# 📚 Differential Privacy in Tiny LLM Training

Built by **Stu** 🚀

## Section 1: Basics of Private LLM Training

### Exercise 1: Define Private LLM Training

In [1]:
private_llm_training_definition = "Training a language model while adding noise to gradients to protect sensitive text."

### Exercise 2: Sketch Privacy Risks in LLMs

In [2]:
llm_privacy_risks = "Memorization of sensitive phrases (e.g., names, addresses) leading to privacy leaks in output."

## Section 2: Simulate Tiny Text Dataset

### Exercise 3: Create Tiny Corpus

In [3]:
tiny_corpus = [
    "I love Paris in the spring",
    "New York is a vibrant city",
    "Tokyo has amazing food",
    "London is very rainy",
    "Traveling expands your mind"
]

### Exercise 4: Build Vocabulary

In [4]:
vocab = set()
for sentence in tiny_corpus:
    vocab.update(sentence.lower().split())
vocab = sorted(list(vocab))
word2idx = {word: idx for idx, word in enumerate(vocab)}
idx2word = {idx: word for word, idx in word2idx.items()}
vocab

### Exercise 5: Encode Sentences as Indices

In [5]:
encoded_sentences = []
for sentence in tiny_corpus:
    encoded = [word2idx[word] for word in sentence.lower().split()]
    encoded_sentences.append(encoded)
encoded_sentences

## Section 3: Train Toy LLM with DP Noise

### Exercise 6: Simulate Simple Embedding + Prediction

In [6]:
np.random.seed(42)
embedding_dim = 8
W_embed = np.random.normal(0, 0.1, size=(len(vocab), embedding_dim))
W_out = np.random.normal(0, 0.1, size=(embedding_dim, len(vocab)))

### Exercise 7: Add DP Noise to Gradients

In [7]:
def add_dp_noise(grads, epsilon=1.0):
    return grads + np.random.laplace(0, 1/epsilon, size=grads.shape)

### Exercise 8: Single Step Private Gradient Update

In [8]:
# Example single (very simplified) training step
x_idx = encoded_sentences[0][0]  # First word
y_idx = encoded_sentences[0][1]  # Next word

# Forward
embedding = W_embed[x_idx]
logits = embedding @ W_out

# Loss Gradient (softmax cross-entropy simplified)
probs = np.exp(logits) / np.sum(np.exp(logits))
grad_logits = probs.copy()
grad_logits[y_idx] -= 1

# Backward
grad_W_out = np.outer(embedding, grad_logits)
grad_embed = grad_logits @ W_out.T

# Add noise
grad_W_out = add_dp_noise(grad_W_out, epsilon=1.0)
grad_embed = add_dp_noise(grad_embed, epsilon=1.0)

# Update
W_out -= 0.1 * grad_W_out
W_embed[x_idx] -= 0.1 * grad_embed

## Section 4: Reflections

### Exercise 9: Reflect on Private Training Challenges

In [9]:
tiny_llm_reflection = "DP noise on tiny datasets leads to unstable gradients; larger models need careful tuning."

### Exercise 10: Summarize Trade-offs

In [10]:
tiny_llm_summary = "Private training prevents overfitting to rare phrases but slows convergence and hurts performance slightly."