Professional Documents
Culture Documents
Diff Privacy
Diff Privacy
Should be very small, smaller than 1/number of points in the data set
(small data size)
• Properties of DP: All these apply if we use DP
• Resistance to side information available with
adversary.
• Post processing Invariance: Privacy risk does not
increase if we post process the output of DP
algorithm output.
• Graceful composition: Privacy risk do not
increase drastically even if multiple releases of
the same sensitive data are made.
• Group privacy: If the participation is of k
persons in DP instead of one person i.e., if D
and D’ private data values differ by k instead
of one then,
• Mechanism to satisfy the differential privacy?
• Two ways:
• Note that A( D ) f ( D) Z
Differentially Private SGD
• How Stochastic Gradient Descent works?
• How DP SGD works?