Learning Differentially Private Recurrent Language Models
About
We demonstrate that it is possible to train large recurrent language models with user-level differential privacy guarantees with only a negligible cost in predictive accuracy. Our work builds on recent advances in the training of deep networks on user-partitioned data and privacy accounting for stochastic gradient descent. In particular, we add user-level privacy protection to the federated averaging algorithm, which makes "large step" updates from user-level data. Our work demonstrates that given a dataset with a sufficiently large number of users (a requirement easily met by even small internet-scale datasets), achieving differential privacy comes at the cost of increased computation, rather than in decreased utility as in most prior work. We find that our private LSTM language models are quantitatively and qualitatively similar to un-noised models when trained on a large dataset.
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Image Classification | CIFAR-10 (test) | Accuracy66.58 | 3381 | |
| Image Classification | EMNIST (test) | Accuracy78.06 | 174 | |
| Image Classification | CIFAR-100 non-IID (test) | Test Accuracy (Avg Best)20.75 | 62 | |
| Image Classification | Non-IID MNIST alpha=0.5 (test) | Accuracy77.96 | 12 | |
| Image Classification | CIFAR-10 non-IID (α=0.1) (test) | Accuracy30.09 | 12 | |
| Face Verification | DigiFace 10K (test) | Recall@FAR=1e-372.37 | 4 | |
| Face Verification | DigiFace 10K (val) | Recall@FAR=1e-372.57 | 4 | |
| Image Verification | DigiFace | Recall@FAR=1e-3 (AllPair)13.38 | 2 | |
| Image Verification | EMNIST classes 36-62 (test) | Recall@FAR=1e-3 (Approx)9.78 | 2 | |
| Image Verification | GLD | Recall@FAR=1e-3 (Approx)24.48 | 2 |