: privacy framework now has formal (epsilon, delta) backing
- R15: requirements basis = on-device-only primitive list made executable
- ADR-105: DP-SGD slots into step 4 of federation protocol

Closes the privacy story: R3 + R14 + R15 + ADR-105 + ADR-106 = complete
chain from physics (R6) -> embeddings (R3) -> personalised features (R14)
-> trained how (ADR-105) -> defended how (R7) -> privacy-bounded how
(ADR-106).

Honest scope:
- sigma values are recommendations, not measurements (per-cog tuning needed)
- (epsilon, delta)-DP is worst-case bound; auxiliary info changes practical leakage
- Moments Accountant is conservative
- Subject-level DP not formalised (household of 4 = K=4 subjects)
- Side-channel timing leaks out of scope (future ADR)

Explicitly deferred:
- ADR-107: cross-installation federation w/ secure aggregation

Coordination: ticks/tick-15.md, no PROGRESS.md edit.
2026-05-22 02:48:16 -04:00
..
ticks adr-106: differential privacy + biometric primitive isolation for federation (#718) 2026-05-22 02:48:16 -04:00
HORIZON.md docs(horizon): M3-M7 complete — close 12h autonomous SOTA run 2026-05-22 00:06:40 -04:00
PROGRESS.md feat(tools/ruview-mcp): M2 — wire real inference via cog health (#706) 2026-05-21 23:43:32 -04:00
R1-toa-crlb.md research(R1): ToA CRLB — precision floor for WiFi multistatic localisation (#711) 2026-05-22 01:38:35 -04:00
R3-crossroom-reid.md research(R3): cross-room re-ID — MERIDIAN closes the env-shift gap + 4 privacy constraints (#715) 2026-05-22 02:13:10 -04:00
R5-subcarrier-saliency.md research(sota): kick off SOTA research loop + first R5 saliency measurement (#702) 2026-05-21 23:05:55 -04:00
R6-fresnel-forward-model.md research(R6): Fresnel-zone forward model — bedrock physics for CSI sensitivity (#710) 2026-05-22 01:31:09 -04:00
R7-multilink-consistency.md research(R7): Stoer-Wagner mincut detects adversarial CSI nodes 3/3 in synthetic (#704) 2026-05-21 23:28:46 -04:00
R8-rssi-only-count.md research(R8): RSSI-only person count retains 95% of full-CSI accuracy (#703) 2026-05-21 23:18:09 -04:00
R9-rssi-fingerprint-knn.md feat(tools/ruview-mcp): M2 — wire real inference via cog health (#706) 2026-05-21 23:43:32 -04:00
R10-through-foliage-wildlife.md research(R10): through-foliage wildlife sensing — physics feasibility + per-species gait taxonomy 2026-05-22 00:59:11 -04:00
R11-maritime-sensing.md research(R11): maritime sensing — through-bulkhead impossible, through-seam works (#712) 2026-05-22 01:53:51 -04:00
R12-rf-weather-mapping.md research(R12): RF weather mapping eigenshift — negative-ish, with clearly-actionable revision path (#707) 2026-05-21 23:52:49 -04:00
R13-contactless-bp-negative.md research(R13): NEGATIVE — contactless BP from CSI is physically inferior to a cuff (#713) 2026-05-22 02:00:35 -04:00
R14-empathic-appliances.md research(R14): empathic appliances — vision + ethical framework + infrastructure gap inventory (#709) 2026-05-22 01:18:01 -04:00
R15-rf-biometric-primitives.md research(R15): RF biometric primitives — 5 environment-invariant features with quantified discriminability (#717) 2026-05-22 02:38:10 -04:00