DPDR: Gradient Decomposition and Reconstruction for Differentially Private Deep Learning

TL;DR

DPDR introduces a gradient decomposition and reconstruction framework for differentially private deep learning, improving privacy efficiency and model utility by recycling common knowledge and focusing privacy budget on incremental information.

Contribution

It proposes a novel DP training method that decomposes gradients to better utilize privacy budget, enhancing convergence and accuracy over existing approaches.

Findings

DPDR outperforms state-of-the-art baselines in convergence rate.

DPDR achieves higher accuracy with better privacy efficiency.

Theoretical analysis confirms the effectiveness of gradient decomposition.

Abstract

Differentially Private Stochastic Gradients Descent (DP-SGD) is a prominent paradigm for preserving privacy in deep learning. It ensures privacy by perturbing gradients with random noise calibrated to their entire norm at each training step. However, this perturbation suffers from a sub-optimal performance: it repeatedly wastes privacy budget on the general converging direction shared among gradients from different batches, which we refer as common knowledge, yet yields little information gain. Motivated by this, we propose a differentially private training framework with early gradient decomposition and reconstruction (DPDR), which enables more efficient use of the privacy budget. In essence, it boosts model utility by focusing on incremental information protection and recycling the privatized common knowledge learned from previous gradients at early training steps. Concretely, DPDR incorporates three steps. First, it disentangles common knowledge and incremental information in current gradients by decomposing them based on previous noisy gradients. Second, most privacy budget is spent on protecting incremental information for higher information gain. Third, the model is updated with the gradient reconstructed from recycled common knowledge and noisy incremental information. Theoretical analysis and extensive experiments show that DPDR outperforms state-of-the-art baselines on both convergence rate and accuracy.