Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Privacy-Preserving Map-Free Exploration for Confirming the Absence of a Radioactive Source

Eric Lepowsky, David Snyder, Alexander Glaser, Anirudha Majumdar

TL;DR

This work addresses privacy-preserving verification of the absence of a radioactive source using map-free exploration. It introduces a random-walk based algorithm that accumulates non-sensitive information $\mathcal{G}_t$ while never storing maps or measurements, enabling calibrated absence confirmation via a Kolmogorov–Smirnov test against a reference exploration distribution $V_r$. Theoretical guarantees show zero mutual information with compliant maps (privacy) and bounded false positives with ensured coverage (correctness), backed by extensive PyBullet simulations and hardware demonstrations with a gamma-ray detector. The results demonstrate high-confidence absence/presence discrimination under strict information constraints and provide insights into the privacy-time trade-offs for robotic verification in sensitive environments.

Abstract

Performing an inspection task while maintaining the privacy of the inspected site is a challenging balancing act. In this work, we are motivated by the future of nuclear arms control verification, which requires both a high level of privacy and guaranteed correctness. For scenarios with limitations on sensors and stored information due to the potentially secret nature of observable features, we propose a robotic verification procedure that provides map-free exploration to perform a source verification task without requiring, nor revealing, any task-irrelevant, site-specific information. We provide theoretical guarantees on the privacy and correctness of our approach, validated by extensive simulated and hardware experiments.

Privacy-Preserving Map-Free Exploration for Confirming the Absence of a Radioactive Source

TL;DR

This work addresses privacy-preserving verification of the absence of a radioactive source using map-free exploration. It introduces a random-walk based algorithm that accumulates non-sensitive information while never storing maps or measurements, enabling calibrated absence confirmation via a Kolmogorov–Smirnov test against a reference exploration distribution . Theoretical guarantees show zero mutual information with compliant maps (privacy) and bounded false positives with ensured coverage (correctness), backed by extensive PyBullet simulations and hardware demonstrations with a gamma-ray detector. The results demonstrate high-confidence absence/presence discrimination under strict information constraints and provide insights into the privacy-time trade-offs for robotic verification in sensitive environments.

Abstract

Performing an inspection task while maintaining the privacy of the inspected site is a challenging balancing act. In this work, we are motivated by the future of nuclear arms control verification, which requires both a high level of privacy and guaranteed correctness. For scenarios with limitations on sensors and stored information due to the potentially secret nature of observable features, we propose a robotic verification procedure that provides map-free exploration to perform a source verification task without requiring, nor revealing, any task-irrelevant, site-specific information. We provide theoretical guarantees on the privacy and correctness of our approach, validated by extensive simulated and hardware experiments.
Paper Structure (19 sections, 2 theorems, 6 equations, 6 figures, 2 tables, 1 algorithm)

This paper contains 19 sections, 2 theorems, 6 equations, 6 figures, 2 tables, 1 algorithm.

Table of Contents

  1. INTRODUCTION
  2. RELATED WORK
  3. PROBLEM FORMULATION
  4. Defining the Environment
  5. Map Compression
  6. Source Detection with Limited Information
  7. METHODOLOGY
  8. PRIVACY AND CORRECTNESS
  9. Information Privacy
  10. Inspection Correctness
  11. EXPERIMENTS
  12. Simulation in PyBullet
  13. Hardware Demonstration
  14. DISCUSSION AND FUTURE WORK
  15. APPENDIX
  16. ...and 4 more sections

Key Result

Theorem 1

Consider the class of compliant (source-free) maps, denoted by $\mathbb{M}^-(l_x, l_y, B, \epsilon_{\underline{M}})$. Alg. alg:random is considered to be private, for all time, $t$, with respect to any map, $M \in \mathbb{M}^-$, in that the mutual information ($\mathcal{MI}$) between any stored data

Figures (6)

  • Figure 1: Robotic inspector in a representative laboratory search environment. The environment is approximately 15 m$^2$ with steel drum obstacles and dividers to reconfigure the space. The robotic inspector, a Create 3 platform fitted with gamma-ray detectors, explores the unknown environment and confirms, with high probability, the absence or presence of a radioactive source using only non-sensitive information.
  • Figure 2: Step size distributions for information storage scheme privacy and counterexample. Cumulative density functions over step size for our algorithm (distance between measurements) and a "leaky" alternative (distance between turns). Our algorithm (above) is only dependent on the presence/absence of a source, whereas the seemingly similar information storage scheme (below) leaks information which can differentiate between environments of differing occupancy. Note that the solid and dashed black lines in the upper plot are overlapped; this particular curve is equivalent to the reference distribution, $V_r$, which is independent of the environment.
  • Figure 3: Empirical coverage versus time. Evaluated for a range of maximum step sizes for the 5$\times$5 binning. For each step size, the average over all 10 environments and all 50 trials is shown; the curves start after 10 initial time steps. The shaded region represents the full range of possible values, evaluated over all step sizes. To convert from step number to real-world time, we assumed 3-second measurements, travel speed of 10 cm/s, and neglect the time spent avoiding obstacles.
  • Figure 4: Selection of simulated environments with varying complexity. All rooms are designed with the same 10$\times$10 m outer dimensions with different occupancy fractions and obstacle shapes.
  • Figure 5: Evolution of KS test significance and spatial coverage for simulated trials. The results for source-absence (solid) and source-presence (dashed) are averaged over all trials and simulated rooms. Coverage is shown for the source-absence case; coverage for the source-presence case is omitted since the algorithm terminates once a source is confirmed. The log-significance, represented in $\log_{10}$-space, is floored at the KS test trigger threshold, which was $-5$ for the simulated trials. For each curve, the shaded region represents one standard deviation of the full range of values.
  • ...and 1 more figures

Theorems & Definitions (5)

  • Theorem 1: Information Privacy of Compliant Hosts
  • Remark 2: Calibrated False Positive Rate
  • Lemma 3: Passage Times in Exponential Family mihail_conductance_1989
  • proof
  • proof