Oral Poster

Privacy Auditing with One (1) Training Run

Thomas Steinke · Milad Nasr · Matthew Jagielski

Great Hall & Hall B1+B2 (level 1) #1523
award Outstanding Paper
[ ]
Tue 12 Dec 3:15 p.m. PST — 5:15 p.m. PST
 
Oral presentation: Oral 2D Privacy
Tue 12 Dec 1:40 p.m. PST — 2:40 p.m. PST

Abstract:

We propose a scheme for auditing differentially private machine learning systems with a single training run. This exploits the parallelism of being able to add or remove multiple training examples independently. We analyze this using the connection between differential privacy and statistical generalization, which avoids the cost of group privacy. Our auditing scheme requires minimal assumptions about the algorithm and can be applied in the black-box or white-box setting. We demonstrate the effectiveness of our framework by applying it to DP-SGD, where we can achieve meaningful empirical privacy lower bounds by training only one model. In contrast, standard methods would require training hundreds of models.

Chat is not available.