A recent study by De et al. (2022) has reported that large-scale representation learning through pre-training on a public dataset significantly enhances differentially private (DP) learning in downstream tasks, despite the high dimensionality of the feature space. To theoretically explain this phenomenon, we consider the setting of a layer-peeled model in representation learning, which results in interesting phenomena related to learned features in deep learning and transfer learning, known as Neural Collapse (NC). Within the framework of NC, we establish an error bound indicating that the misclassification error is independent of dimension when the distance between actual features and the ideal ones is smaller than a threshold. Additionally, the quality of the features in the last layer is empirically evaluated under different pre-trained models within the framework of NC, showing that a more powerful transformer leads to a better feature representation. Furthermore, we reveal that DP fine-tuning is less robust compared to fine-tuning without DP, particularly in the presence of perturbations. These observations are supported by both theoretical analyses and experimental evaluation. Moreover, to enhance the robustness of DP fine-tuning, we suggest several strategies, such as feature normalization or employing dimension reduction methods like Principal Component Analysis (PCA). Empirically, we demonstrate a significant improvement in testing accuracy by conducting PCA on the last-layer features.

翻译：De等（2022）的最新研究表明，通过在公共数据集上进行预训练的大规模表征学习，尽管特征空间维度很高，仍能显著提升下游任务中的差分隐私（DP）学习效果。为从理论上解释这一现象，我们考虑表征学习中的层剥离模型设定，该设定引出了深度学习和迁移学习中与习得特征相关的有趣现象——即神经坍缩（NC）。在NC框架下，我们建立了一个误差界，表明当实际特征与理想特征之间的距离小于某个阈值时，分类错误率与维度无关。此外，我们在NC框架下利用不同预训练模型对最后一层特征质量进行了实证评估，结果表明更强的Transformer能带来更好的特征表征。进一步，我们发现与无DP微调相比，DP微调在存在扰动时鲁棒性较差。这些观察均得到理论分析和实验评估的支持。为增强DP微调的鲁棒性，我们提出了几种策略，如特征归一化或采用主成分分析（PCA）等降维方法。实验表明，对最后一层特征进行PCA后可显著提升测试准确率。