Timezone: »

Privacy Auditing with One (1) Training Run
Thomas Steinke · Milad Nasresfahani · Matthew Jagielski
Event URL: https://openreview.net/forum?id=q15zG9CHi8 »

We propose a scheme for auditing differentially private machine learning systems with a single training run. This exploits the parallelism of being able to add or remove multiple training examples independently. We analyze this using the connection between differential privacy and statistical generalization, which avoids the cost of group privacy. Our auditing scheme requires minimal assumptions about the algorithm and can be applied in the black-box (i.e., central DP) or white-box (i.e., federated learning) setting. We demonstrate the effectiveness of our framework by applying it to DP-SGD, where we can achieve meaningful empirical privacy lower bounds by training only one model, where standard methods would require training hundreds of models.

Author Information

Thomas Steinke (Google)
Milad Nasresfahani (Google)
Matthew Jagielski (Google)

More from the Same Authors