Abstract

Online learning algorithms are very attractive, in which iterations are applied efficiently instead of solving some optimization problems. In this paper, online learning with protecting privacy is considered. A perturbation term is added into the classical online algorithms to obtain the differential privacy property. Firstly the distribution for the perturbation term is deduced, and then an error analysis for the new algorithms is performed, which shows the convergence and learning rate. From the error analysis, a choice for the parameters for differential privacy can be found theoretically.

Keywords

Online Learning, Differential Privacy, Output Perturbation, Error Decomposition, Learning Rate

Share and Cite:

1. Introduction

Online learning is widely used recently in computer sciences, due to its effi- ciency in calculation and well theoretical results. Compared with the classical batch learning in learning theory, online algorithms update the output only according to the last sample point. So such algorithms are very effective to handle the practical problems and have been studied in [1] [2] [3] [4] [5] and etc. However, as the technologic development of data analysis, there are risks for applying such algorithms on a big data set. A commonly used notion for mea- suring the risk is differential privacy [6] . Little references on this topic can be found except for [7] . There the authors conducted an analysis for online convex programming. Choice for the parameters of differential privacy and utilities ana- lysis are presented for algorithms such as implicit gradient descent and genera- lized infinitesimal gradient descent. In this paper, the line of work begins with [8] is considered which can be thought as a kernel online learning algorithm.

2. Fundamental Principles

Our setting for online learning is introduced as follow. Let the input space $X$ be a compact metric space, and output $Y\in \left[-M\mathrm{,}M\right]$ for some $M>0$ as a regression problem. Denote $Z:=X\times Y$ as the sample space. Assume there is a probability measure $\rho$ on $Z$ , which can be decomposed to marginal dis- tribution ${\rho }_X$ on $X$ and conditional distribution $\rho \left(y|x\right)$ on $Y$ at $x\in X$ . Then the regression function is defined by

$f_{\rho }={\displaystyle {\int }_Y}y\text{d}\rho \left(y|x\right)$ (1)

which is indeed the conditional expectation of $y$ given $x$ . The regression fun- ction minimizes the least square generalization error (see [9] for more details)

$\mathcal{E}\left(f\right)\mathrm{<mo>\; :\; </mo>}={\displaystyle {\int }_Z}{\left(f\left(x\right)-y\right)}^2\text{d}\rho$ (2)

So learning algorithms always aim to approximate the regression function

based on samples ${\left\{z_t=\left(x_t,y_t\right)\right\}}_{t=0,1,2,\cdots }$ , which are drawn independently from

distribution $\rho$ . Let $K\mathrm{<mo>\; :\; </mo>}X\times X\to R$ be a Mercer Kernel, and ${\mathcal{H}}_K$ is the in- duced reproducing kernel Hilbert space (RKHS, [10] ), i.e., the completion of

$\text{span}\left\{K_x\mathrm{<mo>\; :\; </mo>}x\in X\right\}$ where $K_x\left(x^{\prime }\right)=K\left(x,x^{\prime }\right)$ for any $x\mathrm{,}{x}^{\prime }\in X$ with respect to

the inner product ${\langle K_x,K_{x^{\prime }}\rangle }_K=K\left(x,x^{\prime }\right)$ . The corresponding norm in ${\mathcal{H}}_K$ is denoted as ${\Vert \cdot \Vert }_K$ . Now our online learning algorithm as

$f_{t+1}=f_t-{\eta }_t\left[\left(f_t\left(x_t\right)-y_t\right)K_{x_t}+{\lambda }_t{f}_t\right],t=0,1,2,\cdots$ (3)

with $f_0=0$ . Here ${\eta }_t>0$ is the step size and ${\lambda }_t>0$ is the regularization parameter.

