Differentially Private Learning Needs Better Features (or Much More Data)
Florian Tram\`er, Dan Boneh
TL;DR
Differentially private machine learning currently underperforms compared to handcrafted features on vision tasks, requiring more data or public features to improve performance, highlighting the need for better feature representations.
Contribution
The paper introduces strong baseline methods for private learning and demonstrates the limitations of current models compared to handcrafted features.
Findings
Private models underperform handcrafted features on vision tasks.
More private data or public domain features are needed for better performance.
Current private learning methods have not yet achieved the 'AlexNet moment'.
Abstract
We demonstrate that differentially private machine learning has not yet reached its "AlexNet moment" on many canonical vision tasks: linear models trained on handcrafted features significantly outperform end-to-end deep neural networks for moderate privacy budgets. To exceed the performance of handcrafted features, we show that private learning requires either much more private data, or access to features learned on public data from a similar domain. Our work introduces simple yet strong baselines for differentially private learning that can inform the evaluation of future progress in this area.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
Taxonomy
TopicsPrivacy-Preserving Technologies in Data · Cryptography and Data Security · Stochastic Gradient Optimization Techniques