Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Composition in Differential Privacy for General Granularity Notions (Long Version)

Patricia Guerra-Balboa, Àlex Miranda-Pascual, Javier Parra-Arnau, Thorsten Strufe

TL;DR

This work develops a unifying framework for composing differential privacy mechanisms across general data domains and granularity notions via $d_{\mathcal{D}}$-privacy. It proves independent and adaptive composition theorems that apply to arbitrary domains and granularity, and extends these results to approximate DP, zCDP, and GDP with corresponding AC variants. The authors identify conditions under which the best possible bounds are achievable in parallel-like settings, including a tight bound for bounded DP with disjoint inputs and a common-domain analysis that tightens guarantees. They also address preprocessing, data dependency, post-processing robustness, and reciprocal results, enabling accurate privacy accounting when mixing different domains and granularity notions. Overall, the paper provides a comprehensive, mathematically grounded toolkit for precise DP composition in new and future granularity settings, with clear pathways to additional semantic privacy notions.

Abstract

The composition theorems of differential privacy (DP) allow data curators to combine different algorithms to obtain a new algorithm that continues to satisfy DP. However, new granularity notions (i.e., neighborhood definitions), data domains, and composition settings have appeared in the literature that the classical composition theorems do not cover. For instance, the original parallel composition theorem does not translate well to general granularity notions. This complicates the opportunity of composing DP mechanisms in new settings and obtaining accurate estimates of the incurred privacy loss after composition. To overcome these limitations, we study the composability of DP in a general framework and for any kind of data domain or neighborhood definition. We give a general composition theorem in both independent and adaptive versions and we provide analogous composition results for approximate, zero-concentrated, and Gaussian DP. Besides, we study the hypothesis needed to obtain the best composition bounds. Our theorems cover both parallel and sequential composition settings. Importantly, they also cover every setting in between, allowing us to compute the final privacy loss of a composition with greatly improved accuracy.

Composition in Differential Privacy for General Granularity Notions (Long Version)

TL;DR

This work develops a unifying framework for composing differential privacy mechanisms across general data domains and granularity notions via -privacy. It proves independent and adaptive composition theorems that apply to arbitrary domains and granularity, and extends these results to approximate DP, zCDP, and GDP with corresponding AC variants. The authors identify conditions under which the best possible bounds are achievable in parallel-like settings, including a tight bound for bounded DP with disjoint inputs and a common-domain analysis that tightens guarantees. They also address preprocessing, data dependency, post-processing robustness, and reciprocal results, enabling accurate privacy accounting when mixing different domains and granularity notions. Overall, the paper provides a comprehensive, mathematically grounded toolkit for precise DP composition in new and future granularity settings, with clear pathways to additional semantic privacy notions.

Abstract

The composition theorems of differential privacy (DP) allow data curators to combine different algorithms to obtain a new algorithm that continues to satisfy DP. However, new granularity notions (i.e., neighborhood definitions), data domains, and composition settings have appeared in the literature that the classical composition theorems do not cover. For instance, the original parallel composition theorem does not translate well to general granularity notions. This complicates the opportunity of composing DP mechanisms in new settings and obtaining accurate estimates of the incurred privacy loss after composition. To overcome these limitations, we study the composability of DP in a general framework and for any kind of data domain or neighborhood definition. We give a general composition theorem in both independent and adaptive versions and we provide analogous composition results for approximate, zero-concentrated, and Gaussian DP. Besides, we study the hypothesis needed to obtain the best composition bounds. Our theorems cover both parallel and sequential composition settings. Importantly, they also cover every setting in between, allowing us to compute the final privacy loss of a composition with greatly improved accuracy.
Paper Structure (23 sections, 54 theorems, 165 equations, 1 figure, 1 table)

This paper contains 23 sections, 54 theorems, 165 equations, 1 figure, 1 table.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. Tabular Databases and Differential Privacy
  4. Differential Privacy: Unbounded vs. Bounded
  5. Introduction to the Composition Theorems
  6. The Classic Composition Theorems
  7. Generalizing the Granularity Notion of DP
  8. Relationship between Metrics
  9. Changing the Privacy Space
  10. The Independent Composition Theorem
  11. Composing Mechanisms
  12. Independent Composition
  13. A Better Bound for Disjoint Inputs
  14. Common-Domain Setting
  15. A Better Composition for the Bounded Case over Disjoint Databases
  16. ...and 8 more sections

Key Result

proposition 1

A mechanism $\M$ is $\varepsilon$-DP if and only if for all $D,D'\in\D_{\X}$ and all measurable set $S\subseteq \Range(\M)$

Figures (1)

  • Figure 1: Overview of the theorems proved in this paper, classified according to whether they are adaptive or independent. The theorems represented are the generalizations of sequential composition and the best bound (BB) for disjoint inputs (as in the parallel setting). In the figure, "O" denotes the original theorem, "G" our generalized version, and "CD" common domain. Arrows indicate that a result directly implies the other.

Theorems & Definitions (123)

  • definition 1: Differential privacy dwork2006Differential
  • proposition 1: mcsherry2009privacy
  • definition 2: restate = DEunbounded, name = Unbounded
  • definition 3: restate = DEbounded, name = Bounded
  • theorem 1: Sequential composition dwork2006Our
  • theorem 2: Independent sequential composition (ISC) dwork2014algorithmic
  • theorem 3: Adaptive sequential composition (ASC) li2016Differential
  • theorem 4: Parallel composition mcsherry2009privacy
  • definition 4: $\G$-neighborhood
  • definition 5: $d_{\D}$-privacy chatzikokolakis2013Broadening
  • ...and 113 more