Unleashing the Power of Randomization in Auditing Differentially Private ML. (arXiv:2305.18447v1 [cs.LG])

We present a rigorous methodology for auditing differentially private machine
learning algorithms by adding multiple carefully designed examples called
canaries. We take a first principles approach based on three key components.
First, we introduce Lifted Differential Privacy (LiDP) that expands the
definition of differential privacy to handle randomized datasets. This gives us
the freedom to design randomized canaries. Second, we audit LiDP by trying to
distinguish between the model trained with $K$ canaries versus $K - 1$ canaries
in the …

algorithms auditing called components definition differential privacy key machine machine learning machine learning algorithms power principles privacy private randomization