Incentives in Private Collaborative Machine Learning

TL;DR

This work tackles the problem of incentivizing participation in private collaborative ML under privacy constraints. It introduces a DP-aware valuation tied to Bayesian surprise, ensuring that stronger DP guarantees reduce data value on average, and embeds this within a ρ-Shapley fair reward scheme to preserve individual rationality and group welfare. To realize target rewards, two reward-control mechanisms are proposed: adding DP-aware noise to perturbed statistics or tempering the likelihood to interpolate between prior and grand-coalition posteriors, with tempering demonstrating superior stability and similarity to the grand-posterior. Empirical results on synthetic and real datasets show predictable privacy-valuation and privacy-reward trade-offs and highlight the practical benefits of likelihood tempering for maintaining model utility while respecting DP requirements.

Abstract

Collaborative machine learning involves training models on data from multiple parties but must incentivize their participation. Existing data valuation methods fairly value and reward each party based on shared data or model parameters but neglect the privacy risks involved. To address this, we introduce differential privacy (DP) as an incentive. Each party can select its required DP guarantee and perturb its sufficient statistic (SS) accordingly. The mediator values the perturbed SS by the Bayesian surprise it elicits about the model parameters. As our valuation function enforces a privacy-valuation trade-off, parties are deterred from selecting excessive DP guarantees that reduce the utility of the grand coalition's model. Finally, the mediator rewards each party with different posterior samples of the model parameters. Such rewards still satisfy existing incentives like fairness but additionally preserve DP and a high similarity to the grand coalition's posterior. We empirically demonstrate the effectiveness and practicality of our approach on synthetic and real-world datasets.

Figures (14)

• Figure 1: An overview of our private collaborative ML problem setup from party $i$'s perspective and our novel contributions (ideas in blue, novel combination of solutions in blue). We (i) enforce a privacy-reward trade-off (using each party $i$'s desire for a higher-quality model reward in collaborative ML) to deter party $i$ from unfetteredly/overcautiously selecting an excessive DP guarantee (small ${\epsilon}_i$), (ii) ensure DP in valuation and rewards, and (iii) preserve similarity of its model reward $q_i(\theta)$ to the grand coalition $N$'s posterior $p(\theta|{\bm{o}}_N)$ to achieve a high utility.
• Figure 2: (a-c) Graphs of party $2$'s valuation $v_2$, Shapley value $\phi_2$, attained reward value $r_2$ vs. privacy guarantee ${\epsilon}_2$ for various datasets. (d-e) Graphs of attained reward value $r_i$ vs. ${\kappa_i}$ (Sec. \ref{['sec:temper']}) and ${\tau_i}$ (Sec. \ref{['sec:strengthen']}) for $2$ different noise realizations. (f) Graph of similarity $r'_i$ to grand coalition $N$'s posterior $p(\theta | {\bm{o}}_N)$ vs. $r_i$ for Syn dataset corresponding to (e).
• Figure 3: (a-c) Graphs of utility of party $2$'s model reward measured by MNLP$_r$ vs. privacy guarantee ${\epsilon}_2$ for various datasets. (d-f) Graphs of utility of model reward measured by MNLP$_r$ vs. attained reward value $r_i$ under the two reward control mechanisms for various datasets.
• Figure 4: In the graphical model above, all parties share the same prior belief $p(\theta)$ of model parameters $\theta$ and prior belief $p(\omega)$ of data parameters $\omega$. The mediator models its beliefs of the SS of each party separately and only observes the perturbed SS ${\bm{o}}_i$ of every party $i \in N$ (thus, only $O_i$ is shaded). The sufficient statistic $S_i$ is generated from the model inputs ${\bm{X}}_i$ and the model output ${\bm{y}}_i$ (which depends on the model parameters $\theta$). We illustrate the relationship between $\omega$, $X_i$, and $S_i$ as dashed lines as they may be modeled differently in the various DP noise-aware inference methods. See bernstein2019blrkulkarni2021glm for their respective graphical models and details.
• Figure 5: Our work, $\star$, uniquely satisfies all $3$ desiderata. When parties share information computed from their data, we ensure that every party has at least its required DP w.r.t. the mediator, receives a collaboratively trained model, and receives a higher reward for sharing higher-quality data than the others. It is not trivial to (i) add DP to $\blacktriangleleft$ while simultaneously enforcing a privacy-valuation trade-off, (ii) add data sharing incentives to $\blacktriangledown$ (i.e., design valuation functions and rewards), and (iii) achieve $\blacktriangleright$ as access to a party's dataset (or a coalition's datasets) is still needed for its valuation in watson2022dpshap.

Theorems & Definitions (9)

• Definition 2.1: Sufficient Statistic (SS) ss_deftitsias2009variational
• Definition 2.2: Rényi Differential Privacy (DP) mironov2017renyi
• Definition 3.1: Valuation via Bayesian Surprise
• Definition A.1: Neighboring datasets
• Definition A.2: Sensitivity dp-foundation
• Definition A.3: Pure ${\epsilon}$-DP dp-foundation
• Definition A.4: $({\epsilon}, \delta)$-DP
• Definition A.5: Rényi DP mironov2017renyi
• Definition A.6: ${\epsilon}$-Local DP yang2020localdp