When applying this online algorithm on private data set, it may leak some sensitive information. To deal with this privacy problem, Dwork et al. introdu- ced differential privacy in [11] . Which can be described as follow. For the sample space $Z$ introduced above, the Hamming distance between two sample sets $\left\{z_1,z_2\right\}\in Z^m$ is

$\text{d}\left(z_1,z_2\right)=\#\left\{i=1,\cdots ,m:z_{1,i}\ne z_{2,i}\right\}$ (4)

Definition 1 A random algorithm $A\mathrm{<mo>\; :\; </mo>}{Z}^m\to \text{Range}\left(A\right)$ is $ϵ$ -differential pri- vate if for every two data sets $z_1\mathrm{,}{z}_2$ satisfying $\text{d}\left(z_1,z_2\right)=1$ , and every set $\mathcal{O}\in \text{Range}\left(A\left(z_1\right)\right)\cap \text{Range}\left(A\left(z_2\right)\right)$ , there holds

$Pr\left\{A\left(z_1\right)\in \mathcal{O}\right\}\le e^{ϵ}\cdot Pr\left\{A\left(z_2\right)\in \mathcal{O}\right\}$ (5)

To endow our online algorithm the differential privacy property, a perturba- tion term is added into the output of (3), that is,

$f_{t,\mathcal{A}}=f_t+b_t$ (6)

where $b_t$ takes value in $R$ with distribution to be determined in following analysis.

Differential private online learning has already been studied in [7] , there the authors consider a differentially private online convex programming problem. Here our algorithm is different, which is based on the Mercer kernels. Our pur- pose in this paper is to firstly provide the explicit density function for $b$ and then conduct an error analysis for (6), which reveals the learning rate.

3. Differential Privacy Analysis

In this section, a detail analysis for the perturbation term $b_t$ in algorithm (6) will be conducted. Firstly recall the useful definition of sensitivity and lemma proposed in [11] .

Definition 2 denote $\Delta f_t$ as the maximum infinite norm of difference betw- een the outputs when changing the last sample point in $z$ . Let $z={\left\{\left(x_i,y_i\right)\right\}}_{i=0}^t$ and $z=\left\{\left(x_1,y_1\right),\left(x_2,y_2\right),\cdots ,\left(x_{t-1},y_{t-1}\right),\left(x_{\bar{t}},y_{\bar{t}}\right)\right\}$ , $f_t$ and $f_{\bar{t}}$ derived from (3) accordingly, it is clear that

$\Delta f_t:=\underset{z,\bar{z}}{{\displaystyle \sup }}{\Vert f_t-f_{\bar{t}}\Vert }_{\infty }$ (7)

Then a similar result to [11] is:

Lemma 1 Assume $\Delta f_t$ is bounded by $C_t>0$ , and $b_t$ has density function

proportion to $exp\left\{-\frac{ϵ\left|b\right|}{C_t}\right\}$ , then algorithm (6) provides $ϵ$ -differential privacy.

Proof. For all possible output function $r$ , and $z\mathrm{,}\bar{z}$ differ in last element, then

$Pr\left\{f_{t,\mathcal{A}}=r\right\}=\underset{b_t}{{\displaystyle Pr}}\left\{b_t=r-f_t\right\}\propto exp\left(-\frac{ϵ\left|r-f_t\right|}{C_t}\right)$ (8)

and

$Pr\left\{f_{\bar{t}\mathrm{,}\mathcal{A}}=r\right\}=\underset{b_t}{{\displaystyle \mathrm{Pr}}}\left\{b_t=r-f_{\bar{t}}\right\}\propto \exp \left(-\frac{ϵ\left|r-f_{\bar{t}}\right|}{C_t}\right)$ (9)

So by triangle inequality,

$\mathrm{Pr}\left\{f_{t,\mathcal{A}}=r\right\}\le \mathrm{Pr}\left\{f_{\bar{t},\mathcal{A}}=r\right\}\times e^{\frac{ϵ\left|f_t-f_{\bar{t}}\right|}{C_t}}\le e^{ϵ}\mathrm{Pr}\left\{f_{\bar{t},\mathcal{A}}=r\right\}$ (10)

Then the lemma is proved by a union bound.

