Certification for Differentially Private Prediction in Gradient-Based Training
Abstract
We study private prediction where differential privacy is achieved by adding noise to the outputs of a non-private model. Existing methods rely on noise proportional to the global sensitivity of the model, often resulting in sub-optimal privacy-utility trade-offs compared to private training. We introduce a novel approach for computing dataset-specific upper bounds on prediction sensitivity by leveraging convex relaxation and bound propagation techniques. By combining these bounds with the smooth sensitivity mechanism, we significantly improve the privacy analysis of private prediction compared to global sensitivity-based approaches. Experimental results across real-world datasets in medical image classification and natural language processing demonstrate that our sensitivity bounds are can be orders of magnitude tighter than global sensitivity. Our approach provides a strong basis for the development of novel privacy preserving technologies.
Cite
Text
Wicker et al. "Certification for Differentially Private Prediction in Gradient-Based Training." Proceedings of the 42nd International Conference on Machine Learning, 2025.Markdown
[Wicker et al. "Certification for Differentially Private Prediction in Gradient-Based Training." Proceedings of the 42nd International Conference on Machine Learning, 2025.](https://mlanthology.org/icml/2025/wicker2025icml-certification/)BibTeX
@inproceedings{wicker2025icml-certification,
title = {{Certification for Differentially Private Prediction in Gradient-Based Training}},
author = {Wicker, Matthew Robert and Sosnin, Philip and Shilov, Igor and Janik, Adrianna and Mueller, Mark Niklas and De Montjoye, Yves-Alexandre and Weller, Adrian and Tsay, Calvin},
booktitle = {Proceedings of the 42nd International Conference on Machine Learning},
year = {2025},
pages = {66726-66745},
volume = {267},
url = {https://mlanthology.org/icml/2025/wicker2025icml-certification/}
}