<italic>p</italic>-Power Exponential Mechanisms for Differentially Private Machine Learning
Differentially private stochastic gradient descent (DP-SGD) that perturbs the clipped gradients is a popular approach for private machine learning. Gaussian mechanism GM, combined with the moments accountant (MA), has demonstrated a much better privacy-utility tradeoff than using the advanced compos...
Guardado en:
| Autores principales: | , , , |
|---|---|
| Formato: | article |
| Lenguaje: | EN |
| Publicado: |
IEEE
2021
|
| Materias: | |
| Acceso en línea: | https://doaj.org/article/d91648a81c8e4395a2b8d3247e9c873c |
| Etiquetas: |
Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
| Sumario: | Differentially private stochastic gradient descent (DP-SGD) that perturbs the clipped gradients is a popular approach for private machine learning. Gaussian mechanism GM, combined with the moments accountant (MA), has demonstrated a much better privacy-utility tradeoff than using the advanced composition theorem. However, it is unclear whether the tradeoff can be further improved by other mechanisms with different noise distributions. To this end, we extend GM (<inline-formula> <tex-math notation="LaTeX">$p=2$ </tex-math></inline-formula>) to the generalized <inline-formula> <tex-math notation="LaTeX">$p$ </tex-math></inline-formula>-power exponential mechanism (<inline-formula> <tex-math notation="LaTeX">$p$ </tex-math></inline-formula>EM with <inline-formula> <tex-math notation="LaTeX">$p>0$ </tex-math></inline-formula>) family and show its privacy guarantee. Straightforwardly, we can enhance the privacy-utility tradeoff of GM by searching noise distribution in the wider mechanism space. To implement <inline-formula> <tex-math notation="LaTeX">$p$ </tex-math></inline-formula>EM in practice, we design an effective sampling method and extend MA to <inline-formula> <tex-math notation="LaTeX">$p$ </tex-math></inline-formula>EM for tightly estimating privacy loss. Besides, we formally prove the non-optimality of GM based on the variation method. Numerical experiments validate the properties of <inline-formula> <tex-math notation="LaTeX">$p$ </tex-math></inline-formula>EM and illustrate a comprehensive comparison between <inline-formula> <tex-math notation="LaTeX">$p$ </tex-math></inline-formula>EM and the other two state-of-the-art methods. Experimental results show that <inline-formula> <tex-math notation="LaTeX">$p$ </tex-math></inline-formula>EM is preferred when the noise variance is relatively small to the signal and the dimension is not too high. |
|---|