Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A New Analysis of Differential Privacy's Generalization Guarantees

Christopher Jung, Katrina Ligett, Seth Neel, Aaron Roth, Saeed Sharifi-Malvajerdi, Moshe Shenfeld

TL;DR

It is shown that differential privacy ensures that the expectation of any query on the posterior distribution on datasets induced by the transcript of the interaction is close to its true value on the data distribution, and sample accuracy ensures that any query answer produced by the mechanism is close to its posterior expectation with high probability.

Abstract

We give a new proof of the "transfer theorem" underlying adaptive data analysis: that any mechanism for answering adaptively chosen statistical queries that is differentially private and sample-accurate is also accurate out-of-sample. Our new proof is elementary and gives structural insights that we expect will be useful elsewhere. We show: 1) that differential privacy ensures that the expectation of any query on the posterior distribution on datasets induced by the transcript of the interaction is close to its true value on the data distribution, and 2) sample accuracy on its own ensures that any query answer produced by the mechanism is close to its posterior expectation with high probability. This second claim follows from a thought experiment in which we imagine that the dataset is resampled from the posterior distribution after the mechanism has committed to its answers. The transfer theorem then follows by summing these two bounds, and in particular, avoids the "monitor argument" used to derive high probability bounds in prior work. An upshot of our new proof technique is that the concrete bounds we obtain are substantially better than the best previously known bounds, even though the improvements are in the constants, rather than the asymptotics (which are known to be tight). As we show, our new bounds outperform the naive "sample-splitting" baseline at dramatically smaller dataset sizes compared to the previous state of the art, bringing techniques from this literature closer to practicality.

A New Analysis of Differential Privacy's Generalization Guarantees

TL;DR

It is shown that differential privacy ensures that the expectation of any query on the posterior distribution on datasets induced by the transcript of the interaction is close to its true value on the data distribution, and sample accuracy ensures that any query answer produced by the mechanism is close to its posterior expectation with high probability.

Abstract

We give a new proof of the "transfer theorem" underlying adaptive data analysis: that any mechanism for answering adaptively chosen statistical queries that is differentially private and sample-accurate is also accurate out-of-sample. Our new proof is elementary and gives structural insights that we expect will be useful elsewhere. We show: 1) that differential privacy ensures that the expectation of any query on the posterior distribution on datasets induced by the transcript of the interaction is close to its true value on the data distribution, and 2) sample accuracy on its own ensures that any query answer produced by the mechanism is close to its posterior expectation with high probability. This second claim follows from a thought experiment in which we imagine that the dataset is resampled from the posterior distribution after the mechanism has committed to its answers. The transfer theorem then follows by summing these two bounds, and in particular, avoids the "monitor argument" used to derive high probability bounds in prior work. An upshot of our new proof technique is that the concrete bounds we obtain are substantially better than the best previously known bounds, even though the improvements are in the constants, rather than the asymptotics (which are known to be tight). As we show, our new bounds outperform the naive "sample-splitting" baseline at dramatically smaller dataset sizes compared to the previous state of the art, bringing techniques from this literature closer to practicality.

Paper Structure

This paper contains 18 sections, 14 theorems, 49 equations, 1 figure.

Table of Contents

  1. Introduction
  2. Proof Techniques
  3. Prior Work
  4. Our Approach
  5. Further Related Work
  6. Preliminaries
  7. An Elementary Proof of the Transfer Theorem
  8. A General Transfer Theorem
  9. A Transfer Theorem for Differential Privacy
  10. Applications: The Gaussian Mechanism
  11. Discussion
  12. Acknowledgements
  13. Extensions
  14. Low Sensitivity Queries
  15. Minimization Queries
  16. ...and 3 more sections

Key Result

Theorem 3.1

Suppose that $\textrm{Interact}\,(M,\mathcal{A}; \cdot)$ is an $(\alpha,\beta)$-sample accurate, $(\epsilon, \delta)$-posterior sensitive interaction. Then for every $c > 0$ it also satisfies: i.e. it is $(\alpha', \beta')$-distributionally accurate for $\alpha' = \alpha +c + \epsilon$ and $\beta' = \frac{\beta}{c} + \delta$.

Figures (1)

  • Figure 1: A comparison of the number of adaptive linear queries that can be answered using the Gaussian mechanism as analyzed by our transfer theorem (Theorem \ref{['thm:transfer2']}), the numerically optimized variant of the bound from BNSSSU16 as derived in RRSSTW19, and the original transfer theorem from DFHPRR15a. We plot for each dataset size $n$, the number of queries $k$ that can be answered while guaranteeing confidence intervals around the answer that have width $\alpha = 0.1$ and uniform coverage probability $1-\beta = 0.95$. We compare with the naive sample splitting baseline that simply splits the dataset into $k$ pieces and answers each query with the empirical answer on a fresh piece.

Theorems & Definitions (33)

  • Definition 2.1
  • Definition 2.2: DMNS06
  • Definition 2.3
  • Theorem 3.1: General Transfer Theorem
  • Lemma 3.2: Bayesian Resampling Lemma
  • Lemma 3.3
  • proof
  • proof : Proof of Theorem \ref{['thm:gen_transfer']}
  • Lemma 3.4
  • proof
  • ...and 23 more