Confidential-DPproof: Confidential Proof of Differentially Private Training
Authors: Ali Shahin Shamsabadi, Gefei Tan, Tudor Ioan Cebere, Aurélien Bellet, Hamed Haddadi, Nicolas Papernot, Xiao Wang, Adrian Weller
ICLR 2024 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | In experiments on CIFAR-10, Confidential DPproof trains a model achieving state-of-the-art 91% test accuracy with a certified privacy guarantee of (ε = 0.55, δ = 10 5)-DP in approximately 100 hours. and 4 EXPERIMENTAL EVALUATION |
| Researcher Affiliation | Collaboration | 1 Brave Software, 2 Northwestern University, 3 Inria, Univ Lille, 4 Inria, Univ Montpellier, 5 Imperial College London, 6 Vector Institute, 7 University of Toronto, 8 University of Cambridge, 9 The Alan Turing Institute |
| Pseudocode | Yes | Algorithm 1: Differentially Private Stochastic Gradient Descent (DP-SGD), Algorithm 2: Unbiased randomness seed commitment, Algorithm 3: Zero Knowledge Proof of DP-SGD Training |
| Open Source Code | Yes | We have described our framework in details and our code is available at https://github.com/brave-experiments/Confidential-DPproof and https://github.com/ Gefei-Tan/Confidential-DPProof-zk. |
| Open Datasets | Yes | We consider two common datasets (see Appendix A), for DP-SGD training benchmarking Tramer & Boneh (2021); Papernot et al. (2021); De et al. (2022); Shamsabadi & Papernot (2023): CIFAR-10 and MNIST. |
| Dataset Splits | No | The paper mentions training iterations and evaluates performance on a test set but does not explicitly state the use or size of a validation dataset split. |
| Hardware Specification | Yes | Our experiment is conducted on two Amazon Ec2 m1.xlarge machines (ARM machines), representing the prover and auditor. and across three different machines with different CPUs: ARM, intel, and AMD (m1.xlarge, m7i.2xlarge, m7a.2xlarge, all with 16GB of RAM) |
| Software Dependencies | No | The paper mentions EMP-toolkit (Wang et al., 2016) and a Python implementation (Tramer & Boneh, 2021) but does not provide specific version numbers for Python or any other software libraries. |
| Experiment Setup | Yes | Prover and auditor agree on the DP-SGD training algorithm and specific values for its hyperparameters including minibatch size, noise multiplier, clipping norm, learning rate, number of iterations and loss function. and Table 2 details: Clipping norm 0.1, Noise multiplier 3 for CIFAR-10 and Clipping norm 0.1, Noise multiplier 3.32 for MNIST. |