Differentially Private Generation of Small Images
This work addresses privacy concerns in image data generation for researchers, but it is incremental as it builds on existing methods and focuses on small datasets like MNIST.
The paper tackles the problem of training generative adversarial networks with differential privacy to anonymize image datasets, finding a saturated training regime where increased privacy budget yields minimal quality gains on MNIST, and identifies common errors in prior works.
We explore the training of generative adversarial networks with differential privacy to anonymize image data sets. On MNIST, we numerically measure the privacy-utility trade-off using parameters from $ε$-$δ$ differential privacy and the inception score. Our experiments uncover a saturated training regime where an increasing privacy budget adds little to the quality of generated images. We also explain analytically why differentially private Adam optimization is independent of the gradient clipping parameter. Furthermore, we highlight common errors in previous works on differentially private deep learning, which we uncovered in recent literature. Throughout the treatment of the subject, we hope to prevent erroneous estimates of anonymity in the future.