Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

PFGuard: A Generative Framework with Privacy and Fairness Safeguards

Soyeon Kim, Yuji Roh, Geon Heo, Steven Euijong Whang

TL;DR

PFGuard tackles the hard problem of generating private and fair synthetic data by explicitly addressing the counteractive relationship between differential privacy and fairness in high-dimensional settings. It introduces a two-stage design: fair training of an ensemble of intermediate teacher models via balanced minibatch sampling, followed by private training that transfers knowledge to a DP generator using Private Teacher Ensemble Learning (PTEL) with GNMax-like aggregation. The framework provides formal DP guarantees for the generator while improving fairness across groups and maintaining competitive utility, demonstrated through extensive experiments on MNIST, FashionMNIST, and CelebA. The results show that naive combinations of privacy and fairness techniques can degrade performance, whereas PFGuard achieves a better privacy-fairness-utility tradeoff with minimal overhead and compatibility with existing private generative models.

Abstract

Generative models must ensure both privacy and fairness for Trustworthy AI. While these goals have been pursued separately, recent studies propose to combine existing privacy and fairness techniques to achieve both goals. However, naively combining these techniques can be insufficient due to privacy-fairness conflicts, where a sample in a minority group may be represented in ways that support fairness, only to be suppressed for privacy. We demonstrate how these conflicts lead to adverse effects, such as privacy violations and unexpected fairness-utility tradeoffs. To mitigate these risks, we propose PFGuard, a generative framework with privacy and fairness safeguards, which simultaneously addresses privacy, fairness, and utility. By using an ensemble of multiple teacher models, PFGuard balances privacy-fairness conflicts between fair and private training stages and achieves high utility based on ensemble learning. Extensive experiments show that PFGuard successfully generates synthetic data on high-dimensional data while providing both DP guarantees and convergence in fair generative modeling.

PFGuard: A Generative Framework with Privacy and Fairness Safeguards

TL;DR

PFGuard tackles the hard problem of generating private and fair synthetic data by explicitly addressing the counteractive relationship between differential privacy and fairness in high-dimensional settings. It introduces a two-stage design: fair training of an ensemble of intermediate teacher models via balanced minibatch sampling, followed by private training that transfers knowledge to a DP generator using Private Teacher Ensemble Learning (PTEL) with GNMax-like aggregation. The framework provides formal DP guarantees for the generator while improving fairness across groups and maintaining competitive utility, demonstrated through extensive experiments on MNIST, FashionMNIST, and CelebA. The results show that naive combinations of privacy and fairness techniques can degrade performance, whereas PFGuard achieves a better privacy-fairness-utility tradeoff with minimal overhead and compatibility with existing private generative models.

Abstract

Generative models must ensure both privacy and fairness for Trustworthy AI. While these goals have been pursued separately, recent studies propose to combine existing privacy and fairness techniques to achieve both goals. However, naively combining these techniques can be insufficient due to privacy-fairness conflicts, where a sample in a minority group may be represented in ways that support fairness, only to be suppressed for privacy. We demonstrate how these conflicts lead to adverse effects, such as privacy violations and unexpected fairness-utility tradeoffs. To mitigate these risks, we propose PFGuard, a generative framework with privacy and fairness safeguards, which simultaneously addresses privacy, fairness, and utility. By using an ensemble of multiple teacher models, PFGuard balances privacy-fairness conflicts between fair and private training stages and achieves high utility based on ensemble learning. Extensive experiments show that PFGuard successfully generates synthetic data on high-dimensional data while providing both DP guarantees and convergence in fair generative modeling.
Paper Structure (73 sections, 2 theorems, 8 equations, 10 figures, 12 tables, 1 algorithm)

This paper contains 73 sections, 2 theorems, 8 equations, 10 figures, 12 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. Generative Models
  4. Differential Privacy
  5. Fairness
  6. Privacy-Fairness Conflicts in Existing Techniques
  7. Naïvely Adding Fairness Can Worsen Privacy
  8. Naïvely Adding Privacy Can Worsen the Fairness-Utility Tradeoff
  9. Framework
  10. Fair Training with Balanced Minibatch Sampling
  11. Intuition
  12. Theoretical Foundation
  13. Methodology
  14. Extensions
  15. Private Training with Private Teacher Ensemble Learning
  16. ...and 58 more sections

Key Result

Theorem 2.1

(Gaussian mechanism dwork2014algorithmicmironov2017renyi) Let $f:X \rightarrow \mathbb{R}^d$ be an arbitrary $d$-dimensional function with $l_2$-sensitivity $\Delta_f^2$. The Gaussian mechanism $\mathcal{M}_\sigma$, parameterized by $\sigma$, adds Gaussian noise into the output, i.e., $\mathcal{M}_\

Figures (10)

  • Figure 1: Privacy-fairness conflict. Privacy techniques prefer the left-hand scenario to prevent privacy risk of a certain data sample, while fairness techniques prefer the right-hand scenario to balance learning w.r.t. groups.
  • Figure 2: Overview of PFGuard. PFGuard integrates fairness and privacy into generative models through a two-stage process. In the fair training stage (blue), we train fair teacher models by sampling balanced mini-batches from biased data partitions. In the private training stage (red), we aggregate the teacher outputs with random noise to ensure Differential Privacy (DP). After training, only the trained DP generator is publicly released, safeguarding the privacy of all other components (e.g., the teacher ensemble). Through these training stages, PFGuard not only ensures fairness and privacy but also achieves high utility by leveraging ensemble learning of teacher models -- resulting in unbiased, private, and high-quality synthetic data. More details on the framework are presented in Sec. \ref{['sec:ours']}.
  • Figure 3: Fairness-utility tradeoff caused by DP-SGD when used on top of reweighting. Depending on the choice of $C$, DP-SGD may compromise utility (left) or fairness (right).
  • Figure 4: Fairness performances when varying bias levels ($\gamma$) given a fixed number of teachers, evaluated on MNIST with multi-class bias. We downsize the class '8' to $\gamma$ times smaller than the other classes to make it the minority class and use GS-WGAN as the baseline model.
  • Figure 5: Fairness and utility performances for varying reference dataset size ratio compared to the training dataset size, evaluated on MNIST with unknown subgroup bias under $\varepsilon{=}10$. Lower values are better across all metrics used to evaluate fairness and utility.
  • ...and 5 more figures

Theorems & Definitions (5)

  • Definition 2.1
  • Definition 2.2
  • Theorem 2.1
  • Remark 1
  • Theorem B.1