Correlating Cross-Iteration Noise for DP-SGD using Model Curvature
Gu, Xin, Xiao, Yingtai, He, Guanlin, Bai, Jiamu, Kifer, Daniel, Maeng, Kiwan
–arXiv.org Artificial Intelligence
Differentially private stochastic gradient descent (DP-SGD) offers the promise of training deep learning models while mitigating many privacy risks. However, there is currently a large accuracy gap between DP-SGD and normal SGD training. This has resulted in different lines of research investigating orthogonal ways of improving privacy-preserving training. One such line of work, known as DP-MF, correlates the privacy noise across different iterations of stochastic gradient descent - allowing later iterations to cancel out some of the noise added to earlier iterations. In this paper, we study how to improve this noise correlation. We propose a technique called Noise-Curve that uses model curvature, estimated from public unlabeled data, to improve the quality of this cross-iteration noise correlation. Our experiments on various datasets, models, and privacy parameters show that the noise correlations computed by NoiseCurve offer consistent and significant improvements in accuracy over the correlation scheme used by DP-MF. Differential privacy (DP) (Dwork et al., 2006b) is a rigorous mathematical framework that limits the amount of personal information an attacker can infer from the output of an algorithm that processes confidential data. Differentially private stochastic gradient descent (DP-SGD, (Abadi et al., 2016)) is one of the most popular methods for training machine learning (ML) models with DP guarantees. DP-SGD differs from standard SGD in two important ways.
arXiv.org Artificial Intelligence
Oct-8-2025
- Country:
- Europe (0.67)
- North America > United States (0.28)
- Genre:
- Research Report (1.00)
- Industry:
- Information Technology > Security & Privacy (1.00)
- Technology: