Privacy Auditing with One (1) Training Run
This addresses the challenge of efficient privacy verification for machine learning practitioners, though it appears incremental as it builds on existing connections between differential privacy and generalization.
The paper tackles the problem of auditing differentially private machine learning systems by proposing a scheme that requires only one training run, leveraging parallelism in adding or removing examples and avoiding group privacy costs.
We propose a scheme for auditing differentially private machine learning systems with a single training run. This exploits the parallelism of being able to add or remove multiple training examples independently. We analyze this using the connection between differential privacy and statistical generalization, which avoids the cost of group privacy. Our auditing scheme requires minimal assumptions about the algorithm and can be applied in the black-box or white-box setting.