In [1]:
!pip install torch torchvision torchaudio



In [2]:
!pip install opacus

Collecting opacus
  Downloading opacus-1.5.2-py3-none-any.whl.metadata (7.9 kB)
Downloading opacus-1.5.2-py3-none-any.whl (239 kB)
[2K   [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m239.9/239.9 kB[0m [31m5.1 MB/s[0m eta [36m0:00:00[0m
[?25hInstalling collected packages: opacus
Successfully installed opacus-1.5.2


In [3]:
import warnings
warnings.simplefilter("ignore")

MAX_GRAD_NORM = 1.2
EPSILON = 3.0
DELTA = 1e-5
EPOCHS = 15

LR = 1e-3

In [4]:
BATCH_SIZE = 512
MAX_PHYSICAL_BATCH_SIZE = 128

In [5]:
import torch
import torchvision
import torchvision.transforms as transforms

# These values, specific to the CIFAR10 dataset, are assumed to be known.
# If necessary, they can be computed with modest privacy budgets.
CIFAR10_MEAN = (0.4914, 0.4822, 0.4465)
CIFAR10_STD_DEV = (0.2023, 0.1994, 0.2010)

transform = transforms.Compose([
    transforms.ToTensor(),
    transforms.Normalize(CIFAR10_MEAN, CIFAR10_STD_DEV),
])

In [6]:
from torchvision.datasets import CIFAR10

DATA_ROOT = '../cifar10'

train_dataset = CIFAR10(
    root=DATA_ROOT, train=True, download=True, transform=transform)

train_loader = torch.utils.data.DataLoader(
    train_dataset,
    batch_size=BATCH_SIZE,
)

test_dataset = CIFAR10(
    root=DATA_ROOT, train=False, download=True, transform=transform)

test_loader = torch.utils.data.DataLoader(
    test_dataset,
    batch_size=BATCH_SIZE,
    shuffle=False,
)

Downloading https://www.cs.toronto.edu/~kriz/cifar-10-python.tar.gz to ../cifar10/cifar-10-python.tar.gz


100%|██████████| 170498071/170498071 [00:04<00:00, 34375579.12it/s]


Extracting ../cifar10/cifar-10-python.tar.gz to ../cifar10
Files already downloaded and verified


### **ResNet-n from torch**

In [None]:
from torchvision import models

### **ResNet20**

In [7]:
import torch
import torch.nn as nn
import torch.nn.functional as F

In [8]:
class BasicBlock(nn.Module):
    def __init__(self, in_channels, out_channels, stride=1, num_groups=32):
        super(BasicBlock, self).__init__()
        # First convolutional layer
        self.conv1 = nn.Conv2d(in_channels, out_channels, kernel_size=3, stride=stride, padding=1, bias=False)
        self.gn1 = nn.GroupNorm(num_groups, out_channels)  #GroupNorm for DP compatability
        # Second convolutional layer
        self.conv2 = nn.Conv2d(out_channels, out_channels, kernel_size=3, stride=1, padding=1, bias=False)
        self.gn2 = nn.GroupNorm(num_groups, out_channels)  #GroupNorm for DP compatability
        # Skip connection
        self.shortcut = nn.Sequential()
        if stride != 1 or in_channels != out_channels:
            self.shortcut = nn.Sequential(
                nn.Conv2d(in_channels, out_channels, kernel_size=1, stride=stride, bias=False),
                nn.GroupNorm(num_groups, out_channels)  #GroupNorm for DP compatability
            )

    def forward(self, x):
        out = F.relu(self.gn1(self.conv1(x)))
        out = self.gn2(self.conv2(out))
        out += self.shortcut(x)
        out = F.relu(out)
        return out

class ResNet20(nn.Module):
    def __init__(self, num_classes=10, num_groups=32):
        super(ResNet20, self).__init__()
        self.in_channels = 16
        # Initial convolutional layer
        self.conv1 = nn.Conv2d(3, self.in_channels, kernel_size=3, stride=1, padding=1, bias=False)
        self.gn1 = nn.GroupNorm(num_groups, self.in_channels)  #GroupNorm for DP compatability
        # Residual blocks
        self.layer1 = self._make_layer(16, 3, stride=1, num_groups=num_groups)
        self.layer2 = self._make_layer(32, 3, stride=2, num_groups=num_groups)
        self.layer3 = self._make_layer(64, 3, stride=2, num_groups=num_groups)
        # Fully connected layer
        self.fc = nn.Linear(64, num_classes)

    def _make_layer(self, out_channels, num_blocks, stride, num_groups):
        layers = []
        for _ in range(num_blocks):
            layers.append(BasicBlock(self.in_channels, out_channels, stride, num_groups=num_groups))
            self.in_channels = out_channels
            stride = 1  #Only the first block in each layer has a stride of 2
        return nn.Sequential(*layers)

    def forward(self, x):
        out = F.relu(self.gn1(self.conv1(x)))
        out = self.layer1(out)
        out = self.layer2(out)
        out = self.layer3(out)
        out = F.avg_pool2d(out, 8)
        out = out.view(out.size(0), -1)
        out = self.fc(out)
        return out

### Model Assignment

In [9]:
#model = models.resnet18(num_classes=10)
model = ResNet20(num_classes=10, num_groups=4)

In [10]:
from opacus.validators import ModuleValidator

errors = ModuleValidator.validate(model, strict=False)
errors[-5:]

[]