It is obvious that if finding the upper bound for $\Delta f_t$ , the distribution for $b_t$ can be derived. Set ${\eta }_t=1/{\left(t+t_0\right)}^{\theta }$ and ${\lambda }_t=1/{\left(t+t_0\right)}^{1-\theta }$ for some $t_0>0$ and

$0<\theta <1$ . Moreover, denote $\kappa ={{\displaystyle \sup }}_{x,x^{\prime }\in X}K\left(x,x^{\prime }\right)$ (as $K$ is Mercer Kernel

on compact metric space $X$ ). The next lemma is taken from [1] to bound ${\Vert f_t\Vert }_K$ .

Lemma 2 If $t_0^{\theta }\ge {\kappa }^2+1$ , then for all $t\in \mathbb{N}$ , there holds

${\Vert f_t\Vert }_K\le \frac{\kappa M}{{\lambda }_t}$ (11)

Now the main result for differential privacy for algorithm (6) follows.

Theorem 1 When choosing ${\eta }_t=1/{\left(t+t_0\right)}^{\theta }$ and ${\lambda }_t=1/{\left(t+t_0\right)}^{1-\theta }$ for some

$\frac{1}{2}<\theta <1$ and $t_0^{\theta }\ge {\kappa }^2+1$ , let the density function of $b_t$ is $\frac{1}{\alpha }exp\left\{\frac{ϵ\left|b\right|}{C_t}\right\}$ with $\alpha =2C_t/ϵ$ and

$C_t=\frac{2\left({\kappa }^2+1\right)\kappa M}{{\left(t-1+t_0\right)}^{2\theta -1}}$ (12)

then the algorithm (6) provides $ϵ$ -differential privacy.

Proof. From (3) there holds

$f_t=f_{t-1}-{\eta }_{t-1}\left[\left(f_{t-1}\left(x_{t-1}\right)-y_{t-1}\right)K_{x_{t-1}}+{\lambda }_{t-1}{f}_{t-1}\right]$ (13)

and

$f_{\bar{t}}=f_{t-1}-{\eta }_{t-1}\left[\left(f_{t-1}\left(x_{\bar{t}-1}\right)-y_{\bar{t}-1}\right)K_{x_{\bar{t}-1}}+{\lambda }_{t-1}{f}_{t-1}\right]$ (14)

Then

$f_t-f_{\bar{t}}={\eta }_{t-1}\left[\left(f_{t-1}\left(x_{\bar{t}-1}\right)-y_{\bar{t}-1}\right)K_{x_{\bar{t}-1}}-\left(f_{t-1}\left(x_{t-1}\right)-y_{t-1}\right)K_{x_{t-1}}\right]$ (15)

From the above lemma ${\Vert f_{t-1}\Vert }_K\le \frac{\kappa M}{{\lambda }_{t-1}}$ for all $t$ . By the reproducing proper- ty that $f\left(x\right)={\langle f,K_x\rangle }_K\le {\Vert f\Vert }_K{\Vert K_x\Vert }_K\le \kappa {\Vert f\Vert }_K$ (see [9] ),

${\Vert f_t-f_{\bar{t}}\Vert }_K\le 2{\eta }_{t-1}\left(\frac{{\kappa }^{2}M}{{\lambda }_{t-1}}+M\right)\kappa$ (16)

Therefore

$\Delta f_t=\underset{z,\bar{z}}{{\displaystyle \sup }}{\Vert f_t-f_{\bar{t}}\Vert }_{\infty }\le \frac{2{\kappa }^2\left({\kappa }^2+1\right)M}{{\left(t-1+t_0\right)}^{2\theta -1}}$ (17)

Set $B_t$ to be the right hand side in lemma 1 then the theorem is proved.

4. Error Analysis

In this section, $f_{\rho }\in {\mathcal{H}}_K$ is assumed for simplicity. It will be shown that $f_t$ obtained from (6) still converge to regression function $f_{\rho }$ by choosing appro- priate parameter $ϵ$ under the choice of ${\eta }_t$ and ${\lambda }_t$ as in the theorem in the last section. To this end, an error decomposition is needed. Denote operators $L_t\mathrm{<mo>\; :\; </mo>}{\mathcal{H}}_K\to {\mathcal{H}}_K$ as $L_t\left(f\right)=f\left(x_t\right)K_{x_t}$ for $t=0,1,2,\cdots$ , and $I$ as the identity operator. It is easy to verify that $\Vert L_t\Vert \le {\kappa }^2$ . Notice that $f_{\rho }\in {\mathcal{H}}_K$ , the following decomposition can be deduced:

