One-shot Empirical Privacy Estimation for Federated Learning

arXiv:2302.03098v5 Announce Type: replace-cross
Abstract: Privacy estimation techniques for differentially private (DP) algorithms are useful for comparing against analytical bounds, or to empirically measure privacy loss in settings where known analytical bounds are not tight. However, existing privacy auditing techniques usually make strong assumptions on the adversary (e.g., knowledge of intermediate model iterates or the training data distribution), are tailored to specific tasks, model architectures, or DP algorithm, and/or require retraining the model many times (typically on the order of …

adversary algorithms arxiv auditing cs.cr cs.lg federated federated learning intermediate knowledge loss measure privacy private settings techniques