TensorFlow Privacy

TensorFlow Privacy is a library that allows you to replace default TensorFlow optimizers with optimizers that allow training with differential privacy, i.e. they implement forms of stochastic gradient descent (SGD) with differential privacy.

Because large neural networks or other differentiable models have a very large learning capacity, it can happen that the model achieves high performance on uncommon training input by simply “memorizing” the training input. If the training data is sensitive, for example information about a specific user, this is undesired behavior that may leak private information. The optimizers of TensorFlow Privacy address this issue and additionally provide analysis tools to mathematically determine privacy guarantees. Notes on “measuring” privacy in TensorFlow Privacy can be found here.

Because this library focuses on optimizers, it is possible to get started with TensorFlow Privacy by just dropping in the modified optimizers in existing TensorFlow code. At the moment of writing, it seems that detailed documentation on the API is not published yet, so you have to dive into the doc strings in the code. The supported optimizers can be found here.

The referenced paper is a technical white paper explaining the foundations of Tensorflow Privacy. TensorFlow Privacy works with TensorFlow 2