PATE-TripleGAN: Privacy-Preserving Image Synthesis with Gaussian Differential Privacy

TL;DR

This paper introduces PATE-TripleGAN, a privacy-preserving image synthesis framework that combines a classifier with a hybrid gradient desensitization algorithm to generate high-quality labeled images while protecting data privacy.

Contribution

It proposes a novel three-party min-max game and a hybrid gradient desensitization algorithm based on PATE and DPSGD to improve privacy and utility in image generation.

Findings

Achieves higher quality labeled image datasets with privacy guarantees.

Effectively reduces dependence on labeled data for training.

Maintains gradient information better while ensuring differential privacy.

Abstract

Conditional Generative Adversarial Networks (CGANs) exhibit significant potential in supervised learning model training by virtue of their ability to generate realistic labeled images. However, numerous studies have indicated the privacy leakage risk in CGANs models. The solution DPCGAN, incorporating the differential privacy framework, faces challenges such as heavy reliance on labeled data for model training and potential disruptions to original gradient information due to excessive gradient clipping, making it difficult to ensure model accuracy. To address these challenges, we present a privacy-preserving training framework called PATE-TripleGAN. This framework incorporates a classifier to pre-classify unlabeled data, establishing a three-party min-max game to reduce dependence on labeled data. Furthermore, we present a hybrid gradient desensitization algorithm based on the Private Aggregation of Teacher Ensembles (PATE) framework and Differential Private Stochastic Gradient Descent (DPSGD) method. This algorithm allows the model to retain gradient information more effectively while ensuring privacy protection, thereby enhancing the model's utility. Privacy analysis and extensive experiments affirm that the PATE-TripleGAN model can generate a higher quality labeled image dataset while ensuring the privacy of the training data.