A recent study by De et al. (2022) has reported that large-scale representation learning through pre-training on a public dataset significantly enhances differentially private (DP) learning in downstream tasks, despite the high dimensionality of the feature space. To theoretically explain this phenomenon, we consider the setting of a layer-peeled model in representation learning, which results in interesting phenomena related to learned features in deep learning and transfer learning, known as Neural Collapse (NC). Within the framework of NC, we establish an error bound indicating that the misclassification error is independent of dimension when the distance between actual features and the ideal ones is smaller than a threshold. Additionally, the quality of the features in the last layer is empirically evaluated under different pre-trained models within the framework of NC, showing that a more powerful transformer leads to a better feature representation. Furthermore, we reveal that DP fine-tuning is less robust compared to fine-tuning without DP, particularly in the presence of perturbations. These observations are supported by both theoretical analyses and experimental evaluation. Moreover, to enhance the robustness of DP fine-tuning, we suggest several strategies, such as feature normalization or employing dimension reduction methods like Principal Component Analysis (PCA). Empirically, we demonstrate a significant improvement in testing accuracy by conducting PCA on the last-layer features.

翻译：De等人（2022）最近的研究表明，通过在公共数据集上进行预训练的大规模表征学习，尽管特征空间维度很高，仍能显著提升下游任务中的差分隐私学习性能。为从理论上解释这一现象，我们考虑表征学习中的层剥离模型设定，这引发了与深度学习和迁移学习中学习特征相关的有趣现象，即神经坍缩。在神经坍缩框架下，我们建立了一个误差界，表明当实际特征与理想特征之间的距离小于某个阈值时，误分类误差与维度无关。此外，我们在神经坍缩框架下，通过实验评估了不同预训练模型中最后一层特征的质量，结果表明更强大的Transformer模型能产生更好的特征表示。进一步地，我们揭示了差分隐私微调相比非差分隐私微调鲁棒性较差，尤其是在存在扰动的情况下。这些发现得到了理论分析和实验评估的支持。此外，为增强差分隐私微调的鲁棒性，我们提出了若干策略，例如特征归一化或采用主成分分析等降维方法。实验上，我们通过对最后一层特征进行主成分分析，展示了测试准确率的显著提升。