Summary of It’s Our Loss: No Privacy Amplification For Hidden State Dp-sgd with Non-convex Loss, by Meenatchi Sundaram Muthu Selva Annamalai
It’s Our Loss: No Privacy Amplification for Hidden State DP-SGD With Non-Convex Loss
by Meenatchi Sundaram Muthu Selva Annamalai
First submitted to arxiv on: 9 Jul 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Cryptography and Security (cs.CR)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary DP-SGD is a widely used algorithm that trains machine learning models while preserving user privacy. However, the current analysis assumes releasing intermediate states, which isn’t realistic. Instead, only the final trained model is released in practice. Prior work has provided tighter analyses for constrained loss functions, but empirical observations suggest there’s a gap between theory and practice. This raises the question of whether it’s possible to amplify hidden state privacy guarantees for all loss functions. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary DP-SGD is an algorithm that trains machine learning models while keeping user information private. The usual way to analyze this is by releasing all the steps along the way, but in reality, only the final result gets shared. Some research has looked at how to improve privacy when using certain types of loss functions, but it seems like there’s a disconnect between what we can prove and what really happens. This makes us wonder if it’s possible to make our privacy protections better for all kinds of loss functions. |
Keywords
* Artificial intelligence * Machine learning
