A Closer Look at the Calibration of Differentially Private Learners

TL;DR

This paper investigates the calibration issues in classifiers trained with differentially private stochastic gradient descent, identifies the cause, and proposes effective privacy-preserving calibration methods that significantly improve calibration with minimal accuracy loss.

Contribution

It reveals per-example gradient clipping as a key cause of miscalibration in DP-SGD and introduces differentially private calibration techniques like temperature and Platt scaling that enhance calibration.

Findings

DP-SGD classifiers are often miscalibrated across tasks.

DP calibration methods like temperature scaling greatly reduce calibration error.

Proposed methods incur minimal accuracy loss.

Abstract

We systematically study the calibration of classifiers trained with differentially private stochastic gradient descent (DP-SGD) and observe miscalibration across a wide range of vision and language tasks. Our analysis identifies per-example gradient clipping in DP-SGD as a major cause of miscalibration, and we show that existing approaches for improving calibration with differential privacy only provide marginal improvements in calibration error while occasionally causing large degradations in accuracy. As a solution, we show that differentially private variants of post-processing calibration methods such as temperature scaling and Platt scaling are surprisingly effective and have negligible utility cost to the overall model. Across 7 tasks, temperature scaling and Platt scaling with DP-SGD result in an average 3.1-fold reduction in the in-domain expected calibration error and only incur at most a minor percent drop in accuracy.