Notice: The reproducibility variables underlying each score are classified using an automated LLM-based pipeline, validated against a manually labeled dataset. LLM-based classification introduces uncertainty and potential bias; scores should be interpreted as estimates. Full accuracy metrics and methodology are described in Coakley et alK. L. Coakley, T. Snelleman, H. Hoos, and O. E. Gundersen, "The embrace of open science: An analysis of a decade of AI research and 56 800 conference papers," Under Review, 2026..
Bounding training data reconstruction in DP-SGD
Authors: Jamie Hayes, Borja Balle, Saeed Mahloujifar
NeurIPS 2023 | Venue PDF | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We now evaluate both our upper bounds for reconstruction success and our empirical privacy attacks (which gives us lower bounds on reconstruction success). We show that our attack has a success probability nearly identical to the bound given by our theory. |
| Researcher Affiliation | Collaboration | Jamie Hayes Google Deep Mind EMAIL Saeed Mahloujifar Meta AI EMAIL Borja Balle Google Deep Mind EMAIL |
| Pseudocode | Yes | Algorithm 1 Estimating γ; Algorithm 2 Prior-aware attack; Algorithm 3 Improved prior-aware attack |
| Open Source Code | No | The paper does not provide an explicit statement or link indicating that the source code for the described methodology is publicly available. |
| Open Datasets | Yes | We now compare the success of model-based and gradient-based reconstruction attacks against classification models trained with DP-SGD on MNIST and CIFAR-10. |
| Dataset Splits | No | The paper specifies training dataset sizes ('training set size is |D{z }| = 1, 000' for MNIST and 'training set size is |D{z }| = 500' for CIFAR-10) but does not provide explicit training, validation, and test splits (e.g., percentages or sample counts for each split). |
| Hardware Specification | Yes | Setting T = 1 and using a 2.3 GHz 8-Core Intel Core i9 CPU it takes 0.002s to estimate with 10,000 samples. |
| Software Dependencies | No | The paper mentions using ML models like 'MLP' and 'Wide Res Net model' but does not specify software dependencies with version numbers (e.g., 'PyTorch 1.9' or 'TensorFlow 2.x'). |
| Experiment Setup | Yes | We refer to Appendix A for experimental details. For each ϵ, we select the learning rate by sweeping over a range of values between 0.001 and 100; we do not use any momentum in optimization. We set C = 0.1, δ = 10 5 and adjust the noise scale σ for a given target ϵ. Appendix A includes Table 1: Hyperparameter settings for each experiment. |