English

Differentially Private Model Merging

Machine Learning 2026-05-21 v2 Artificial Intelligence Cryptography and Security Machine Learning

Abstract

In machine learning, privacy requirements at inference or deployment time often evolve due to changing policies, regulations, or user preferences. In this work, we aim to construct a magnitude of models to satisfy any target differential privacy (DP) requirement without additional training, given a set of existing models trained on the same dataset with different privacy/utility tradeoffs. We propose two post-processing techniques, namely random selection and linear combination, to generate final private models satisfying any target privacy parameter. We provide privacy accounting of these approaches from the lens of R'enyi DP and privacy loss distributions on general problems, as well as on private mean estimation, where we precisely characterize the privacy/utility tradeoffs and compare the two mechanisms. Empirically, we demonstrate the effectiveness of our approaches and validate our analyses on several models and both synthetic and real-world datasets.

Keywords

Cite

@article{arxiv.2604.20985,
  title  = {Differentially Private Model Merging},
  author = {Qichuan Yin and Manzil Zaheer and Tian Li},
  journal= {arXiv preprint arXiv:2604.20985},
  year   = {2026}
}
R2 v1 2026-07-01T12:31:14.984Z