Training even moderately-sized generative models with differentially-private stochastic gradient descent (DP-SGD) is difficult: the required level of noise for reasonable levels of privacy is simply too large. We advocate instead building off a good, relevant representation on an informative public dataset, then learning to model the private data with that representation. In particular, we minimize the maximum mean discrepancy (MMD) between private target data and a generator's distribution, using a kernel based on perceptual features learned from a public dataset. With the MMD, we can simply privatize the data-dependent term once and for all, rather than introducing noise at each step of optimization as in DP-SGD. Our algorithm allows us to generate CIFAR10-level images with $\epsilon \approx 2$ which capture distinctive features in the distribution, far surpassing the current state of the art, which mostly focuses on datasets such as MNIST and FashionMNIST at a large $\epsilon \approx 10$. Our work introduces simple yet powerful foundations for reducing the gap between private and non-private deep generative models. Our code is available at \url{https://github.com/ParkLabML/DP-MEPF}.

翻译：使用差分隐私随机梯度下降（DP-SGD）训练即使是中等规模的生成模型也颇具挑战：为实现合理隐私保护所需的噪声水平过大。我们主张在信息丰富的公共数据集上构建良好且相关的表征，然后利用该表征学习对私有数据建模。具体而言，我们基于从公共数据集学到的感知特征构建核函数，通过最小化私有目标数据与生成器分布之间的最大均值差异（MMD）来实现这一目标。借助MMD，我们可以一次性完成数据依赖项的私有化处理，而非像DP-SGD那样在优化每一步都引入噪声。我们的算法能够在$\epsilon \approx 2$的隐私预算下生成CIFAR10级别的图像，并成功捕捉分布中的显著特征，远超当前主要聚焦于MNIST和FashionMNIST数据集（需$\epsilon \approx 10$的大隐私预算）的现有技术水平。本工作为缩小私有与非私有深度生成模型之间的差距引入了简洁而强有力的理论基础。我们的代码发布于\url{https://github.com/ParkLabML/DP-MEPF}。