We propose a novel framework for the differentially private ERM, input perturbation. Existing differentially private ERM implicitly assumed that the data contributors submit their private data to a database expecting that the database invokes a differentially private mechanism for publication of the learned model. In input perturbation, each data contributor independently randomizes her/his data by itself and submits the perturbed data to the database. We show that the input perturbation framework theoretically guarantees that the model learned with the randomized data eventually satisfies differential privacy with the prescribed privacy parameters. At the same time, input perturbation guarantees that local differential privacy is guaranteed to the server. We also show that the excess risk bound of the model learned with input perturbation is $O(1/n)$ under a certain condition, where $n$ is the sample size. This is the same as the excess risk bound of the state-of-the-art.

提出了一种新的差分隐私ERM框架：输入扰动。在这种框架中，每个数据贡献者独立地对其数据进行随机化并将扰动数据提交给数据库。我们证明了该框架在一定条件下，确保了使用随机化数据学习到的模型最终满足差分隐私，同时确保本地差分隐私得到了保证。该方法也展示了有关模型的风险界限。

差分隐私经验风险最小化与输入扰动