A Randomized Approach to Tight Privacy Accounting
Authors: Jiachen (Tianhao) Wang, Saeed Mahloujifar, Tong Wu, Ruoxi Jia, Prateek Mittal
NeurIPS 2023 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | An empirical evaluation shows the proposed EVR paradigm improves the utility-privacy tradeoff for privacy-preserving machine learning. (Abstract) / 6 Numerical Experiments: In this section, we conduct numerical experiments to illustrate (1) EVR paradigm with MC verifiers enables a tighter privacy analysis, and (2) MC accountant achieves state-of-the-art performance in privacy parameter estimation. |
| Researcher Affiliation | Academia | Jiachen T. Wang Princeton University tianhaowang@princeton.edu Saeed Mahloujifar Princeton University sfar@princeton.edu Tong Wu Princeton University tongwu@princeton.edu Ruoxi Jia Virginia Tech ruoxijia@vt.edu Prateek Mittal Princeton University pmittal@princeton.edu |
| Pseudocode | Yes | Algorithm 1 Estimate-Verify-Release (EVR) Framework / Algorithm 2 DPV(M, ε, δest) with Simple MC Estimator and Offset Parameter . / Algorithm 3 MC Accountant for εY (δ). |
| Open Source Code | No | The paper does not include any explicit statements or links indicating that the source code for the described methodology is open-source or publicly available. |
| Open Datasets | Yes | To further underscore the superiority of the EVR paradigm in practical applications, we illustrate the privacy-utility tradeoff curve when finetuning on CIFAR100 dataset with DP-SGD. (Section 6.1) / Image Net-pretrained BEi T [4] on CIFAR100 (Figure 4, H.2.1, H.2.2) |
| Dataset Splits | No | The paper mentions using CIFAR100 and ImageNet for training but does not explicitly state the specific training/validation/test splits (e.g., percentages or sample counts) needed for reproduction. It refers to following existing training procedures but does not detail the splits. |
| Hardware Specification | Yes | The runtime is estimated on an NVIDIA A100-SXM4-80GB GPU. (Figure 3 (b) caption) / when using a NVIDIA A100-SXM4-80GB GPU (Section H.1) |
| Software Dependencies | No | Section H.1 mentions 'Py Torch s CUDA functionality' and 'torch.randn' but does not specify exact version numbers for PyTorch, CUDA, or other key software components. |
| Experiment Setup | Yes | For DP-GD training, we set σ as 28.914, clipping norm as 1, learning rate as 2, and we train for at most 60 iterations, and we only finetune the last layer on CIFAR-100. (Section H.2.1) / For DP-SGD training, we set σ as 5.971, clipping norm as 1, learning rate as 0.2, momentum as 0.9, batch size as 4096, and we train for at most 360 iterations (30 epochs). (Section H.2.2) / For Figure 1 & Figure 3, the FFT-based method has hyperparameter being set as εerror = 10 3, δerror = 10 10. (Section H.2.1) |