Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

PATE-TripleGAN: Privacy-Preserving Image Synthesis with Gaussian Differential Privacy

Zepeng Jiang, Weiwei Ni, Yifan Zhang

TL;DR

Privacy leakage in CGANs motivates the development of privacy-preserving data synthesis. PATE-TripleGAN introduces a three-party min-max framework that combines a classifier with PATE-based gradient desensitization and DPSGD under Gaussian-DP to enable semi-supervised training on unlabeled data. A hybrid gradient desensitization strategy differentiates between generator and classifier gradients to preserve useful information and improve convergence. Experiments on MNIST and Fashion-MNIST show that PATE-TripleGAN yields higher quality labeled data and stronger downstream classifier performance under the same privacy budgets than DPCGAN, especially in low-data or tight privacy regimes.

Abstract

Conditional Generative Adversarial Networks (CGANs) exhibit significant potential in supervised learning model training by virtue of their ability to generate realistic labeled images. However, numerous studies have indicated the privacy leakage risk in CGANs models. The solution DPCGAN, incorporating the differential privacy framework, faces challenges such as heavy reliance on labeled data for model training and potential disruptions to original gradient information due to excessive gradient clipping, making it difficult to ensure model accuracy. To address these challenges, we present a privacy-preserving training framework called PATE-TripleGAN. This framework incorporates a classifier to pre-classify unlabeled data, establishing a three-party min-max game to reduce dependence on labeled data. Furthermore, we present a hybrid gradient desensitization algorithm based on the Private Aggregation of Teacher Ensembles (PATE) framework and Differential Private Stochastic Gradient Descent (DPSGD) method. This algorithm allows the model to retain gradient information more effectively while ensuring privacy protection, thereby enhancing the model's utility. Privacy analysis and extensive experiments affirm that the PATE-TripleGAN model can generate a higher quality labeled image dataset while ensuring the privacy of the training data.

PATE-TripleGAN: Privacy-Preserving Image Synthesis with Gaussian Differential Privacy

TL;DR

Privacy leakage in CGANs motivates the development of privacy-preserving data synthesis. PATE-TripleGAN introduces a three-party min-max framework that combines a classifier with PATE-based gradient desensitization and DPSGD under Gaussian-DP to enable semi-supervised training on unlabeled data. A hybrid gradient desensitization strategy differentiates between generator and classifier gradients to preserve useful information and improve convergence. Experiments on MNIST and Fashion-MNIST show that PATE-TripleGAN yields higher quality labeled data and stronger downstream classifier performance under the same privacy budgets than DPCGAN, especially in low-data or tight privacy regimes.

Abstract

Conditional Generative Adversarial Networks (CGANs) exhibit significant potential in supervised learning model training by virtue of their ability to generate realistic labeled images. However, numerous studies have indicated the privacy leakage risk in CGANs models. The solution DPCGAN, incorporating the differential privacy framework, faces challenges such as heavy reliance on labeled data for model training and potential disruptions to original gradient information due to excessive gradient clipping, making it difficult to ensure model accuracy. To address these challenges, we present a privacy-preserving training framework called PATE-TripleGAN. This framework incorporates a classifier to pre-classify unlabeled data, establishing a three-party min-max game to reduce dependence on labeled data. Furthermore, we present a hybrid gradient desensitization algorithm based on the Private Aggregation of Teacher Ensembles (PATE) framework and Differential Private Stochastic Gradient Descent (DPSGD) method. This algorithm allows the model to retain gradient information more effectively while ensuring privacy protection, thereby enhancing the model's utility. Privacy analysis and extensive experiments affirm that the PATE-TripleGAN model can generate a higher quality labeled image dataset while ensuring the privacy of the training data.
Paper Structure (24 sections, 21 equations, 4 figures, 2 tables, 2 algorithms)

This paper contains 24 sections, 21 equations, 4 figures, 2 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Related Work
  3. Generative Adversarial Networks
  4. Differential Privacy and GANs
  5. Preliminaries
  6. Gaussian Differential Privacy
  7. Triple-GAN
  8. PATE Mechanism
  9. Methodology
  10. Teacher Models
  11. Aggregation mechanism based on Gaussian-DP
  12. Private GANs framework
  13. Privacy Analysis
  14. Experiment
  15. Experimental Setup
  16. ...and 9 more sections

Figures (4)

  • Figure 1: The framework of PATE-TripleGAN.
  • Figure 2: Comparative Histograms of Classifier Performance Ratings Utilizing Data Generated by PATE TripleGAN and DPCGAN Generators under Epsilon Values of 10 and 2.
  • Figure 3: Due to the application of hybrid gradient desensitization algorithm, PATE-TripleGAN can preserve the information of the original gradient better.
  • Figure 4: In DPCGAN, the image contours exhibit reduced noise; however, distinguishing numbers 2, 3, 5, 6, 7, 8, and 9 proves challenging. PATE-TripleGAN yields images with noticeable noise; nonetheless, only numbers 2 and 8 present difficulty in recognition.