$f_{t+1}-f_{\rho }=\left(I-{\eta }_t{\lambda }_{t}I-{\eta }_t{L}_t\right)\left(f_t-f_{\rho }\right)+{\eta }_t\left[y_t{K}_{x_t}-\left({\lambda }_{t}I+L_t\right)f_{\rho }\right]$ (18)

$=A_t\left(f_t-f_{\rho }\right)+B_t=A_t\left[A_{t-1}\left(f_{t-1}-f_{\rho }\right)+B_{t-1}\right]+B_t=\cdots$ (19)

$=A_t{A}_{t-1}\cdots A_0\left(f_0-f_{\rho }\right)+\left[B_t+A_t{B}_{t-1}+\cdots +A_t{A}_{t-1}\cdots A_1{B}_0\right]$ (20)

Here $A_t=I-{\eta }_t{\lambda }_{t}I-{\eta }_t{L}_t$ and $B_t={\eta }_t\left[y_t{K}_{x_t}-\left({\lambda }_{t}I+L_t\right)f_{\rho }\right]$ . In the follow- ing the first term is called initial error and second one is sample error. The initial error is easy to bound from the analysis above. Since $t_0$ is such that

$t_0^{\theta }\ge {\kappa }^2+1$ , $A_t$ is a positive operator with $\Vert A_t\Vert \le 1-{\eta }_t{\lambda }_t=\left(t+t_0-1\right)/\left(t+t_0\right)$ .

$\begin{array}{c}{\Vert A_t{A}_{t-1}\cdots A_0(f_0-f_{\rho })\Vert }_K\le \Vert A_t\Vert \Vert A_{t-1}\Vert \cdots \Vert A_0\Vert \cdot {\Vert f_0-f_{\rho }\Vert }_K\\ \le {\Pi }_{j=0}^t\frac{j+t_0-1}{j+t_0}{\Vert f_0-f_{\rho }\Vert }_K\\ =\frac{t_0}{t+t_0}{\Vert f_{\rho }\Vert }_K.\end{array}$

For the sample error, it is more difficult and the Pinelis-Bernstein inequality [4] will be applied.

Lemma 3 Let ${\xi }_i$ be a martingale difference sequence in a Hilbert space. Sup- pose that almost surely $\Vert {\xi }_i\Vert \le B$ and ${\displaystyle {\sum }_{i=1}^t}{\mathbb{E}}_{i-1}{\Vert {\xi }_i\Vert }^2\le {\sigma }_t^2$ for some constants

$B,{\sigma }_t>0,t=1,2,\cdots$ . Then for any $0<\delta <1$ , with probability at least $1-\delta$ , there holds

$\Vert {\displaystyle \underset{i=1}{\overset{t}{\sum }}}{\xi }_i\Vert \le 2\left(\frac{B}{3}+{\sigma }_t\right)\ln \left(\frac{2}{\delta }\right)$ (21)

Now the error bounds for sample error can be derived. Notice that

${\Vert B_t\Vert }_K\le {\eta }_t\left[M\kappa +\left({\kappa }^2+{\lambda }_t\right){\Vert f_{\rho }\Vert }_K\right]\le {\eta }_t\left[M\kappa +\left({\kappa }^2+1\right){\Vert f_{\rho }\Vert }_K\right]$ . Set

${\xi }_i=A_t{A}_{t-1}\cdots A_i{B}_{i-1},i=1,2,\cdots ,t$ , then

${\Vert {\xi }_i\Vert }_K\le \Vert A_t\Vert \Vert A_{t-1}\Vert \cdots \Vert A_i\Vert {\Vert B_{i-1}\Vert }_K\le \frac{i+t_0-1}{t+t_0}{\eta }_{i-1}\left[M\kappa +\left({\kappa }^2+1\right){\Vert f_{\rho }\Vert }_K\right]$ (22)

