Tensorflow_privacy compatability with keras models

NICK_VLACHAKIS · December 1, 2023, 1:48am

I am using tensorflow-keras to train a simple cnn. I am trying to use the DP version of that optimizer, but the following error occurs during training:

AssertionError: Neither _compute_gradients() or get_gradients() on the differentially private optimizer was called. This means the training is not differentially private. It may be the case that you need to upgrade to TF 2.4 or higher to use this particular optimizer.

I run this through docker-compose file (the training is happening inside a service of the docker-compose file) with the following specifications:

Dockerfile:

# Use an official Python runtime as a parent image
FROM python:3.9-slim-buster
# Set the working directory in the container to /app
WORKDIR /app

# Copy the requirements file into the container
COPY ./requirements.txt /app/requirements.txt

# Install gcc and other dependencies
RUN apt-get update && apt-get install -y \
    gcc \
    libgomp1 \
    python3-dev && \
    rm -rf /var/lib/apt/lists/*


RUN pip install --upgrade pip -v --no-cache-dir -r requirements.txt

requirements.txt:

tensorflow-estimator~=2.4
tensorflow-probability~=0.22.0
tensorflow~=2.4
flwr
tensorflow_privacy
dp_accounting==0.4.3
flask
flask-restful
flask_cors
requests
mlflow
scipy
numpy
sparse~=0.13.0

Tim_Wolfe · January 27, 2024, 12:42pm

NICK_VLACHAKIS:

am using tensorflow-keras to train a simple cnn. I am trying to use the DP version of that optimizer, but the following error occurs during training:

AssertionError: Neither _compute_gradients() or get_gradients() on the differentially private optimizer was called. This means the training is not differentially private. It may be the case that you need to upgrade to TF 2.4 or higher to use this particular optimizer.

I run this through docker-compose file (the training is happening inside a service of the docker-compose file) with the following specifications:

Dockerfile:
# Use an official Python runtime as a parent image
FROM python:3.9-slim-buster
# Set the working directory in the container to /app
WORKDIR /app

# Copy the requirements file into the container
COPY ./requirements.txt /app/requirements.txt

# Install gcc and other dependencies
RUN apt-get update && apt-get install -y \
    gcc \
    libgomp1 \
    python3-dev && \
    rm -rf /var/lib/apt/lists/*


RUN pip install --upgrade pip -v --no-cache-dir -r requirements.txt
requirements.txt:
tensorflow-estimator~=2.4
tensorflow-probability~=0.22.0
tensorflow~=2.4
flwr
tensorflow_privacy
dp_accounting==0.4.3
flask
flask-restful
flask_cors
requests
mlflow
scipy
numpy
sparse~=0.13.0

The error message you’re encountering suggests that the training process is not using the differentially private (DP) optimizer from TensorFlow Privacy in a way that engages its differential privacy mechanisms. This issue could arise due to compatibility problems, incorrect usage of the DP optimizer, or issues related to the TensorFlow version. Here are some steps to troubleshoot and potentially resolve the issue:

TensorFlow Version Compatibility

First, ensure that your TensorFlow version is compatible with TensorFlow Privacy. The error message suggests upgrading to TensorFlow 2.4 or higher, which you’ve already done according to your requirements.txt. However, TensorFlow Privacy is actively developed, so it’s a good idea to check the latest compatibility information on the TensorFlow Privacy GitHub page.

Correct Usage of DP Optimizer

Ensure that you’re correctly substituting the standard Keras optimizer with its DP counterpart from TensorFlow Privacy. Here’s a general way to use a DP optimizer with a Keras model:

from tensorflow_privacy.privacy.optimizers.dp_optimizer_keras import DPKerasAdamOptimizer

Define your model

model = … # Your Keras model definition

Use a DP optimizer

optimizer = DPKerasAdamOptimizer(
l2_norm_clip=1.0,
noise_multiplier=0.1,
num_microbatches=1, # Can be set to batch_size for non-vectorized version
learning_rate=0.001
)

model.compile(optimizer=optimizer, loss=‘categorical_crossentropy’, metrics=[‘accuracy’])

Ensure Microbatches are Used

TensorFlow Privacy optimizers work by computing gradients on microbatches, a subset of your batch data, to apply noise and clipping for differential privacy. The num_microbatches argument in the DP optimizer is crucial for this process. If your batch size is not divisible by num_microbatches, you might encounter issues. Ensure that num_microbatches is set correctly, potentially matching your batch size if you’re not using vectorized computations.

Check for Deprecated Methods

The error message mentions _compute_gradients() and get_gradients(), which suggests that there might be a mismatch in how gradients are computed or applied in your training loop. If you’re manually defining a training loop, ensure it’s using the optimizer’s methods correctly. For most users, using model.fit() with a compiled model (as shown above) should abstract away these details.

Docker Environment

Since you’re running this in a Docker environment, ensure that the Docker container has access to all necessary resources and that there are no environment-specific issues affecting the TensorFlow or TensorFlow Privacy operations.

Check TensorFlow Privacy Version

Ensure that the version of TensorFlow Privacy you’re using is compatible with your TensorFlow version. You might need to update TensorFlow Privacy to a newer version that supports TensorFlow 2.4 or higher, as the API and functionality can change between releases.

Review TensorFlow Privacy Documentation

Review the TensorFlow Privacy documentation and examples to ensure that your implementation follows the recommended practices. The examples provided in their repository can be particularly helpful in understanding how to correctly use DP optimizers.

If after these checks you’re still facing issues, consider providing more details about how you’re using the DP optimizer in your code, as there might be specific nuances in your implementation that are causing the problem.