On the Differentially Private Nature of Perturbed Gradient Descent
This work addresses privacy concerns in machine learning optimization for data-sensitive applications, but it is incremental as it builds on existing perturbed gradient descent methods by analyzing their privacy properties.
The paper tackles the problem of ensuring data privacy in empirical risk minimization using gradient descent, particularly in non-convex settings with saddle points, by showing that perturbed gradient descent inherently preserves privacy and quantifying it through differential privacy analysis, with results including privacy bounds that vary with parameters like problem dimension and database distance.
We consider the problem of empirical risk minimization given a database, using the gradient descent algorithm. We note that the function to be optimized may be non-convex, consisting of saddle points which impede the convergence of the algorithm. A perturbed gradient descent algorithm is typically employed to escape these saddle points. We show that this algorithm, that perturbs the gradient, inherently preserves the privacy of the data. We then employ the differential privacy framework to quantify the privacy hence achieved. We also analyze the change in privacy with varying parameters such as problem dimension and the distance between the databases.