Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Do You Really Need Public Data? Surrogate Public Data for Differential Privacy on Tabular Data

Shlomi Hod, Lucas Rosenblatt, Julia Stoyanovich

TL;DR

The paper tackles the challenge of scarce public tabular data for differential privacy by introducing surrogate public data generated solely from dataset schemas using large language models. It develops two generation methods—direct CSV record creation and an agent-based structural causal model approach—to encode plausible variable dependencies without accessing sensitive data. A comprehensive evaluation framework across three DP auxiliary tasks (pretraining, hyperparameter tuning, and privacy–utility estimation) and three real-world datasets (ACS, EDAD, WE) demonstrates that surrogate public data can meaningfully support DP classifier pretraining and offer guidance for DP hyperparameter tuning, especially in low-data settings, though traditional public data often remains superior for privacy–utility estimation. The findings underscore the potential of schema-driven LLM-guided surrogates to alleviate tabular data scarcity in DP while highlighting limitations related to memorization, biases, and the need for robust similarity metrics to predict surrogate usefulness in practice.

Abstract

Differentially private (DP) machine learning often relies on the availability of public data for tasks like privacy-utility trade-off estimation, hyperparameter tuning, and pretraining. While public data assumptions may be reasonable in text and image domains, they are less likely to hold for tabular data due to tabular data heterogeneity across domains. We propose leveraging powerful priors to address this limitation; specifically, we synthesize realistic tabular data directly from schema-level specifications - such as variable names, types, and permissible ranges - without ever accessing sensitive records. To that end, this work introduces the notion of "surrogate" public data - datasets generated independently of sensitive data, which consume no privacy loss budget and are constructed solely from publicly available schema or metadata. Surrogate public data are intended to encode plausible statistical assumptions (informed by publicly available information) into a dataset with many downstream uses in private mechanisms. We automate the process of generating surrogate public data with large language models (LLMs); in particular, we propose two methods: direct record generation as CSV files, and automated structural causal model (SCM) construction for sampling records. Through extensive experiments, we demonstrate that surrogate public tabular data can effectively replace traditional public data when pretraining differentially private tabular classifiers. To a lesser extent, surrogate public data are also useful for hyperparameter tuning of DP synthetic data generators, and for estimating the privacy-utility tradeoff.

Do You Really Need Public Data? Surrogate Public Data for Differential Privacy on Tabular Data

TL;DR

The paper tackles the challenge of scarce public tabular data for differential privacy by introducing surrogate public data generated solely from dataset schemas using large language models. It develops two generation methods—direct CSV record creation and an agent-based structural causal model approach—to encode plausible variable dependencies without accessing sensitive data. A comprehensive evaluation framework across three DP auxiliary tasks (pretraining, hyperparameter tuning, and privacy–utility estimation) and three real-world datasets (ACS, EDAD, WE) demonstrates that surrogate public data can meaningfully support DP classifier pretraining and offer guidance for DP hyperparameter tuning, especially in low-data settings, though traditional public data often remains superior for privacy–utility estimation. The findings underscore the potential of schema-driven LLM-guided surrogates to alleviate tabular data scarcity in DP while highlighting limitations related to memorization, biases, and the need for robust similarity metrics to predict surrogate usefulness in practice.

Abstract

Differentially private (DP) machine learning often relies on the availability of public data for tasks like privacy-utility trade-off estimation, hyperparameter tuning, and pretraining. While public data assumptions may be reasonable in text and image domains, they are less likely to hold for tabular data due to tabular data heterogeneity across domains. We propose leveraging powerful priors to address this limitation; specifically, we synthesize realistic tabular data directly from schema-level specifications - such as variable names, types, and permissible ranges - without ever accessing sensitive records. To that end, this work introduces the notion of "surrogate" public data - datasets generated independently of sensitive data, which consume no privacy loss budget and are constructed solely from publicly available schema or metadata. Surrogate public data are intended to encode plausible statistical assumptions (informed by publicly available information) into a dataset with many downstream uses in private mechanisms. We automate the process of generating surrogate public data with large language models (LLMs); in particular, we propose two methods: direct record generation as CSV files, and automated structural causal model (SCM) construction for sampling records. Through extensive experiments, we demonstrate that surrogate public tabular data can effectively replace traditional public data when pretraining differentially private tabular classifiers. To a lesser extent, surrogate public data are also useful for hyperparameter tuning of DP synthetic data generators, and for estimating the privacy-utility tradeoff.

Paper Structure

This paper contains 58 sections, 6 equations, 32 figures, 22 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Contributions
  3. Methods for generating surrogate public data (Section \ref{['sec:methods-surrogates']}).
  4. Benchmark of DP auxiliary tasks with surrogate public data (Section \ref{['sec:evaluation']}).
  5. In-depth experimental results identifying the usefulness of surrogate public data on some DP auxiliary tasks (Section \ref{['sec:results']}).
  6. Related Work
  7. Public data in differential privacy
  8. Generating tabular data with LLMs
  9. Preliminaries
  10. Differential Privacy
  11. Large Language Models
  12. Statistical Distance Metrics
  13. Producing Public Data Surrogates
  14. Baselines
  15. Uniform Distribution over the Domain
  16. ...and 43 more sections

Figures (32)

  • Figure 1: An overview of the premise of this work: Can we utilize LLMs to generate surrogate public data to solve DP auxiliary tasks?
  • Figure 2: An overview of our evaluation framework. We assess the usefulness of regular public data and surrogate public data (Section \ref{['sec:methods-surrogates']}) on three tasks (Section \ref{['sec:tasks']}). Two tasks are related to synthetic data generation -- hyperparameter tuning (Section \ref{['sec:task-hparams-tuning']}) and privacy-utility estimation (Section \ref{['sec:task-privacy-utility-tradeoff']}) -- and one to classification model pretraining (Section \ref{['sec:task-pretraining']}).
  • Figure 3: Mean AUC on the test subset of the private dataset split for the pretraining model and the fine-tuned model, grouped by generation method. The mean is calculated across the DP finetuning hyperparameter space when best pretraining hyperparameter configuration is chosen for the pretraining step, with 10 runs per hyperparameter configuration.
  • Figure 4: EDAD
  • Figure 5: WE
  • ...and 27 more figures

Theorems & Definitions (5)

  • Definition 1: Differential Privacy dwork2006calibrating
  • Definition 2: Public Data
  • Definition 3: Total Variation Distance
  • Definition 4: Linear Query
  • Definition 5: Workload Error