Optimized Tradeoffs for Private Majority Ensembling

Shuli Jiang; Qiuyi Zhang; Gauri Joshi

Optimized Tradeoffs for Private Majority Ensembling

Shuli Jiang, Qiuyi Zhang, Gauri Joshi

21 Sept 2023 (modified: 11 Feb 2024)Submitted to ICLR 2024EveryoneRevisionsBibTeX

Primary Area: societal considerations including fairness, safety, privacy

Code Of Ethics: I acknowledge that I and all co-authors of this work have read and commit to adhering to the ICLR Code of Ethics.

Keywords: differential privacy, ensemble learning

Submission Guidelines: I certify that this submission complies with the submission instructions as described on https://iclr.cc/Conferences/2024/AuthorGuide.

TL;DR: Optimizing privacy-utility tradeoffs in private ensemble learning

Abstract: We study the problem of computing an $(m\epsilon, \delta)$-differentially private majority of $K$ $(\epsilon, \Delta)$-differentially private algorithms for $m < K$ and $\delta \geq \Delta \geq 0$. Standard methods, such as subsampling or randomized response, are widely used but do they provide optimal privacy-utility tradeoffs? Surprisingly, we show that an $(m\epsilon, \delta)$-private majority algorithm with maximal utility can be computed tractably for any $m < K$. Specifically, we introduce Data-dependent Randomized Response Majority (DaRRM), a general privacy framework characterized by a data-dependent noise function $\gamma$ that allows for efficient utility optimization over the class of all private algorithms subject to privacy constraints. By deriving a structural understanding of DaRRM, our novel learning approach is made tractable by critically reducing infinitely many privacy constraints into a polynomial set. Theoretically, we show DaRRM enjoys a privacy gain of a factor of 2 over common baselines under i.i.d. teachers and $\delta = 0$. Lastly, we demonstrate the empirical effectiveness of our first-of-its-kind privacy-constrained utility optimization for ensembling labels and gradients from private teachers through applications of private semi-supervised knowledge transfer and private distributed Sign-SGD, highlighting the outstanding performance of our DaRRM framework with an optimized $\gamma$ against several baselines.

Anonymous Url: I certify that there is no URL (e.g., github page) that could be used to find authors' identity.

Supplementary Material: pdf

No Acknowledgement Section: I certify that there is no acknowledgement section in this submission for double blind review.

Submission Number: 3830

Loading