Correlated Noise Mechanisms for Differentially Private Learning
This work addresses the challenge of balancing privacy and utility in AI/ML training for data-sensitive applications, representing an incremental advancement over independent noise methods.
The monograph tackles the problem of improving privacy-utility trade-offs in differentially private learning by designing correlated noise mechanisms, which introduce (anti-)correlations in noise to cancel out earlier noise and enhance performance, with demonstrated practical deployment at a global scale.
This monograph explores the design and analysis of correlated noise mechanisms for differential privacy (DP), focusing on their application to private training of AI and machine learning models via the core primitive of estimation of weighted prefix sums. While typical DP mechanisms inject independent noise into each step of a stochastic gradient (SGD) learning algorithm in order to protect the privacy of the training data, a growing body of recent research demonstrates that introducing (anti-)correlations in the noise can significantly improve privacy-utility trade-offs by carefully canceling out some of the noise added on earlier steps in subsequent steps. Such correlated noise mechanisms, known variously as matrix mechanisms, factorization mechanisms, and DP-Follow-the-Regularized-Leader (DP-FTRL) when applied to learning algorithms, have also been influential in practice, with industrial deployment at a global scale.