$=\frac{1}{t+t_0}\frac{1}{{\lambda }_{i-1}}\left[M\kappa +\left({\kappa }^2+1\right){\Vert f_{\rho }\Vert }_K\right]\le \frac{1}{t+t_0}\frac{1}{{\lambda }_t}\left[M\kappa +\left({\kappa }^2+1\right){\Vert f_{\rho }\Vert }_K\right]$ (23)

$={\eta }_t\left[M\kappa +\left({\kappa }^2+1\right){\Vert f_{\rho }\Vert }_K\right].$ (24)

And ${\displaystyle {\sum }_{i=1}^t}{\mathbb{E}}_{i-1}{\Vert X_i\Vert }_K^2\le t{\eta }_t^2\left[M\kappa +\left({\kappa }^2+1\right){\Vert f_{\rho }\Vert }_K\right]$ . So for any $0<\delta <1$ , with probability at least $1-\delta$ ,

$\begin{array}{c}{\Vert {\displaystyle \underset{i=1}{\overset{t}{\sum }}}{\xi }_i\Vert }_K\le \frac{8}{3}\sqrt{t}{\eta }_t\left[M\kappa +\left({\kappa }^2+1\right){\Vert f_{\rho }\Vert }_K\right]\ln \left(\frac{2}{\delta }\right)\\ \le \frac{8}{3t^{\theta -1/2}}\left[M\kappa +\left({\kappa }^2+1\right){\Vert f_{\rho }\Vert }_K\right]\ln \left(\frac{2}{\delta }\right)\end{array}$ (25)

Note that ${\Vert B_t\Vert }_K\le {\eta }_t\left[M\kappa +\left({\kappa }^2+1\right){\Vert f_{\rho }\Vert }_K\right]$ , hence

${\Vert B_t+A_t{B}_{t-1}+\cdots +A_t{A}_{t-1}\cdots A_1{B}_0\Vert }_K\le \frac{11}{3t^{\theta -1/2}}\left[M\kappa +\left({\kappa }^2+1\right){\Vert f_{\rho }\Vert }_K\right]\ln \left(\frac{2}{\delta }\right)$ (26)

Combining the initial error, sample error bounds and applying Markov in- equality for the fact that $\mathbb{E}\left|b_{t+1}\right|=C_{t+1}/ϵ$ , the total error estimation is obtained.

Theorem 2 Choose ${\eta }_t\mathrm{,}{\lambda }_t$ and $b_t$ as in the theorem in the last section, with confidence $1-\delta \left(0<\delta <1\right)$ , there holds

${\Vert f_{t+1,\mathcal{A}}-f_{\rho }\Vert }_K\le C_{ϵ}\frac{1}{t^{\theta -1/2}}\frac{4}{\delta }$ (27)

where constant $C_{ϵ}=4\left({\kappa }^2+1\right)\kappa M/ϵ+t_0{\Vert f_{\rho }\Vert }_K+\frac{11}{3}\left(\kappa M+\left({\kappa }^2+1\right){\Vert f_{\rho }\Vert }_K\right)$ .

5. Conclusion

In this paper, analysis is performed for the differential privacy (Theorem 1) and generalization property (Theorem 2) for the online differential private learning algorithm (6). Under the choice of parameters in our theorems, the algorithm (6) can provide $ϵ$ -differential privacy and keep learning rate close to $1/2$ , for any $ϵ>0$ . However, this error bound is not satisfactory enough. It might be an interesting problem to promote the error bound from $2/\delta$ to $ln\left(2/\delta \right)$ in our future work.

Fund

This work is supported by NSFC (Nos. 11326096, 11401247), NSF of Guangdong Province in China (No. 2015A030313674), Foundation for Distinguished Young Talents in Higher Education of Guangdong, China (No. 2013LYM_0089), National Social Science Fund in China (No. 15BTJ024), Planning Fund Project of Humanities and Social Science Research in Chinese Ministry of Education (No. 14YJAZH040) and Doctor Grants of Huizhou University (No. C511.0206).

Conflicts of Interest

The authors declare no conflicts of interest.

References