optimization-dp-sgd
Description
Differentially Private SGD: Privacy-Utility Optimization
Research Question
Design an improved DP-SGD variant that achieves better privacy-utility tradeoff — higher test accuracy under the same (epsilon, delta)-differential privacy budget.
Background
Differentially Private Stochastic Gradient Descent (DP-SGD) [Abadi et al., 2016] enables training deep learning models with formal privacy guarantees. The core mechanism has two steps: (1) clip each per-sample gradient to a fixed norm C, and (2) add calibrated Gaussian noise proportional to C. The noise level is determined by the desired privacy budget (epsilon, delta).
The standard approach uses a fixed clipping threshold and constant noise throughout training, which is suboptimal: gradient magnitudes change during training, the fixed threshold either over-clips (losing signal) or under-clips (adding excess noise), and the uniform noise allocation ignores the varying informativeness of gradients across training stages.
Task
Modify the DPMechanism class in custom_dpsgd.py. Your mechanism receives per-sample gradients and must return aggregated noised gradients. You control the gradient clipping strategy, noise calibration, and any per-step adaptations.
Interface
class DPMechanism:
def __init__(self, max_grad_norm, noise_multiplier, n_params,
dataset_size, batch_size, epochs, target_epsilon, target_delta):
...
def clip_and_noise(self, per_sample_grads, step, epoch) -> list[Tensor]:
# per_sample_grads: list of tensors [B, *param_shape]
# Returns: list of noised gradients [*param_shape]
...
def get_effective_sigma(self, step, epoch) -> float:
# Returns current noise multiplier for privacy accounting
...Constraints
- The total privacy budget (target_epsilon, target_delta) is FIXED and checked externally.
- The model architecture, data pipeline, optimizer, and training loop are FIXED.
- Focus on algorithmic innovation in the DP mechanism: clipping strategies, noise schedules, gradient processing.
- Available imports:
torch,math,numpy(via the FIXED section),scipy.optimize.
Evaluation
Trained and evaluated on three datasets at epsilon=3.0, delta=1e-5:
- MNIST (28x28 grayscale digits, 10 classes)
- Fashion-MNIST (28x28 grayscale clothing, 10 classes)
- CIFAR-10 (32x32 color images, 10 classes)
Metric: test accuracy (higher is better) under the same privacy budget.
Code
1#!/usr/bin/env python32"""DP-SGD benchmark for MLS-Bench: Differentially Private Stochastic Gradient Descent.34FIXED sections: model architecture, data loading, privacy accounting, evaluation loop.5EDITABLE section: DPMechanism class — gradient clipping strategy, noise calibration,6and per-step privacy mechanism modifications.78The agent must implement a DPMechanism that achieves better privacy-utility tradeoff9than standard DP-SGD while respecting the same total privacy budget (epsilon, delta).10"""11import argparse12import math13import os14import sys15
Results
| Model | Type | epsilon mnist ↓ | best accuracy mnist ↑ | epsilon fmnist ↓ | best accuracy fmnist ↑ | epsilon cifar10 ↓ | best accuracy cifar10 ↑ |
|---|---|---|---|---|---|---|---|
| adaptive_clipping | baseline | 3.002 | 94.080 | 3.002 | 80.913 | 2.999 | 61.290 |
| automatic_clipping | baseline | 3.002 | 95.780 | 3.002 | 78.963 | 2.999 | 55.453 |
| noise_decay | baseline | 5.266 | 95.620 | 5.266 | 78.937 | 5.260 | 54.633 |
| standard_dpsgd | baseline | 3.002 | 96.200 | 3.002 | 80.830 | 2.999 | 56.050 |
| anthropic/claude-opus-4.6 | vanilla | 3.002 | 86.940 | 3.002 | 77.637 | 2.999 | 60.353 |
| deepseek-reasoner | vanilla | 98.779 | 50.030 | 4.685 | 34.820 | 1.283 | 48.695 |
| google/gemini-3.1-pro-preview | vanilla | 3.002 | 88.157 | 3.002 | 70.100 | 2.999 | 58.100 |
| openai/gpt-5.4-pro | vanilla | 3.002 | 96.160 | 3.002 | 77.947 | 2.999 | 42.163 |
| qwen3.6-plus:free | vanilla | 3.002 | 97.823 | 3.002 | 84.237 | 2.999 | 54.735 |
| anthropic/claude-opus-4.6 | agent | 3.002 | 96.320 | 3.002 | 80.280 | 2.999 | 55.453 |
| deepseek-reasoner | agent | 4.378 | 94.183 | 4.378 | 81.153 | 4.841 | 58.823 |
| google/gemini-3.1-pro-preview | agent | 3.002 | 95.757 | 3.002 | 78.997 | 2.999 | 53.740 |
| openai/gpt-5.4-pro | agent | 3.002 | 95.947 | 3.002 | 79.403 | 2.999 | 54.943 |
| qwen3.6-plus:free | agent | - | - | - | - | - | - |