Differentially Private Variational Autoencoders with Term-wise Gradient Aggregation
This work addresses privacy-preserving machine learning for VAEs, offering an incremental improvement in noise reduction for specific divergence-based regularization.
The paper tackles the problem of learning differentially private variational autoencoders (VAEs) with multiple divergences, which increases sensitivity and noise in DP-SGD, by proposing term-wise DP-SGD to maintain O(1) sensitivity and reduce noise, demonstrating effectiveness in experiments with two prior-divergence pairs.
This paper studies how to learn variational autoencoders with a variety of divergences under differential privacy constraints. We often build a VAE with an appropriate prior distribution to describe the desired properties of the learned representations and introduce a divergence as a regularization term to close the representations to the prior. Using differentially private SGD (DP-SGD), which randomizes a stochastic gradient by injecting a dedicated noise designed according to the gradient's sensitivity, we can easily build a differentially private model. However, we reveal that attaching several divergences increase the sensitivity from O(1) to O(B) in terms of batch size B. That results in injecting a vast amount of noise that makes it hard to learn. To solve the above issue, we propose term-wise DP-SGD that crafts randomized gradients in two different ways tailored to the compositions of the loss terms. The term-wise DP-SGD keeps the sensitivity at O(1) even when attaching the divergence. We can therefore reduce the amount of noise. In our experiments, we demonstrate that our method works well with two pairs of the prior distribution and the divergence.