TY - JOUR
T1 - Beyond the Calibration Point
T2 - 41st International Conference on Machine Learning, ICML 2024
AU - Kaissis, Georgios
AU - Kolek, Stefan
AU - Balle, Borja
AU - Hayes, Jamie
AU - Rueckert, Daniel
N1 - Publisher Copyright:
Copyright 2024 by the author(s)
PY - 2024
Y1 - 2024
N2 - In differentially private (DP) machine learning, the privacy guarantees of DP mechanisms are often reported and compared on the basis of a single (ε, δ)-pair. This practice overlooks that DP guarantees can vary substantially even between mechanisms sharing a given (ε, δ), and potentially introduces privacy vulnerabilities which can remain undetected. This motivates the need for robust, rigorous methods for comparing DP guarantees in such cases. Here, we introduce the ∆-divergence between mechanisms which quantifies the worst-case excess privacy vulnerability of choosing one mechanism over another in terms of (ε, δ), f-DP and in terms of a newly presented Bayesian interpretation. Moreover, as a generalisation of the Blackwell theorem, it is endowed with strong decision-theoretic foundations. Through application examples, we show that our techniques can facilitate informed decision-making and reveal gaps in the current understanding of privacy risks, as current practices in DP-SGD often result in choosing mechanisms with high excess privacy vulnerabilities.
AB - In differentially private (DP) machine learning, the privacy guarantees of DP mechanisms are often reported and compared on the basis of a single (ε, δ)-pair. This practice overlooks that DP guarantees can vary substantially even between mechanisms sharing a given (ε, δ), and potentially introduces privacy vulnerabilities which can remain undetected. This motivates the need for robust, rigorous methods for comparing DP guarantees in such cases. Here, we introduce the ∆-divergence between mechanisms which quantifies the worst-case excess privacy vulnerability of choosing one mechanism over another in terms of (ε, δ), f-DP and in terms of a newly presented Bayesian interpretation. Moreover, as a generalisation of the Blackwell theorem, it is endowed with strong decision-theoretic foundations. Through application examples, we show that our techniques can facilitate informed decision-making and reveal gaps in the current understanding of privacy risks, as current practices in DP-SGD often result in choosing mechanisms with high excess privacy vulnerabilities.
UR - http://www.scopus.com/inward/record.url?scp=85203848915&partnerID=8YFLogxK
M3 - Conference article
AN - SCOPUS:85203848915
SN - 2640-3498
VL - 235
SP - 22840
EP - 22860
JO - Proceedings of Machine Learning Research
JF - Proceedings of Machine Learning Research
Y2 - 21 July 2024 through 27 July 2024
ER -