Differentially Private Knowledge Distillation via Synthetic Text Generation (2403.00932v2)
Abstract: LLMs are achieving state-of-the-art performance in many different downstream tasks. However, the increasing urgency of data privacy puts pressure on practitioners to train LLMs with Differential Privacy (DP) on private data. Concurrently, the exponential growth in parameter size of LLMs necessitates model compression before deployment of LLMs on resource-constrained devices or latency-sensitive applications. Differential privacy and model compression generally must trade off utility loss to achieve their objectives. Moreover, simultaneously applying both schemes can compound the utility degradation. To this end, we propose DistilDP: a novel differentially private knowledge distillation algorithm that exploits synthetic data generated by a differentially private teacher LLM. The knowledge of a teacher LLM is transferred onto the student in two ways: one way from the synthetic data itself -- the hard labels, and the other way by the output distribution of the teacher evaluated on the synthetic data -- the soft labels. Furthermore, if the teacher and student share a similar architectural structure, we can further distill knowledge by aligning the hidden representations between both. Our experimental results demonstrate that DistilDP can substantially improve the utility over existing baselines, at least $9.0$ PPL on the Big Patent dataset, with strong privacy parameters, $\epsilon=2$. These promising results progress privacy-preserving compression of autoregressive LLMs. Our code can be accessed here: https://github.com/james-flemings/dp_compress.
- Deep learning with differential privacy. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, pages 308–318.
- Towards private synthetic text generation. In NeurIPS 2019 Machine Learning with Guarantees Workshop.
- The secret sharer: Evaluating and testing unintended memorization in neural networks. In 28th USENIX Security Symposium (USENIX Security 19), pages 267–284.
- Extracting training data from large language models. In 30th USENIX Security Symposium (USENIX Security 21), pages 2633–2650.
- Data-free learning of student networks. In Proceedings of the IEEE/CVF international conference on computer vision, pages 3514–3522.
- Cynthia Dwork. 2006. Differential privacy. In International colloquium on automata, languages, and programming, pages 1–12. Springer.
- Hierarchical neural story generation. arXiv preprint arXiv:1805.04833.
- Why is public pretraining necessary for private model training? In International Conference on Machine Learning, pages 10611–10627. PMLR.
- The knowledge within: Methods for data-free model compression. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pages 8494–8502.
- Distilling the knowledge in a neural network. arXiv preprint arXiv:1503.02531.
- The curious case of neural text degeneration. arXiv preprint arXiv:1904.09751.
- Lora: Low-rank adaptation of large language models. arXiv preprint arXiv:2106.09685.
- dp-transformers: Training transformer models with differential privacy.
- Tinybert: Distilling bert for natural language understanding. arXiv preprint arXiv:1909.10351.
- Ctrl: A conditional transformer language model for controllable generation. arXiv preprint arXiv:1909.05858.
- Harnessing large-language models to generate private synthetic text. arXiv preprint arXiv:2306.01684.
- When does differentially private learning not suffer in high dimensions? Advances in Neural Information Processing Systems, 35:28616–28630.
- Large language models can be strong differentially private learners. arXiv preprint arXiv:2110.05679.
- Lingjuan Lyu and Chi-Hua Chen. 2020. Differentially private knowledge distillation for mobile analytics. In Proceedings of the 43rd International ACM SIGIR Conference on Research and Development in Information Retrieval, pages 1809–1812.
- Differentially private language models for secure data sharing. arXiv preprint arXiv:2210.13918.
- Differentially private model compression. Advances in Neural Information Processing Systems, 35:29468–29483.
- Semi-supervised knowledge transfer for deep learning from private training data. arXiv preprint arXiv:1610.05755.
- Scalable private learning with pate. arXiv preprint arXiv:1802.08908.
- Language models are unsupervised multitask learners. OpenAI blog, 1(8):9.
- Distilbert, a distilled version of bert: smaller, faster, cheaper and lighter. arXiv preprint arXiv:1910.01108.
- Bigpatent: A large-scale dataset for abstractive and coherent summarization. arXiv preprint arXiv:1906.03741.
- Patient knowledge distillation for bert model compression. arXiv preprint arXiv:1908.09355.
- Private model compression via knowledge distillation. In Proceedings of the AAAI Conference on Artificial Intelligence, volume 33, pages 1190–1197.
- Huggingface’s transformers: State-of-the-art natural language processing. arXiv preprint arXiv:1910.03771.
- Federated learning of gboard language models with differential privacy. arXiv preprint arXiv:2305.18465.
- Opacus: User-friendly differential privacy library in pytorch. arXiv preprint arXiv:2109.12298.
- Training private and efficient language models with synthetic data from llms. In Socially Responsible Language Modelling Research.
- Selective pre-training for private fine-tuning. arXiv preprint arXiv:2305.13865.
- Differentially private fine-tuning of language models. arXiv preprint arXiv:2110.06500.
- Synthetic text generation with differential privacy: A simple and practical recipe. arXiv preprint arXiv:2210.14348.
- James Flemings (6 papers)
- Murali Annavaram (42 papers)