In [11]:
model = ModuleValidator.fix(model)
ModuleValidator.validate(model, strict=False)

[]

In [12]:
device = torch.device("cuda" if torch.cuda.is_available() else "cpu")

model = model.to(device)

In [13]:
import torch.nn as nn
import torch.optim as optim

criterion = nn.CrossEntropyLoss()
optimizer = optim.RMSprop(model.parameters(), lr=LR)

In [14]:
def accuracy(preds, labels):
    return (preds == labels).mean()

In [15]:
from opacus import PrivacyEngine

privacy_engine = PrivacyEngine()

model, optimizer, train_loader = privacy_engine.make_private_with_epsilon(
    module=model,
    optimizer=optimizer,
    data_loader=train_loader,
    epochs=EPOCHS,
    target_epsilon=EPSILON,
    target_delta=DELTA,
    max_grad_norm=MAX_GRAD_NORM,
)

print(f"Using sigma={optimizer.noise_multiplier} and C={MAX_GRAD_NORM}")

Using sigma=0.880126953125 and C=1.2


In [16]:
import numpy as np
from opacus.utils.batch_memory_manager import BatchMemoryManager


def train(model, train_loader, optimizer, epoch, device):
    model.train()
    criterion = nn.CrossEntropyLoss()

    losses = []
    top1_acc = []

    with BatchMemoryManager(
        data_loader=train_loader,
        max_physical_batch_size=MAX_PHYSICAL_BATCH_SIZE,
        optimizer=optimizer
    ) as memory_safe_data_loader:

        for i, (images, target) in enumerate(memory_safe_data_loader):
            optimizer.zero_grad()
            images = images.to(device)
            target = target.to(device)

            # compute output
            output = model(images)
            loss = criterion(output, target)

            preds = np.argmax(output.detach().cpu().numpy(), axis=1)
            labels = target.detach().cpu().numpy()

            # measure accuracy and record loss
            acc = accuracy(preds, labels)

            losses.append(loss.item())
            top1_acc.append(acc)

            loss.backward()
            optimizer.step()

            if (i+1) % 200 == 0:
                epsilon = privacy_engine.get_epsilon(DELTA)
                print(
                    f"\tTrain Epoch: {epoch} \t"
                    f"Loss: {np.mean(losses):.6f} "
                    f"Acc@1: {np.mean(top1_acc) * 100:.6f} "
                    f"(ε = {epsilon:.2f}, δ = {DELTA})"
                )

In [17]:
def test(model, test_loader, device):
    model.eval()
    criterion = nn.CrossEntropyLoss()
    losses = []
    top1_acc = []

    with torch.no_grad():
        for images, target in test_loader:
            images = images.to(device)
            target = target.to(device)

            output = model(images)
            loss = criterion(output, target)
            preds = np.argmax(output.detach().cpu().numpy(), axis=1)
            labels = target.detach().cpu().numpy()
            acc = accuracy(preds, labels)

            losses.append(loss.item())
            top1_acc.append(acc)

    top1_avg = np.mean(top1_acc)

    print(
        f"\tTest set:"
        f"Loss: {np.mean(losses):.6f} "
        f"Acc: {top1_avg * 100:.6f} "
    )
    return np.mean(top1_acc)

In [18]:
from tqdm.notebook import tqdm

for epoch in tqdm(range(EPOCHS), desc="Epoch", unit="epoch"):
    train(model, train_loader, optimizer, epoch + 1, device)

Epoch:   0%|          | 0/15 [00:00<?, ?epoch/s]

	Train Epoch: 1 	Loss: 2.330277 Acc@1: 13.297892 (ε = 0.92, δ = 1e-05)
	Train Epoch: 1 	Loss: 2.264614 Acc@1: 15.609855 (ε = 1.09, δ = 1e-05)
	Train Epoch: 2 	Loss: 2.138259 Acc@1: 21.617119 (ε = 1.23, δ = 1e-05)
	Train Epoch: 2 	Loss: 2.101947 Acc@1: 23.005086 (ε = 1.33, δ = 1e-05)
	Train Epoch: 3 	Loss: 1.960923 Acc@1: 27.769343 (ε = 1.44, δ = 1e-05)
	Train Epoch: 3 	Loss: 1.947851 Acc@1: 28.477005 (ε = 1.53, δ = 1e-05)
	Train Epoch: 4 	Loss: 1.899831 Acc@1: 31.048182 (ε = 1.62, δ = 1e-05)
	Train Epoch: 4 	Loss: 1.875392 Acc@1: 31.989003 (ε = 1.70, δ = 1e-05)
	Train Epoch: 5 	Loss: 1.817585 Acc@1: 34.232959 (ε = 1.78, δ = 1e-05)
	Train Epoch: 5 	Loss: 1.818172 Acc@1: 34.591174 (ε = 1.85, δ = 1e-05)
	Train Epoch: 6 	Loss: 1.772211 Acc@1: 36.418226 (ε = 1.93, δ = 1e-05)
	Train Epoch: 6 	Loss: 1.775804 Acc@1: 36.548745 (ε = 1.99, δ = 1e-05)
	Train Epoch: 7 	Loss: 1.759301 Acc@1: 38.098246 (ε = 2.06, δ = 1e-05)
	Train Epoch: 7 	Loss: 1.765575 Acc@1: 37.934721 (ε = 2.12, δ = 1e-05)
	Train

In [19]:
top1_acc = test(model, test_loader, device)

	Test set:Loss: 1.896301 Acc: 42.606847 
