Differentially Private Kernel Inducing Points (DP-KIP) for Privacy-preserving Data Distillation
Vinaroz, Margarita, Park, Mi Jung
–arXiv.org Artificial Intelligence
While it is tempting to believe that data distillation preserves privacy, distilled data's empirical robustness against known attacks does not imply a provable privacy guarantee. Here, we develop a provably privacy-preserving data distillation algorithm, called differentially private kernel inducing points (DP-KIP). DP-KIP is an instantiation of DP-SGD on kernel ridge regression (KRR). Following a recent work, we use neural tangent kernels and minimize the KRR loss to estimate the distilled datapoints (i.e., kernel inducing points). We provide a computationally efficient JAX implementation of DP-KIP, which we test on several popular image and tabular datasets to show its efficacy in data distillation with differential privacy guarantees.
arXiv.org Artificial Intelligence
Jan-30-2023
- Country:
- North America
- United States
- New York > New York County
- New York City (0.04)
- California > Santa Clara County
- Palo Alto (0.04)
- New York > New York County
- Canada
- Ontario > Toronto (0.04)
- British Columbia (0.04)
- United States
- Europe > Germany
- Baden-Württemberg > Tübingen Region > Tübingen (0.14)
- North America
- Genre:
- Research Report > New Finding (0.48)
- Industry:
- Information Technology > Security & Privacy (1.00)
- Technology: