The Elusive Pursuit of Reproducing PATE-GAN: Benchmarking, Auditing, Debugging
Abstract: Synthetic data created by differentially private (DP) generative models is increasingly used in real-world settings.
In this context, PATE-GAN has emerged as one of the most popular algorithms, combining Generative Adversarial Networks (GANs) with the private training approach of PATE (Private Aggregation of Teacher Ensembles).
In this paper, we set out to reproduce the utility evaluation from the original PATE-GAN paper, compare available implementations, and conduct a privacy audit.
More precisely, we analyze and benchmark six open-source PATE-GAN implementations, including three by (a subset of) the original authors.
First, we shed light on architecture deviations and empirically demonstrate that none reproduce the utility performance reported in the original paper.
We then present an in-depth privacy evaluation, which includes DP auditing, and show that \textit{all implementations leak more privacy than intended}.
Furthermore, we uncover \textit{18 privacy violations} and 5 other bugs in these six open-source implementations.
Lastly, we will make our codebase publicly available.
Submission Length: Regular submission (no more than 12 pages of main content)
Assigned Action Editor: ~Antti_Koskela1
Submission Number: 3505
Loading