Synthetic Query Generation for Privacy-Preserving Deep Retrieval Systems using Differentially Private Language Models
Aldo Gael Carranza, Rezsa Farahani, Natalia Ponomareva, Alex Kurakin, Matthew Jagielski, Milad Nasr
TL;DR
This work tackles privacy in deep retrieval by generating private synthetic queries with differentially private language models, removing the need to directly DP-train non-decomposable contrastive losses. By fine-tuning a publicly pretrained LM under DP to generate queries conditioned on documents, the authors create synthetic paired data that can train dual-encoder retrievers with standard, non-private methods while preserving query-level privacy. Empirical results show that models trained on DP-synthetic data outperform those trained directly under DP and, in many cases, approach non-private performance, with zero-shot generalization benefits. The study highlights the potential of leveraging DP LMs for privacy-preserving ML systems, while also outlining limitations related to computational cost, data overlap, and the scope of privacy guarantees.
Abstract
We address the challenge of ensuring differential privacy (DP) guarantees in training deep retrieval systems. Training these systems often involves the use of contrastive-style losses, which are typically non-per-example decomposable, making them difficult to directly DP-train with since common techniques require per-example gradients. To address this issue, we propose an approach that prioritizes ensuring query privacy prior to training a deep retrieval system. Our method employs DP language models (LMs) to generate private synthetic queries representative of the original data. These synthetic queries can be used in downstream retrieval system training without compromising privacy. Our approach demonstrates a significant enhancement in retrieval quality compared to direct DP-training, all while maintaining query-level privacy guarantees. This work highlights the potential of harnessing LMs to overcome limitations in standard DP-training methods.