Beyond the Calibration Point: Mechanism Comparison in Differential Privacy
MCML Authors
Georgios Kaissis
Dr.
Principal Investigator
* Former Principal Investigator
Daniel Rückert
Prof. Dr.
Director
Abstract
Georgios Kaissis
Dr.
Principal Investigator
* Former Principal Investigator
Daniel Rückert
Prof. Dr.
Director
Abstract
In differentially private (DP) machine learning, the privacy guarantees of DP mechanisms are often reported and compared on the basis of a single pε,δq-pair. This practice overlooks that DP guarantees can vary substantially even between mechanisms sharing a given pε,δq, and potentially introduces privacy vulnerabilities which can remain undetected. This motivates the need for robust, rigorous methods for comparing DP guarantees in such cases. Here, we introduce the ∆-divergence between mechanisms which quantifies the worst-case excess privacy vulnerability of choosing one mechanism over another in terms of pε,δq, f-DP and in terms of a newly presented Bayesian interpretation. Moreover, as a generalisation of the Blackwell theorem, it is endowed with strong decision-theoretic foundations. Through application examples, we show that our techniques can facilitate informed decision-making and reveal gaps in the current understanding of privacy risks, as current practices in DP-SGD often result in choosing mechanisms with high excess privacy vulnerabilities.
inproceedings KKB+24
ICML 2024
41st International Conference on Machine Learning. Vienna, Austria, Jul 21-27, 2024.
Authors
G. Kaissis • S. Kolek • B. Balle • J. Hayes • D. RückertLinks
URLIn Collaboration
Google
Research Areas
BibTeXKey: KKB+24