Differential Privacy

A mathematical guarantee that the of privacy wherein data is partitioned so that not everything is leaked.

Formal Definition

$$Pr[M(d)\in S]\le e^{ϵ}Pr[M(d^{\prime })\in S]+\delta$$

• $d,d^{\prime }$ - datasets (one with individual data)
• $M$ - training algorithm
• $S$ - any subset of trained models (i.e, models with >90% accuracy)
• $ϵ$ - privacy loss (how much one person is used)
• $\delta$ - slack allowing epsilon bound not to hold

Intuition

Pick any property of the trained model you care about (i.e performance, accuracy, etc). If you retrain the model many times, the model having that property doesn’t change much (at most factor $e^{ϵ}$ when someone’s data is added or removed)

Concepts

• DP Stochastic Gradient Descent