On the Interaction Between Differential Privacy and Gradient Compression in Deep Learning

TL;DR

This paper empirically investigates how differential privacy and gradient compression interact in deep learning, revealing that compression can sometimes mitigate privacy-induced accuracy loss and proposing methods to improve test accuracy.

Contribution

It provides the first detailed empirical analysis of the combined effects of differential privacy and gradient compression on deep learning accuracy, with practical recommendations.

Findings

Gradient compression can reduce accuracy loss in private training.

Aggressive sparsification lessens the impact of added Gaussian noise.

Proposed methods improve test accuracy by up to 24.6%.

Abstract

While differential privacy and gradient compression are separately well-researched topics in machine learning, the study of interaction between these two topics is still relatively new. We perform a detailed empirical study on how the Gaussian mechanism for differential privacy and gradient compression jointly impact test accuracy in deep learning. The existing literature in gradient compression mostly evaluates compression in the absence of differential privacy guarantees, and demonstrate that sufficiently high compression rates reduce accuracy. Similarly, existing literature in differential privacy evaluates privacy mechanisms in the absence of compression, and demonstrates that sufficiently strong privacy guarantees reduce accuracy. In this work, we observe while gradient compression generally has a negative impact on test accuracy in non-private training, it can sometimes improve test accuracy in differentially private training. Specifically, we observe that when employing aggressive sparsification or rank reduction to the gradients, test accuracy is less affected by the Gaussian noise added for differential privacy. These observations are explained through an analysis how differential privacy and compression effects the bias and variance in estimating the average gradient. We follow this study with a recommendation on how to improve test accuracy under the context of differentially private deep learning and gradient compression. We evaluate this proposal and find that it can reduce the negative impact of noise added by differential privacy mechanisms on test accuracy by up to 24.6%, and reduce the negative impact of gradient sparsification on test accuracy by up to 15.1%.