Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

PAC Privacy Preserving Diffusion Models

Qipan Xu, Youlong Ding, Xinxi Zhang, Jie Gao, Hao Wang

TL;DR

The PAC Privacy Preserving Diffusion Model is introduced, a model that leverages diffusion principles and ensure Probably Approximately Correct (PAC) privacy and has shown superior performance in privacy protection over existing leading private generative models according to benchmark tests.

Abstract

Data privacy protection is garnering increased attention among researchers. Diffusion models (DMs), particularly with strict differential privacy, can potentially produce images with both high privacy and visual quality. However, challenges arise such as in ensuring robust protection in privatizing specific data attributes, areas where current models often fall short. To address these challenges, we introduce the PAC Privacy Preserving Diffusion Model, a model leverages diffusion principles and ensure Probably Approximately Correct (PAC) privacy. We enhance privacy protection by integrating a private classifier guidance into the Langevin Sampling Process. Additionally, recognizing the gap in measuring the privacy of models, we have developed a novel metric to gauge privacy levels. Our model, assessed with this new metric and supported by Gaussian matrix computations for the PAC bound, has shown superior performance in privacy protection over existing leading private generative models according to benchmark tests.

PAC Privacy Preserving Diffusion Models

TL;DR

The PAC Privacy Preserving Diffusion Model is introduced, a model that leverages diffusion principles and ensure Probably Approximately Correct (PAC) privacy and has shown superior performance in privacy protection over existing leading private generative models according to benchmark tests.

Abstract

Data privacy protection is garnering increased attention among researchers. Diffusion models (DMs), particularly with strict differential privacy, can potentially produce images with both high privacy and visual quality. However, challenges arise such as in ensuring robust protection in privatizing specific data attributes, areas where current models often fall short. To address these challenges, we introduce the PAC Privacy Preserving Diffusion Model, a model leverages diffusion principles and ensure Probably Approximately Correct (PAC) privacy. We enhance privacy protection by integrating a private classifier guidance into the Langevin Sampling Process. Additionally, recognizing the gap in measuring the privacy of models, we have developed a novel metric to gauge privacy levels. Our model, assessed with this new metric and supported by Gaussian matrix computations for the PAC bound, has shown superior performance in privacy protection over existing leading private generative models according to benchmark tests.
Paper Structure (23 sections, 5 theorems, 28 equations, 3 figures, 3 tables, 4 algorithms)

This paper contains 23 sections, 5 theorems, 28 equations, 3 figures, 3 tables, 4 algorithms.

Table of Contents

  1. Introduction
  2. Related Work
  3. Early Works on Differentially Private Image Generation
  4. Differentially Private Diffusion Models
  5. Background
  6. Differential Privacy
  7. PAC Privacy
  8. Basic Definition
  9. Noise Determination and Simulated Privacy Guarantee with High Confidence
  10. Conditional Diffusion Models
  11. Methods
  12. Conditional Private Langevin Sampling
  13. Privacy Metrics
  14. PAC Privacy Proof of Our Model
  15. Experiments
  16. ...and 8 more sections

Key Result

Theorem 3.1

As discussed in xiao2023pac, for any selected $f$-divergence $\mathcal{D}_{f}$, a mechanism $\mathcal{M}: \mathcal{X}^* \to \mathcal{Y}$ satisfies $(\Delta_{f}\delta, \rho, \mathsf{D})$ PAC Advantage Privacy if In particular, when we select $\mathcal{D}_{f}$ to be the KL-divergence and $\mathcal{P}_W = \mathcal{P}_{\mathcal{M}(X)}$, $\mathcal{M}$ satisfies $(\Delta_{KL}\delta, \rho, \mathsf{D})$

Figures (3)

  • Figure 1: CelebA images generated from DPDM, DPGEN and our model from left to right with image resolution $64 \times 64$.
  • Figure 2: Generated images (the second row) and their nearest neighbors measured by the $l_2$ distance between images from CelebA-smile dataset (the first row), with image resolution 64 × 64.
  • Figure 3: Privacy score and FID curve of all datapoints from different models. Each datapoint in the figure consists of mean and standard deviation from 3 experimental results with the same epsilon and different random seeds. Top-right corner is preferred. The curve from our method, pushes the frontier to the upper-right over DPGEN chen2022dpgen, DPDM dockhorn2022differentially and DP-MEPF harder2023pre. For more details related to data points in this figure, please refer to Appendix \ref{['App.C']}.

Theorems & Definitions (13)

  • Definition 3.1
  • Definition 3.2
  • Definition 3.3
  • Theorem 3.1
  • proof
  • Theorem 3.2: xiao2023pac
  • proof
  • Theorem 3.3: xiao2023pac
  • proof
  • Lemma A.1
  • ...and 3 more