Exploring the Benefits of Visual Prompting in Differential Privacy

TL;DR

This paper investigates how Visual Prompting (VP) can enhance neural network classifiers with differential privacy, achieving improved privacy-utility trade-offs and demonstrating effectiveness across various tasks.

Contribution

It introduces the integration of VP with differential privacy methods, notably PATE, to improve privacy-utility balance and demonstrates its advantages through extensive experiments and ablation studies.

Findings

VP combined with PATE achieves state-of-the-art privacy-utility trade-off.

VP improves cross-domain image classification under DP.

Extensive ablations validate VP's effectiveness in DP settings.

Abstract

Visual Prompting (VP) is an emerging and powerful technique that allows sample-efficient adaptation to downstream tasks by engineering a well-trained frozen source model. In this work, we explore the benefits of VP in constructing compelling neural network classifiers with differential privacy (DP). We explore and integrate VP into canonical DP training methods and demonstrate its simplicity and efficiency. In particular, we discover that VP in tandem with PATE, a state-of-the-art DP training method that leverages the knowledge transfer from an ensemble of teachers, achieves the state-of-the-art privacy-utility trade-off with minimum expenditure of privacy budget. Moreover, we conduct additional experiments on cross-domain image classification with a sufficient domain gap to further unveil the advantage of VP in DP. Lastly, we also conduct extensive ablation studies to validate the effectiveness and contribution of VP under DP consideration. Our code is available at (https://github.com/EzzzLi/Prompt-PATE).