Search papers, labs, and topics across Lattice.
The paper introduces the dithered Gaussian mechanism, an innovative approach to differential privacy that discretizes the output rather than the noise distribution, thereby preserving the privacy guarantees of the standard Gaussian mechanism. This method enhances randomness efficiency by utilizing two distinct sources of randomness, allowing for a significant reduction in the number of high-quality random bits needed for privacy while mitigating vulnerabilities associated with finite-precision floating-point outputs. The authors demonstrate its practical application in model training with DP-SGD, achieving cryptographically secure noise generation with minimal performance overhead.
Reducing the randomness required for differential privacy by leveraging a dual-source approach could revolutionize how we implement privacy in machine learning models.
We present the dithered Gaussian mechanism, a novel alternative to the discrete Gaussian mechanism for differential privacy that discretizes the private output rather than the noise distribution itself. By interpreting this discretization as post-processing of the Gaussian mechanism, our construction directly inherits the privacy guarantees of the standard Gaussian mechanism while avoiding vulnerabilities caused by finite-precision floating-point outputs. We show that the mechanism is provably randomness-efficient: by sampling the discretized output values directly, the number of high-quality random bits required for privacy can be reduced significantly and made independent of the noise level. This is achieved by separating the randomness into two sources: a high-quality source used for the privacy-critical sampling step, and a high-performance public source, possibly known to the adversary, that supplies the additional randomness needed for randomized discretization. This separation enables the use of cryptographically secure randomness without substantial performance loss. As an application, we study model training with DP-SGD and show that cryptographically secure noise generation with reduced exposure to floating-point vulnerabilities can be achieved with modest practical overhead.