Can Stochastic Gradient Langevin Dynamics Provide Differential Privacy for Deep Learning?
Guy Heller, Ethan Fetaya
TL;DR
This paper investigates the differential privacy guarantees of Stochastic Gradient Langevin Dynamics (SGLD) during intermediate steps, revealing potential unbounded privacy loss that challenges prior assumptions about its privacy assurances.
Contribution
It highlights the limitations of SGLD's differential privacy guarantees in the interim region, a previously underexplored aspect crucial for Bayesian neural networks.
Findings
SGLD can lead to unbounded privacy loss mid-iteration.
Previous bounds only apply at initial or near-convergence stages.
Interim privacy guarantees for SGLD are not assured.
Abstract
Bayesian learning via Stochastic Gradient Langevin Dynamics (SGLD) has been suggested for differentially private learning. While previous research provides differential privacy bounds for SGLD at the initial steps of the algorithm or when close to convergence, the question of what differential privacy guarantees can be made in between remains unanswered. This interim region is of great importance, especially for Bayesian neural networks, as it is hard to guarantee convergence to the posterior. This paper shows that using SGLD might result in unbounded privacy loss for this interim region, even when sampling from the posterior is as differentially private as desired.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsPrivacy-Preserving Technologies in Data · Stochastic Gradient Optimization Techniques · Random Matrices and Applications