privacy issues

mnist_dpsgd_tutorial_keras.py does not learn/achieve reported accuracy

4

When running the `mnist_dpsgd_tutorial_keras.py` with all default parameters, the train/test accuracies do not improve over the course of training. The final accuracy is around 10%, which is of course equivalent...

jpgard

Optimizers.dp_optimizer_keras is not working under PlaidML-keras

### Set-up: tensorflow==2.4.0 tensorflow-privacy == 0.5.1 plaidml == 0.7.0 plaidml-keras == 0.7.0 Mac OS 10.15.7 (19H114) 16" AMD Radeon Pro 5300M 4 GB ### Problem: Hello everyone. I have been...

JoaquinDF-UniLU

A question on gradient clipping

1

Hello! I have a question about Gradient Clipping, that arises from the following principles of privacy accounting and DP-SGD: The RDP calculation for each step in training is based on...

OsvaldFrisk

DPKeras optimizer fails when num_microbatches is None (default)

Hi, first of all, thanks for continuing to expand and improve this amazing repo. I've noticed a small issue with the usage of the new `DPKeras*` optimizers (the non vectorized...

MatteoGiomi

Incorrect comparison between privacy amplification by iteration and DP-SGD

In [mnist_lr_tutorial.py](https://github.com/tensorflow/privacy/blob/1860ee1/tutorials/mnist_lr_tutorial.py), the computation of the DP budget for the DP-SGD algorithm (here: [line 177](https://github.com/tensorflow/privacy/blob/1860ee1/tutorials/mnist_lr_tutorial.py#L177)) is missing a scaling of `noise_multiplier` by `batch_size` to match the computation for the amplification-by-iteration...

ftramer

Paper or formula used in rdp_accountant.py

2

I am a little confused about how rdp_accountant.py works. Could you please provide the papers or formula you used in rdp_accountant.py especially about the method to compute rdp? That will...

wenxuan-Bao

dp_optimizer_keras - get_config() returns l2_norm_clip, noise_multiplier, num_microbatches

2

serialise dp parameters

phil8192

cla: yes

Improving epsilon

2

ShahabAsoodeh

cla: yes

DPKeras<name>Optimizer fail when Sequential model has layer with kernel_regularizer=tf.keras.regularizers.l2(l2_ratio)

Hi, I encountered a problem when adding regularization to Keras models using the new DPKerasOptimizer's with TF2.4.0 with (Sparse)CategoricalCrossentropy. The error (see below) can be reproduced by adding `kernel_regularizer=tf.keras.regularizers.l2(1e-8)`to a...

clincolnoz

New TF2 Optimizer Significantly Slower than TF1 Vectorized Optimizer

The vectorized optimizer in [`mnist_dpsgd_tutorial_vectorized.py`](https://github.com/tensorflow/privacy/blob/master/tutorials/mnist_dpsgd_tutorial_vectorized.py) runs significantly faster than the new TF2 Keras optimizer used in [`mnist_dpsgd_tutorial_keras.py`](https://github.com/tensorflow/privacy/blob/master/tutorials/mnist_dpsgd_tutorial_keras.py). On a Titan RTX (24 GB VRAM) at batch size 250 and 250...

n2cholas

privacy
privacy copied to clipboard

Metadata

mnist_dpsgd_tutorial_keras.py does not learn/achieve reported accuracy

Optimizers.dp_optimizer_keras is not working under PlaidML-keras

A question on gradient clipping

DPKeras optimizer fails when num_microbatches is None (default)

Incorrect comparison between privacy amplification by iteration and DP-SGD

Paper or formula used in rdp_accountant.py

dp_optimizer_keras - get_config() returns l2_norm_clip, noise_multiplier, num_microbatches

Improving epsilon

DPKeras<name>Optimizer fail when Sequential model has layer with kernel_regularizer=tf.keras.regularizers.l2(l2_ratio)

New TF2 Optimizer Significantly Slower than TF1 Vectorized Optimizer

← Metadata

Owner

Metadata

privacy privacy copied to clipboard

Metadata

← Metadata

Owner

Metadata

privacy
privacy copied to clipboard