## Section 3: DP-SGD (Differentially Private Stochastic Gradient Descent)

### Exercise 10: Sketch How DP-SGD Works

Describe how DP-SGD modifies standard SGD.

In [10]:
dp_sgd_explanation = ""

### Exercise 11: Add Gaussian Noise to Gradients

Write a function that adds Gaussian noise to gradients.

In [11]:
def add_noise_to_gradients(gradients, sigma):
    noise = np.random.normal(0, sigma, size=gradients.shape)
    return gradients + noise

### Exercise 12: Build a Toy MLP (PyTorch)

In [12]:
import torch
import torch.nn as nn

class ToyMLP(nn.Module):
    def __init__(self):
        super(ToyMLP, self).__init__()
        self.fc1 = nn.Linear(2, 16)
        self.fc2 = nn.Linear(16, 2)
    
    def forward(self, x):
        x = torch.relu(self.fc1(x))
        x = self.fc2(x)
        return x

model = ToyMLP()
model

### Exercise 13: Minibatch Sampling

Write code to sample minibatches from the dataset.

In [13]:
def sample_minibatch(X, y, batch_size):
    indices = np.random.choice(len(X), batch_size, replace=False)
    return X[indices], y[indices]

### Exercise 14: Apply Noise After Backward Pass

Add Gaussian noise to gradients after `.backward()`.

In [14]:
def apply_noise_to_model(model, sigma):
    for param in model.parameters():
        if param.grad is not None:
            noise = torch.normal(0, sigma, size=param.grad.shape)
            param.grad += noise

### Exercise 15: Train with Noisy Gradients

Train the toy model with DP-SGD.

In [15]:
# Pseudocode: this will be run in a real setup
# for epoch in range(epochs):
#     X_batch, y_batch = sample_minibatch(X_train, y_train, batch_size)
#     optimizer.zero_grad()
#     outputs = model(X_batch)
#     loss = criterion(outputs, y_batch)
#     loss.backward()
#     apply_noise_to_model(model, sigma=1.0)
#     optimizer.step()

### Exercise 16: Plot Privacy vs Accuracy

Plot epsilon vs model accuracy over training.

In [16]:
# Pseudocode (depends on training loop)
# plt.plot(epsilons, accuracies)
# plt.xlabel('Privacy Loss ε')
# plt.ylabel('Model Accuracy')
# plt.title('Privacy vs Accuracy')
# plt.show()