A recent study by De et al. (2022) has reported that large-scale representation learning through pre-training on a public dataset significantly enhances differentially private (DP) learning in downstream tasks, despite the high dimensionality of the feature space. To theoretically explain this phenomenon, we consider the setting of a layer-peeled model in representation learning, which results in interesting phenomena related to learned features in deep learning and transfer learning, known as Neural Collapse (NC). Within the framework of NC, we establish an error bound indicating that the misclassification error is independent of dimension when the distance between actual features and the ideal ones is smaller than a threshold. Additionally, the quality of the features in the last layer is empirically evaluated under different pre-trained models within the framework of NC, showing that a more powerful transformer leads to a better feature representation. Furthermore, we reveal that DP fine-tuning is less robust compared to fine-tuning without DP, particularly in the presence of perturbations. These observations are supported by both theoretical analyses and experimental evaluation. Moreover, to enhance the robustness of DP fine-tuning, we suggest several strategies, such as feature normalization or employing dimension reduction methods like Principal Component Analysis (PCA). Empirically, we demonstrate a significant improvement in testing accuracy by conducting PCA on the last-layer features.

翻译：近期De等人（2022）的研究报告指出，尽管特征空间维度极高，通过在公共数据集上进行预训练的大规模表征学习能显著提升下游任务中的差分隐私学习效果。为从理论上解释这一现象，我们考虑表征学习中的层剥离模型设置，由此引出了深度学习与迁移学习中与习得特征相关的有趣现象——即神经坍缩。在神经坍缩框架内，我们建立了一个误差界，表明当实际特征与理想特征之间的距离小于阈值时，误分类误差与维度无关。此外，我们在神经坍缩框架下通过不同预训练模型对最后一层特征质量进行了实证评估，结果显示更强的Transformer能产生更优的特征表征。进一步地，我们揭示差分隐私微调在存在扰动时其鲁棒性弱于无差分隐私微调。这些观察结论得到了理论分析与实验评估的共同支持。为增强差分隐私微调的鲁棒性，我们建议采用特征归一化或主成分分析等降维方法等多种策略。通过实证研究，我们展示了在最后一层特征上实施主成分分析后测试准确率的显著提升。