Timezone: »

 
Poster
Why Is Public Pretraining Necessary for Private Model Training?
Arun Ganesh · Mahdi Haghifam · Milad Nasresfahani · Sewoong Oh · Thomas Steinke · Om Thakkar · Abhradeep Guha Thakurta · Lun Wang

Thu Jul 27 01:30 PM -- 03:00 PM (PDT) @ Exhibit Hall 1 #205
in Poster Session 5 »

In the privacy-utility tradeoff of a model trained on benchmark language and vision tasks, remarkable improvements have been widely reported when the model is pretrained on public data. Some gain is expected as these models inherit the benefits of transfer learning, which is the standard motivation in non-private settings. However, the stark contrast in the gain of pretraining between non-private and private machine learning suggests that the gain in the latter is rooted in a fundamentally different cause. To explain this phenomenon, we hypothesize that the non-convex loss landscape of a model training necessitates the optimization algorithm to go through two phases. In the first, the algorithm needs to select a good ``basin'' in the loss landscape. In the second, the algorithm solves an easy optimization within that basin. The former is a harder problem to solve with private data, while the latter is harder to solve with public data due to a distribution shift or data scarcity. Guided by this intuition, we provide theoretical constructions that provably demonstrate the separation between private training with and without public pretraining. Further, systematic experiments on CIFAR10 and Librispeech provide supporting evidence for our hypothesis.

[ PDF [ Poster

Author Information

Arun Ganesh (Google)
Mahdi Haghifam (University of Toronto/Vector Institute)
Milad Nasresfahani (Google)
Sewoong Oh (University of Washington)
Thomas Steinke (Google)
Om Thakkar (Google)
Abhradeep Guha Thakurta (Google Deepmind)
Lun Wang (Google)

More from the Same Authors