On the MIA Vulnerability Gap Between Private GANs and Diffusion Models
This work addresses privacy risks for users of generative models by revealing a structural advantage of GANs over diffusion models in resisting MIAs, which is an incremental but important finding for secure data synthesis.
The paper tackled the problem of comparing membership inference attack (MIA) vulnerability between differentially private GANs and diffusion models, finding that GANs consistently exhibit lower privacy leakage across datasets and privacy budgets, with a marked robustness gap in favor of GANs.
Generative Adversarial Networks (GANs) and diffusion models have emerged as leading approaches for high-quality image synthesis. While both can be trained under differential privacy (DP) to protect sensitive data, their sensitivity to membership inference attacks (MIAs), a key threat to data confidentiality, remains poorly understood. In this work, we present the first unified theoretical and empirical analysis of the privacy risks faced by differentially private generative models. We begin by showing, through a stability-based analysis, that GANs exhibit fundamentally lower sensitivity to data perturbations than diffusion models, suggesting a structural advantage in resisting MIAs. We then validate this insight with a comprehensive empirical study using a standardized MIA pipeline to evaluate privacy leakage across datasets and privacy budgets. Our results consistently reveal a marked privacy robustness gap in favor of GANs, even in strong DP regimes, highlighting that model type alone can critically shape privacy leakage.