Inference and Interference: The Role of Clipping, Pruning and Loss Landscapes in Differentially Private Stochastic Gradient Descent

TL;DR

This paper investigates the dynamics of DP-SGD, revealing that clipping impacts training more than noise, and demonstrates that magnitude pruning can enhance DP-SGD performance in large neural networks.

Contribution

The study provides a detailed analysis of DP-SGD's behavior, highlighting the dominant role of clipping over noise and proposing pruning as a method to improve privacy-preserving training.

Findings

Clipping has a larger impact than noise on DP-SGD performance.

Heavy pruning can improve test accuracy of DP-SGD.

Behavior in later training stages determines overall results.

Abstract

Differentially private stochastic gradient descent (DP-SGD) is known to have poorer training and test performance on large neural networks, compared to ordinary stochastic gradient descent (SGD). In this paper, we perform a detailed study and comparison of the two processes and unveil several new insights. By comparing the behavior of the two processes separately in early and late epochs, we find that while DP-SGD makes slower progress in early stages, it is the behavior in the later stages that determines the end result. This separate analysis of the clipping and noise addition steps of DP-SGD shows that while noise introduces errors to the process, gradient descent can recover from these errors when it is not clipped, and clipping appears to have a larger impact than noise. These effects are amplified in higher dimensions (large neural networks), where the loss basin occupies a lower dimensional space. We argue theoretically and using extensive experiments that magnitude pruning can be a suitable dimension reduction technique in this regard, and find that heavy pruning can improve the test accuracy of DPSGD.