Go to ICLR 2026 Conference homepageQuantifying Information Disclosure During Gradient Descent Using Gradient Uniqueness
Keywords: Gradient Uniqueness (GNQ), Information Disclosure, Privacy Auditing, GNQ-based Defenses
Abstract: Disclosing private information via publication of a machine learning model is often a concern. Intuitively, publishing a learned model should be less risky than publishing a data set. But how much risk is there? In this paper, we present a principled disclosure metric called \emph{gradient uniqueness} that is derived from an upper bound on the amount of information disclosure from publishing a learned model. Gradient uniqueness provides an intuitive way to perform privacy auditing. The mathematical derivation of gradient uniqueness is general,
and does not make any assumption on the model architecture, dataset type, or the strategy of an attacker. We examine a simple defense based on monitoring gradient uniqueness, and find that it achieves privacy comparable to classical methods such as DP-SGD, while being substantially better in terms of (utility) testing accuracy.
Primary Area: alignment, fairness, safety, privacy, and societal considerations
Submission Number: 15313
Loading