Accelerating Differentially Private Fine-Tuning with Momentum and Optimal Hyperparameter Scaling

By carefully integrating techniques from prior work, including momentum acceleration and a new linear scaling rule for hyperparameters, we obtain new state-of-the-art performance on benchmark computer vision and natural language processing tasks under differential privacy constraints.

The paper presents DP-RAFT, a recipe for differentially private fine-tuning that can recover the same performance as non-private fine-tuning. The key insights are: A new linear scaling rule for hyperparameters - as the privacy budget ε increases, the optimal total step size (learning rate × number of iterations) increases linearly. This mitigates the impact of noise on the optimization trajectory. Use of momentum to accelerate convergence - the exponentially moving average of noisy gradients has higher signal-to-noise ratio than individual gradients. Full batch gradient computation - this optimizes the signal-to-noise ratio of the update and enables using large step sizes. Zero initialization of the classifier weights - this mitigates the variance in DP-GD. Unit norm clipping of per-sample gradients - this keeps step sizes large without introducing significant bias. The authors evaluate DP-RAFT on four computer vision tasks (CIFAR10, CIFAR100, STL10, FashionMNIST) and one natural language processing task (PersonaChat), reporting new state-of-the-art results for ε ∈ [0.01, 1.0]. They notably recover the same performance as non-private fine-tuning for CIFAR10 (99%) for ε = 1, δ = 1e-5.

"We notably recover the same performance as non-private fine-tuning for CIFAR10 (99%) for ε = 1, δ = 1e-5." "We obtain new state-of-the-art performance on CIFAR10, CIFAR100, FashionMNIST, STL10, and PersonaChat."

"Our key insight is that this new linear scaling rule turns existing intuition on noisy optimization into an actionable strategy for hyperparameter selection." "Momentum is shown to provably benefit normalized SGD (Cutkosky and Mehta, 2020). In Fig. 4 we observe that momentum complements our new linear scaling rule and accelerates convergence." "We use DP-GD instead of DP-SGD in all other experiments, removing the batch size from the hyperparameter tuning process and improving the overall privacy cost of deploying our baselines (Papernot and Steinke, 2021)."