Timezone: »
Poster
Model-Agnostic Private Learning
Raef Bassily · Abhradeep Guha Thakurta · Om Thakkar
We design differentially private learning algorithms that are agnostic to the learning model assuming access to limited amount of unlabeled public data. First, we give a new differentially private algorithm for answering a sequence of $m$ online classification queries (given by a sequence of $m$ unlabeled public feature vectors) based on a private training set. Our private algorithm follows the paradigm of subsample-and-aggregate, in which any generic non-private learner is trained on disjoint subsets of the private training set, then for each classification query, the votes of the resulting classifiers ensemble are aggregated in a differentially private fashion. Our private aggregation is based on a novel combination of distance-to-instability framework [Smith & Thakurta 2013] and the sparse-vector technique [Dwork et al. 2009, Hardt & Talwar 2010]. We show that our algorithm makes a conservative use of the privacy budget. In particular, if the underlying non-private learner yields classification error at most $\alpha\in (0, 1)$, then our construction answers more queries, by at least a factor of $1/\alpha$ in some cases, than what is implied by a straightforward application of the advanced composition theorem for differential privacy. Next, we apply the knowledge transfer technique to construct a private learner that outputs a classifier, which can be used to answer unlimited number of queries. In the PAC model, we analyze our construction and prove upper bounds on the sample complexity for both the realizable and the non-realizable cases. As in non-private sample complexity, our bounds are completely characterized by the VC dimension of the concept class.
Author Information
Raef Bassily (The Ohio State University)
Abhradeep Guha Thakurta (University of California Santa Cruz)
Om Thakkar (Boston University)
Related Events (a corresponding poster, oral, or spotlight)
-
2018 Oral: Model-Agnostic Private Learning »
Tue. Dec 4th 08:50 -- 09:05 PM Room Room 517 CD
More from the Same Authors
-
2020 : Understanding Unintended Memorization in Federated Learning »
Om Thakkar -
2021 Poster: Revealing and Protecting Labels in Distributed Training »
Trung Dang · Om Thakkar · Swaroop Ramaswamy · Rajiv Mathews · Peter Chin · Françoise Beaufays -
2021 Poster: Differentially Private Learning with Adaptive Clipping »
Galen Andrew · Om Thakkar · Brendan McMahan · Swaroop Ramaswamy -
2020 : Contributed Talk #7: Training Production Language Models without Memorizing User Data »
Swaroop Ramaswamy · Om Thakkar -
2020 Poster: Privacy Amplification via Random Check-Ins »
Borja Balle · Peter Kairouz · Brendan McMahan · Om Thakkar · Abhradeep Guha Thakurta -
2019 Poster: Private Stochastic Convex Optimization with Optimal Rates »
Raef Bassily · Vitaly Feldman · Kunal Talwar · Abhradeep Guha Thakurta -
2019 Spotlight: Private Stochastic Convex Optimization with Optimal Rates »
Raef Bassily · Vitaly Feldman · Kunal Talwar · Abhradeep Guha Thakurta -
2019 Poster: Limits of Private Learning with Access to Public Data »
Raef Bassily · Shay Moran · Noga Alon -
2017 Poster: Practical Locally Private Heavy Hitters »
Raef Bassily · Kobbi Nissim · Uri Stemmer · Abhradeep Guha Thakurta -
2015 Poster: Nearly Optimal Private LASSO »
Kunal Talwar · Abhradeep Guha Thakurta · Li Zhang